A supply-chain style compromise in the Okendo Reviews widget that enabled the SmartApeSG threat actor to deliver staged JavaScript loaders across a wide e-commerce surface. Okendo’s client-facing review widget is deployed by more than 18,000 brands and commonly appears on high-visibility pages homepages, product pages, and review submission screens so the injected code produced downstream […]
The post SmartApeSG Hackers Abuse Okendo Reviews Widget in E-Commerce Supply Chain Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253)
CISA has added CVE-2026-20253, a critical, remotely exploitable vulnerability in Splunk Enterprise, to its Known Exploited Vulnerabilities catalog, and ordered US federal civilian agencies to
