{
  "title": "OptinMonster Supply Chain Attack",
  "summary": "Awesome Motive's CDN-hosted SDK files for WordPress plugins OptinMonster, TrustPulse, and PushEngage were tampered to inject malicious JavaScript. When an administrator logs in, the payload runs in their context, creates rogue administrator accounts, and silently installs a self-hiding PHP backdoor plugin, exfiltrating credentials to tidio[.]cc.",
  "date": "2026-06-12",
  "severity": "high",
  "tags": [
    "supply-chain",
    "wordpress",
    "backdoor",
    "malware"
  ],
  "sources_count": 1,
  "indicators": {
    "slug": "optinmonster-supply-chain-attack",
    "since": "2026-06-12T00:00:00Z",
    "until": "2026-06-12T23:59:59Z",
    "ecosystem": "",
    "cves": [],
    "cwes": [],
    "advisoryIds": [],
    "products": [],
    "packages": [],
    "versions": [],
    "affectedVersions": [],
    "fixedVersions": [],
    "files": [],
    "paths": [],
    "services": [],
    "domains": [
      "tidio.cc",
      "a.omappapi.com",
      "a.opmnstr.com",
      "a.optnmstr.com",
      "a.trstplse.com",
      "clientcdn.pushengage.com",
      "gmail.com"
    ],
    "urls": [
      "https://a.omappapi.com/app/js/api.min.js`",
      "https://a.opmnstr.com/app/js/api.min.js`",
      "https://a.optnmstr.com/app/js/api.min.js`",
      "https://a.trstplse.com/app/js/api.min.js`",
      "https://clientcdn.pushengage.com/sdks/pushengage-web-sdk.js`"
    ],
    "ips": [],
    "hashes": [],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": []
  }
}