Impakti.com
EN|SQ
HomeEconomyTechnologyPoliticsWorldWeatherCultureLifestyleScienceOp-EdNationLawGames
AllAIInnovationAppsInfrastructureGadgetsSecurity

Download the app

Download on the App StoreGet it on Google Play
Impakti.com

Impakti is a bilingual digital news platform delivering news and analysis in English and Albanian.

Find us on:

Company

  • About Us
  • Advertise
  • Contact Us
  • Careers
  • Terms of Use
  • Privacy Policy
  • Radio Impakti
  • Breezee Weather

Sections

  • Economy
  • Technology
  • Politics
  • World
  • Weather
  • Culture
  • Science
  • Lifestyle
  • Op-Ed
  • National
  • Law

Newsroom

  • Newsroom
  • Policies & Standards
  • Contact the Newsroom
  • Request a Correction
  • Newsletter
  • Archives

Company

  • About Us
  • Advertise
  • Contact Us
  • Careers
  • Terms of Use
  • Privacy Policy
  • Radio Impakti
  • Breezee Weather

Sections

  • Economy
  • Technology
  • Politics
  • World
  • Weather
  • Culture
  • Science
  • Lifestyle
  • Op-Ed
  • National
  • Law

Newsroom

  • Newsroom
  • Policies & Standards
  • Contact the Newsroom
  • Request a Correction
  • Newsletter
  • Archives

© 2026 Impakti. All rights reserved.

Cybersecurity

Saturday, July 18, 2026

Technology · Analysis · Developments

Operation Endgame Frees 15,000 Compromised WordPress Websites
Security

Operation Endgame Frees 15,000 Compromised WordPress Websites

International law enforcement agencies have carried out a major operation against the infrastructure of the SocGholish malware, as part of the initiative known as “Operation Endgame,” targeting one of the key components of global cybercrime.
According to Dutch authorities, 14,971 compromised websites were cleaned during the operation, while 106 servers and domains used by the criminal network were taken offline. The action was conducted by authorities from the Netherlands, the United States, Canada, and Germany, with support from Europol and Eurojust.
SocGholish, also known as “FakeUpdates,” is a malware strain distributed through fake browser update notifications. Attackers compromise legitimate websites, primarily those built on WordPress, and present visitors with deceptive messages encouraging them to download a fraudulent software update. Once installed, the malware provides criminals with an initial foothold on the victim’s system, allowing them to deploy additional malware, including ransomware.
Investigators have revealed that credentials linked to approximately 1.4 million websites have been exposed, making them potentially vulnerable to future compromise. As a result, WordPress site owners have been urged to change passwords, enable multi-factor authentication (MFA), and keep their systems regularly updated.
SocGholish is widely used as an initial access mechanism for more sophisticated cyberattacks. The malware has been linked to the notorious Russian cybercrime group Evil Corp and has served for years as an entry point for ransomware campaigns and other forms of cybercrime.
Authorities emphasized that the operation represents only the first phase of actions against the SocGholish network and warned that investigations will continue in an effort to identify and prosecute those responsible.
Ad space

In this section

More headlines