ON June 18, 2026, a coordinated effort by law enforcement from the Netherlands, Canada, the U.S., and Germany successfully disrupted the SocGholish malware distribution network through Operation EndGame. The operation resulted in the takedown of 106 servers and the remediation of 14,971 WordPress sites infected with malware. SocGholish is known for utilizing fake browser update prompts to deliver malware after exploiting vulnerabilities in legitimate websites.
The authorities urged WordPress site owners to update their sites and change credentials, highlighting the significance of ongoing security measures to prevent reinfection. The operation, while impactful, does not eradicate the broader issue of web injects, a technique growing in prevalence across various threat actors.