In the last 24 hours, we’ve seen a sharp rise in phishing emails and targeted cyberattacks – and we’re not alone. Malicious actors are taking advantage of the global chaos surrounding the conflict in Ukraine, using it as cover for widespread hacking activity.

Much of this is state-sponsored. Several reports point to increased activity out of Iran and other threat actors targeting government, infrastructure, and corporate systems – with WordPress sites increasingly caught in the crossfire.

What You Should Know

• Phishing emails are rampant right now. These often impersonate trusted services and try to trick you into clicking malicious links, downloading attachments, or entering credentials on fake login pages.
• “Password expired” emails are a common tactic. They look urgent but almost always lead to credential theft.
• Attachment-based malware is back. PDFs and Word docs containing macros are among the most common vectors.
• Hacked websites are being used as command & control relays. Keeping your plugins, themes, and WordPress core updated is more important than ever.

How to Protect Yourself

• Double-check the sender on any suspicious email.
• Don’t click links unless you’re sure they’re legitimate.
• Use a password manager to create and store unique passwords for every login.
• Enable two-factor authentication (2FA) wherever possible.
• Make sure your web host has protections in place for you, including firewalls, monitoring, and malware scans.
• Contact us if you’re unsure — better safe than sorry.

We’re closely monitoring our network, and our clients already benefit from:

• 24/7 threat monitoring
• Web application firewalls and brute-force protection
• Instant alerts on login anomalies or DNS changes

Reminder for Clients

If you host with us and something feels off – a strange login attempt, odd email, or unexpected changes to your site – reach out immediately at support@glimmernet.com.

We’re on high alert and ready to help.