Back

ILSpy WordPress Domain Breached to Distribute Malware

Severity: High (Score: 66.0)

Sources: Gbhackers, Cybersecuritynews

Summary

On April 6, 2026, hackers compromised the official WordPress domain for ILSpy, a widely used open-source tool for .NET code analysis. The breach redirected users from the legitimate site to a malicious webpage designed to deliver malware. This supply chain attack specifically targets software developers who rely on ILSpy for their projects. The incident was confirmed by the Redirection Attack Cybersecurity research group vx-underground, which provided evidence of the breach. Users attempting to download ILSpy software were instead exposed to potential malware infections. The scope of the attack affects all visitors to the compromised site. As of now, the situation is ongoing, and users are advised to avoid the site until further notice. Key Points: • ILSpy's official WordPress domain was compromised to deliver malware. • The attack targets developers relying on ILSpy for .NET code analysis. • Users are advised to avoid the compromised site until it is secured.

Key Entities

  • Malware (attack_type)
  • Supply Chain Attack (attack_type)
  • Redirection Attack (campaign)
  • ILSpy (company)
  • T1195 - Supply Chain Compromise (mitre_attack)
  • WordPress (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed