A phishing campaign leveraging Google sponsored search results is targeting ManageWP credentials, the GoDaddy platform used to manage multiple WordPress sites. Attackers are exploiting Google's ad system to reach users searching for the service.
Threat actors have launched a phishing attack using Google Ads to distribute fake ManageWP login pages. The malicious ads appear in sponsored search results when users look for the legitimate ManageWP platform, creating a convincing entry point for credential theft.
ManageWP, owned by GoDaddy, allows WordPress administrators to manage multiple sites from a centralized dashboard. Compromised credentials would give attackers broad access to client websites, enabling them to inject malware, steal data, or modify site content.
The Attack Method
The campaign works by bidding on search terms related to ManageWP. When users click the ads, they land on fraudulent pages mimicking the official login interface. Users entering their credentials unknowingly hand them directly to attackers.
This technique exploits the trust users place in Google's ad system. Many people assume sponsored results are legitimate, making them less likely to scrutinize URLs or warning signs.
Scope and Risk
The attack specifically targets users managing WordPress sites through ManageWP, a popular choice for agencies and freelancers handling multiple client sites. A single compromised account could expose dozens of websites.
GoDaddy has not publicly confirmed the scale of the campaign or whether customer accounts have been compromised. The company typically relies on users to report suspicious activity.
Recommended Actions
ManageWP users should verify they're on the legitimate site by checking the URL directly rather than clicking ads. Bookmarking the official login page eliminates reliance on search results.
If you've recently entered credentials on an unfamiliar page, change your ManageWP password immediately and enable two-factor authentication. Review account activity for unauthorized access or changes.
This attack underscores the vulnerability of ad-based phishing. Google Ads' accessibility means attackers can reach high-value targets with minimal barriers. While Google removes malicious ads when detected, the lag between discovery and removal creates opportunity for attackers.
Grok CLI experienced a critical bug that caused it to upload entire home directories to Google Cloud Storage. The issue sparked significant discussion in the developer community about data handling practices.
Aylo, Pornhub's parent company, will restore access to the site in the UK through Apple's device-level age verification system in iOS 26.4. The move requires users to complete age verification before accessing the platform.
Australia's eSafety Commissioner has identified significant gaps in how major tech platforms address online sexual extortion. Young men are reporting sextortion at higher rates than any other demographic, with over 2,000 complaints filed in just six months.
Angelo Martino, a ransomware negotiator, was sentenced to 70 months in prison for colluding with attackers to defraud victims. Martino helped orchestrate scams that extracted over $75 million from ransomware victims.