Patchstack

When your weekend plans include a live hacking event, and you come back with 2 out of 3 awards 💪 Huge shoutout to Ananda Dhakal for absolutely crushing it and taking home the Most Valuable Hacker title. Proof that breaking things responsibly on the weekend makes the internet safer on Monday 😄 Great work, Ananda 👏

Choo-choo another busy week on the Patchstack train! 🚂 Here's what we got done: 🚨 Community discovered and reported severe and actively exploited 0-day vulnerability in ModularDS 🫱🏽🫲🏻 We reacted fast with a protection rule, and helped ModularDS team issue a patch ⚡Reliability and performance improvements across Hub and SaaS for even faster service! 👀 Significant progress made for Patchstack to support vibe coded Node/React apps 😮 📊 Reporting enhancements and PDF export progress Toodles.

Save the date! 💥WP Legends & Gautam Khorana are hosting a live security panel discussion featuring Oliver Sild (Patchstack), Ben Gabler (Hosting.com) and Ryan McCue (Human Made) 📅When? January 23rd - 10am EST/3pm GMT GREAT chance to ask anything you'd possibly want to know about security & WordPress 🤓 👇 Register using the link below! https://lnkd.in/d5BHK32k

🚨 Active exploitation alert for WordPress site owners 🚨 A critical unauthenticated privilege escalation vulnerability has been discovered in the Modular DS plugin, affecting 40,000+ WordPress sites. The flaw allows attackers to bypass authentication and trigger an automatic admin login, resulting in full wp-admin access. Exploitation attempts were observed in the wild shortly after disclosure. ✅ Fixed in Modular DS v2.5.2 🛡️ Patchstack users are protected via a mitigation rule 🔍 Indicators of attack and real exploitation patterns are already known This is a strong reminder that internal routes and “trusted” request paths must never be exposed without strict validation. Full technical breakdown and mitigation details 👇 https://lnkd.in/eaMFSkQE

Ever wondered how RapidMitigate is engineered under the hood? RapidMitigate creates a live profile of each website: WordPress core, plugins, themes, and exact versions. When Patchstack detects a vulnerability in software running on that site, the relevant mitigation rule is automatically deployed. When the site updates to a fixed version, the rule is removed just as automatically. Patchstack maintains 13,000+ mitigation rules, but only the ones that are actually needed are ever active on a site. In this short video, our CEO & co-founder, Oliver Sild, explains how it works.

𝗖𝗼𝗻𝘁𝗲𝘅𝘁 𝗺𝗮𝘁𝘁𝗲𝗿𝘀. It’s how RapidMitigate scales to more than 13,000 highly specific mitigation rules without performance impact. Patchstack activates rules only when a vulnerability is present and exploitable on a specific website. Each rule is built for a single vulnerability – eliminating false positives and unnecessary processing. Traditional approaches lack this application-level context. They must apply all 13,000+ rules to every request on every site, creating massive overhead and constant false positives. RapidMitigate’s dynamic, per-vulnerability deployment removes these limitations entirely. In this short video, our CEO & co-founder, Oliver Sild, explains how contextual evaluation works in practice.

In 2026, we have a lot to share with our customers! So.. we've decided to kick off with a weekly Patchstack update - where each Friday we'll share what's new and what we've shipped. First week has already been 🍌 New in product: 🔑 New API key management for partners 📃 "Managed by" mode for agencies and partners ⚖️ Default policy manager for Patchstack settings 🧩 New WordPress plugin with minor fixes 🤓 Loads of product documentation updates Misc: 🪙 Patchstack bug bounty now does Crypto payouts! 💰 New bug bounty rules for 2026 🤝 New partners - Libyan Spider & Seahawk

Read how LibyanSpider 🕷️ caught 65k+ vulnerabilitites in their web within months of turning on Patchstack 🕸️ When LS expanded their hosting offer to cover WordPress, they suddenly faced a surge of vulnerability related issues. To counter the issue and maintain customer trust and compliance, they turned to Patchstack. Shortly after implementation they: 🛡️ Blocked 65k+ threats across 400 protected sites 📉 Dramatically reduced WordPress vuln related tickets 🔒 Improved stability across shared hosting environments Read more here! https://lnkd.in/d7z2YUS6

𝗡𝗼𝘁 𝗮𝗹𝗹 𝘃𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀 𝗮𝗿𝗲 𝗲𝗾𝘂𝗮𝗹 – 𝗮𝗻𝗱 𝘄𝗲 𝘁𝗿𝗲𝗮𝘁 𝘁𝗵𝗲𝗺 𝘁𝗵𝗮𝘁 𝘄𝗮𝘆. Every new vulnerability entering Patchstack is immediately scored by severity and real-world "exploitability": 🔴 𝗛𝗶𝗴𝗵 – mass-exploited, high-impact, actively abused at scale 🟡 𝗠𝗲𝗱𝗶𝘂𝗺 – used in more targeted attacks, such as against e-commerce sites 🟢 𝗟𝗼𝘄 – requires privileged access or is otherwise unattractive to attackers For every high- or medium-priority vulnerability, we do not publish it until a mitigation rule has been created and tested. Rule creation for RapidMitigate is fully integrated into our threat intelligence process – ensuring protection is ready the moment a vulnerability becomes public. Our CEO & co-founder, Oliver Sild, explains the workflow here.

𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗿𝘂𝗹𝗲𝘀 𝘀𝗵𝗼𝘂𝗹𝗱 𝗯𝗲 𝗽𝗿𝗲𝗰𝗶𝘀𝗲, 𝗻𝗼𝘁 𝗴𝗲𝗻𝗲𝗿𝗶𝗰. Patchstack RapidMitigate deploys a mitigation rule only when the vulnerability exists and is exploitable on a specific website, enabling targeted protection without performance impact or false positives. Our CEO & co-founder, Oliver Sild, explains the key difference here.