The popular tabletop roleplaying game news aggregator RPGnews.com has been targeted by automated black hat search engine optimisation (SEO) spam, cluttering its discovery feeds with off-topic casino advertisements and international banking queries. Regular readers will have noted a sharp influx of non-gaming content masquerading as legitimate index entries throughout mid-May 2026.
Rather than a malicious database breach compromising user accounts, a minimal risk given that the aggregation platform functions as an unencrypted HTTP content directory and does not harvest sensitive user data, the disruption points to a vulnerability in the site’s automated content harvesting architecture. The lack of modern HTTPS security protocol throughout the site further underscores a reliance on legacy infrastructure, making it a soft target for automated exploitation. External operators appear to have successfully manipulated the platform’s feed ingestion systems to slip cloaked commercial links and spam text past regular filters.
Several anomalous entries have appeared on the platform alongside genuine updates for Dungeons & Dragons and Warhammer. For instance, an entry indexed under http://rpgnews.com/?p=762146 presents a headline regarding Australian banking details (“What is a BSB number and where do I find the BSB number of a CommBank branch?”) but contains text promoting online casino platforms.
Additional spam links, such as http://rpgnews.com/?p=760878, display Turkish text targeting mobile gambling applications (“Pinco Casino İndir Apk Türkiye’de En İyi Mobil Casino Uygulaması”). Other instances of feed pollution, including http://rpgnews.com/?p=761557, follow a similar pattern of leveraging the established domain authority of RPGnews.com to boost external search rankings for unrelated, high-competition commercial keywords.
This style of digital intrusion typically exploits automated trackbacks, pingbacks, or RSS syndication endpoints on older frameworks. Because large-scale community directories rely on programmatic scripts to pull headlines from hundreds of independent hobbyist blogs, bad actors can spoof feed headers or inject tainted metadata. Geek Native was unable to locate public contact information or an editorial gateway on RPGnews.com to share a heads-up, request a comment on the feed pollution, or clarify whether mitigation steps are underway.
Managing automated content ingestion is an ongoing technical challenge for central hubs within the hobby. AIs have made the landscape harder; not only do they harvest content from indie news sites like Geek Native, but hackers can also use them to write code and test for weaknesses in cyber defences.
As independent geek news, we have published 11 articles on cybersecurity.
Latest entry: May 2026
