Wordfence Security News

Wordfence
  • 0.0 (0)
  • TECH NEWS
  • UPDATED WEEKLY

Wordfence Security News is a weekly cybersecurity news podcast covering the top news stories from the world of WordPress security and the broader cybersecurity threat landscape. Hosted by cybersecurity expert and Wordfence researcher Alex Thomas.

Episodes

  1. Breeze Cache Mass Exploitation in 24 Hours | Bitwarden CLI Supply Chain Attack | ADT Confirmed in ShinyHunters Breach | Pack2TheRoot 12-Year-Old PackageKit Privilege Escalation (CVE-2026-41651) | Wordfence Security News | Week of April 27, 2026

    6 DAYS AGO

    Breeze Cache Mass Exploitation in 24 Hours | Bitwarden CLI Supply Chain Attack | ADT Confirmed in ShinyHunters Breach | Pack2TheRoot 12-Year-Old PackageKit Privilege Escalation (CVE-2026-41651) | Wordfence Security News | Week of April 27, 2026

    This week in Wordfence Security News (Week of Apr 27, 2026): A critical unauthenticated arbitrary file upload vulnerability in BreezeCache, a caching plugin with over 400,000 active installations, went from disclosure to mass exploitation in under 24 hours with over 22,000 exploit attempts blocked across nearly 5,000 sitesAttackers published a malicious version of the Bitwarden CLI package on NPM that harvested credentials from six different sources including SSH keys, cloud secret stores, and AI assistant configs during a 93-minute window before removalThe Bitwarden supply chain attack connects to a broader campaign targeting Checkmarx, with Team PCP claiming responsibility and links to the Shai-Hulud self-propagating NPM worm from 2025Home security giant ADT confirmed a data breach after ShinyHunters listed the company on its leak site, with Have I Been Pwned tracking 5.5 million unique email addresses tied to the breachShinyHunters used a voice phishing attack to compromise an ADT employee's Okta SSO account and pivot to Salesforce, highlighting why phishing-resistant MFA like FIDO2 or WebAuthn is critical over SMS or TOTPA 12-year-old privilege escalation vulnerability dubbed Pack2TheRoot in PackageKit lets any local unprivileged user install arbitrary packages as root, affecting Ubuntu, Debian, Fedora, and Rocky Linux since 2014Timestamps: 0:00 Introduction0:34 BreezeCache Critical File Upload Vulnerability and Mass Exploitation3:50 Bitwarden CLI Supply Chain Attack via NPM6:25 ADT Data Breach by ShinyHunters7:49 Why Phishing-Resistant MFA Matters8:54 PackageKit Privilege Escalation Vulnerability Story Links: Breeze Cache — Active Exploitation (CVE-2026-3844): https://www.wordfence.com/threat-intel/vulnerabilities/id/e342b1c0-6e7f-4e2c-8a52-018df12c12a0Bitwarden CLI Compromised in Checkmarx Supply Chain Attack: https://thehackernews.com/2026/04/bitwarden-cli-compromised-in-ongoing.htmlSharePoint Patching Laggards — CVE-2026-32201: https://www.bleepingcomputer.com/news/security/over-1-300-microsoft-sharepoint-servers-vulnerable-to-ongoing-attacks/ADT Confirmed in ShinyHunters Breach: https://www.bleepingcomputer.com/news/security/adt-confirms-data-breach-after-shinyhunters-leak-threat/Pack2TheRoot — 12-Year-Old PackageKit Privilege Escalation (CVE-2026-41651): https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.htmlStay informed and secure: get the latest WordPress security news on the Wordfence blog or subscribe to the WordPress Security Newsletter.

    10 min
  2. WordPress 30+ Plugin Supply Chain Attack | Wordfence Security News | Week of April 13, 2026

    17 APR

    WordPress 30+ Plugin Supply Chain Attack | Wordfence Security News | Week of April 13, 2026

    This week in Wordfence Security News (Week of Apr 13, 2026): Over 30 WordPress plugins purchased on the Flippa marketplace were turned into backdoors that sat dormant for eight months before activating to inject SEO spam into wp-config.php, visible only to GooglebotSmart Slider 3 Pro's update infrastructure was compromised, pushing a weaponized build through the official update channel for approximately six hours before being caughtMicrosoft's second-largest Patch Tuesday ever fixes roughly 165 vulnerabilities including a SharePoint spoofing zero-day already under active exploitation and a Defender privilege escalation zero-day linked to the BlueHammer public exploitAdobe released an emergency patch for an Acrobat Reader zero-day exploited in the wild since late 2025, discovered via malicious Russian-language PDFs about gas supply disruptionsShinyHunters extortion group listed Rockstar Games on its leak site after stealing authentication tokens from cloud analytics platform Anadot and accessing Rockstar's connected Snowflake data warehouseA critical pre-authentication remote code execution flaw in Marimo, an open-source Python notebook platform, was exploited within 10 hours of its advisory being published with no public proof of conceptTimestamps: 0:00 Introduction0:26 Supply Chain Attack on 30+ Essential Plugin WordPress Plugins2:08 Smart Slider 3 Pro Update Infrastructure Compromised2:55 Kali Forms and Ninja Forms File Upload Exploitation Updates3:21 Microsoft Patch Tuesday with SharePoint and Defender Zero-Days5:31 Adobe Acrobat Reader Zero-Day Emergency Patch6:26 ShinyHunters Breach of Rockstar Games via Anadot Tokens7:16 Marimo RCE Exploited Within 10 Hours of Disclosure Story Links: 30+ Plugins Backdoored After Flippa Acquisition: https://anchor.host/someone-bought-30-wordpress-plugins-and-planted-a-backdoor-in-all-of-them/Smart Slider 3 Pro — Supply Chain Compromise: https://smartslider.helpscoutdocs.com/article/2144-wordpress-security-advisory-smart-slider-3-pro-3-5-1-35-compromiseKali Forms exploitation update: https://www.wordfence.com/blog/2026/04/attackers-actively-exploiting-critical-vulnerability-in-kali-forms-plugin/Ninja Forms File Upload exploitation update: https://www.wordfence.com/blog/2026/04/50000-wordpress-sites-affected-by-arbitrary-file-upload-vulnerability-in-ninja-forms-file-upload-wordpress-plugin/April Patch Tuesday — SharePoint Zero-Day Exploited: https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2026-patch-tuesday-fixes-167-flaws-2-zero-days/BlueHammer — Defender Zero-Day: https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2026-patch-tuesday-fixes-167-flaws-2-zero-days/Adobe Reader Zero-Day — Exploited Since Late 2025: https://helpx.adobe.com/security/products/acrobat/apsb26-43.htmlRockstar Games Breach via Third-Party Analytics: https://www.bleepingcomputer.com/news/security/stolen-rockstar-games-analytics-data-leaked-by-extortion-gang/Marimo RCE — Exploited in Under 10 Hours: https://www.sysdig.com/blog/marimo-oss-python-notebook-rce-from-disclosure-to-exploitation-in-under-10-hoursStay informed and secure: get the latest WordPress security news on the Wordfence blog or subscribe to the WordPress Security Newsletter.

    8 min
  3. 50,000 Site Ninja Forms File Upload Vulnerability | Anthropic Project Glasswing | Fortinet Zero Day | Wordfence Security News | April 6 2026

    10 APR

    50,000 Site Ninja Forms File Upload Vulnerability | Anthropic Project Glasswing | Fortinet Zero Day | Wordfence Security News | April 6 2026

    This week in Wordfence Security News (Week of Apr 6, 2026): An arbitrary file upload vulnerability in Ninja Forms File Upload puts 50,000+ WordPress sites at riskA Fortinet zero-day actively exploited in the wildA CERT-EU report reveals a European Commission cloud breach tied to a Trivy supply chain attack — with Cisco source code stolen in the falloutAnthropic announces Project GlasswingGermany doxes "UNKN," the head of the REvil and GandCrab ransomware gangsStory Links: Ninja Forms File Upload Vulnerability: https://www.wordfence.com/blog/2026/04/50000-wordpress-sites-affected-by-arbitrary-file-upload-vulnerability-in-ninja-forms-file-upload-wordpress-plugin/Fortinet Advisory: https://fortiguard.fortinet.com/psirt/FG-IR-26-099CERT-EU Report: https://cert.europa.eu/blog/european-commission-cloud-breach-trivy-supply-chainCisco / Trivy Fallout: https://www.bleepingcomputer.com/news/security/cisco-source-code-stolen-in-trivy-linked-dev-environment-breach/Anthropic Glasswing Announcement: https://www.anthropic.com/Krebs on Security (REvil): https://krebsonsecurity.com/2026/04/germany-doxes-unkn-head-of-ru-ransomware-gangs-revil-gandcrab/Stay informed and secure: get the latest WordPress security news on the Wordfence blog or subscribe to the WordPress Security Newsletter.

    7 min
  4. MW WP Form 200K Sites at Risk | Axios Hack | Cisco Breach | Wordfence Security News | March 30, 2026

    3 APR

    MW WP Form 200K Sites at Risk | Axios Hack | Cisco Breach | Wordfence Security News | March 30, 2026

    This week in Wordfence Security News (Week of Mar 30, 2026):  Over 200,000 WordPress sites at risk from an unauthenticated arbitrary file move vulnerability in the MW WP Form plugin, allowing full site takeoverMassive spike in exploitation attempts targeting the Kali Forms RCE vulnerability, with activity increasing over 60x week-over-weekA major supply chain attack compromises the widely used Axios JavaScript library, distributing backdoored versions to developers worldwide Active exploitation of a critical Citrix NetScaler vulnerability enabling session hijacking and potential full appliance compromiseEuropean Commission confirms a cloud breach with data theft claims by ShinyHuntersCisco internal development environment breached via poisoned Trivy supply chain attack, exposing source code and credentialsTimestamps:0:00 Introduction0:30 MW WP Form Vulnerability1:15 Kali Forms Exploitation Surge1:55 Axios Supply Chain Attack3:20 Citrix NetScaler Active Exploitation4:57 European Commission Breach5:50 Cisco Dev Environment Breach6:47 Wrap up discussion Story Links: MW WP Form VulnerabilityKali Forms Exploitation UpdateAxios Supply Chain Attack (Wiz)Citrix NetScaler AdvisoryEuropean Commission Breach (Bloomberg)Cisco / Trivy Supply Chain AttackStay informed and secure: get the latest WordPress security news on the Wordfence blog or subscribe to the WordPress Security Newsletter.

    7 min
  5. Iran-Linked Hackers Breach FBI Director's Email | Wordfence Security News| Week of March 23, 2026

    27 MAR

    Iran-Linked Hackers Breach FBI Director's Email | Wordfence Security News| Week of March 23, 2026

    This week in Wordfence Security News (Week of Mar 23, 2026):  Same-day exploitation of a critical RCE vulnerability in the Kali Forms plugin, attackers can achieve full admin takeover with a single requestOngoing mass exploitation of the s2Member plugin targeting password reset functionalityBreaking News: Iran-linked hackers claim breach of FBI Director Kash Patel’s personal emailA critical Cisco firewall management vulnerability exploited as a zero-day by ransomware actorsFBI and CISA warn of phishing campaigns targeting messaging app accountsTimestamps: 0:00 Introduction0:25 Kali Forms RCE Vulnerability1:34 s2Member Mass Exploitation2:20 Breaking News – FBI Email Breach2:45 Cisco Firewall RCE Exploitation5:03 Messaging App Phishing Campaigns Story Links: Kali Forms RCE Vulnerability: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/kali-forms/kali-forms-249-unauthenticated-remote-code-execution-via-form-processs2Member Exploitation Campaign: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/s2member/s2member-260127-unauthenticated-privilege-escalation-via-account-takeoverCisco Firewall Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJhInterlock Ransomware Coverage: https://www.ic3.gov/PSA/2026/PSA260320Reuters – FBI Email Breach: https://www.reuters.com/world/us/iran-linked-hackers-claim-breach-of-fbi-directors-personal-email-doj-official-2026-03-27/Stay informed and secure: get the latest WordPress security news on the Wordfence blog or subscribe to the WordPress Security Newsletter.

    7 min
  6. 30,000 Sites at Risk, Cisco Zero-Day & Stryker Attack | Wordfence Security News | Week of Mar 9, 2026

    13 MAR

    30,000 Sites at Risk, Cisco Zero-Day & Stryker Attack | Wordfence Security News | Week of Mar 9, 2026

    This week in Wordfence Security News (Week of Mar 9, 2026):  A critical auth bypass in Tutor LMS Pro exposes 30,000+ WordPress sites — attackers can hijack admin accounts via a Google sign-in flawAn unauthenticated SQL injection in Ally (400K+ sites)Microsoft Patch Tuesday with ~80 fixes including AI-related exploitsA max-severity Cisco SD-WAN zero-day exploited since 2023Iran-linked group Handala's claimed attack on medical device maker Stryker.Timestamps:0:00 Introduction0:22 Tutor LMS Pro Authentication Bypass1:31 Ally WordPress Plugin SQL Injection1:50 Microsoft Patch Tuesday2:46 Cisco SD-WAN Zero-Day4:26 Handala Attack on Stryker5:03 Iranian Drone Strikes on AWS Data Centers Story Links: Tutor LMS Pro Auth Bypass: https://www.wordfence.com/blog/2026/03/30000-wordpress-sites-affected-by-authentication-bypass-vulnerability-in-tutor-lms-pro-wordpress-plugin/Ally Plugin SQL Injection: https://www.wordfence.com/blog/2026/03/400000-wordpress-sites-affected-by-unauthenticated-sql-injection-vulnerability-in-ally-wordpress-plugin/Microsoft Patch Tuesday: https://msrc.microsoft.com/update-guide/Cisco SD-WAN Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4vIran Cyber Retaliation: https://industrialcyber.co/reports/cyber-retaliation-surges-after-us-israel-strikes-on-iran-as-hacktivists-hit-governments-defense-critical-sectors/Stryker Cyberattack (WSJ): https://www.wsj.com/articles/stryker-hit-with-suspected-iran-linked-cyberattack-52f6615cAWS Data Centers Struck (BBC): https://www.bbc.com/news/articles/cgk28nj0lrjoWeekly Vulnerability Report: https://www.wordfence.com/blog/2026/03/wordfence-intelligence-weekly-wordpress-vulnerability-report-march-2-2026-to-march-8-2026/Stay informed and secure: get the latest WordPress security news on the Wordfence blog or subscribe to the WordPress Security Newsletter.

    6 min
  • 6 Episodes

About

Wordfence Security News is a weekly cybersecurity news podcast covering the top news stories from the world of WordPress security and the broader cybersecurity threat landscape. Hosted by cybersecurity expert and Wordfence researcher Alex Thomas.

Information

  • Creator
    Wordfence
  • Years Active
    2K
  • Episodes
    6
  • Rating
    Clean
  • Copyright
    © 2012-2026 Defiant Inc. All Rights Reserved
  • Show Website
    Wordfence Security News