30,000 Sites at Risk, Cisco Zero-Day & Stryker Attack | Wordfence Security News | Week of Mar 9, 2026 episode artwork

EPISODE · Mar 13, 2026 · 5 MIN

30,000 Sites at Risk, Cisco Zero-Day & Stryker Attack | Wordfence Security News | Week of Mar 9, 2026

from Wordfence Security News · host Wordfence

This week in Wordfence Security News (Week of Mar 9, 2026): A critical auth bypass in Tutor LMS Pro exposes 30,000+ WordPress sites — attackers can hijack admin accounts via a Google sign-in flawAn unauthenticated SQL injection in Ally (400K+ sites)Microsoft Patch Tuesday with ~80 fixes including AI-related exploitsA max-severity Cisco SD-WAN zero-day exploited since 2023Iran-linked group Handala's claimed attack on medical device maker Stryker.Timestamps:0:00 Introduction0:22 Tutor LMS Pro Authentication Bypass1:31 Ally WordPress Plugin SQL Injection1:50 Microsoft Patch Tuesday2:46 Cisco SD-WAN Zero-Day4:26 Handala Attack on Stryker5:03 Iranian Drone Strikes on AWS Data CentersStory Links:Tutor LMS Pro Auth Bypass: https://www.wordfence.com/blog/2026/03/30000-wordpress-sites-affected-by-authentication-bypass-vulnerability-in-tutor-lms-pro-wordpress-plugin/Ally Plugin SQL Injection: https://www.wordfence.com/blog/2026/03/400000-wordpress-sites-affected-by-unauthenticated-sql-injection-vulnerability-in-ally-wordpress-plugin/Microsoft Patch Tuesday: https://msrc.microsoft.com/update-guide/Cisco SD-WAN Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4vIran Cyber Retaliation: https://industrialcyber.co/reports/cyber-retaliation-surges-after-us-israel-strikes-on-iran-as-hacktivists-hit-governments-defense-critical-sectors/Stryker Cyberattack (WSJ): https://www.wsj.com/articles/stryker-hit-with-suspected-iran-linked-cyberattack-52f6615cAWS Data Centers Struck (BBC): https://www.bbc.com/news/articles/cgk28nj0lrjoWeekly Vulnerability Report: https://www.wordfence.com/blog/2026/03/wordfence-intelligence-weekly-wordpress-vulnerability-report-march-2-2026-to-march-8-2026/Stay informed and secure: get the latest WordPress security news on the Wordfence blog or subscribe to the WordPress Security Newsletter.  

This week in Wordfence Security News (Week of Mar 9, 2026): A critical auth bypass in Tutor LMS Pro exposes 30,000+ WordPress sites — attackers can hijack admin accounts via a Google sign-in flawAn unauthenticated SQL injection in Ally (400K+ sites)Microsoft Patch Tuesday with ~80 fixes including AI-related exploitsA max-severity Cisco SD-WAN zero-day exploited since 2023Iran-linked group Handala's claimed attack on medical device maker Stryker.Timestamps:0:00 Introduction0:22 Tutor LMS Pro Authentication Bypass1:31 Ally WordPress Plugin SQL Injection1:50 Microsoft Patch Tuesday2:46 Cisco SD-WAN Zero-Day4:26 Handala Attack on Stryker5:03 Iranian Drone Strikes on AWS Data CentersStory Links:Tutor LMS Pro Auth Bypass: https://www.wordfence.com/blog/2026/03/30000-wordpress-sites-affected-by-authentication-bypass-vulnerability-in-tutor-lms-pro-wordpress-plugin/Ally Plugin SQL Injection: https://www.wordfence.com/blog/2026/03/400000-wordpress-sites-affected-by-unauthenticated-sql-injection-vulnerability-in-ally-wordpress-plugin/Microsoft Patch Tuesday: https://msrc.microsoft.com/update-guide/Cisco SD-WAN Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4vIran Cyber Retaliation: https://industrialcyber.co/reports/cyber-retaliation-surges-after-us-israel-strikes-on-iran-as-hacktivists-hit-governments-defense-critical-sectors/Stryker Cyberattack (WSJ): https://www.wsj.com/articles/stryker-hit-with-suspected-iran-linked-cyberattack-52f6615cAWS Data Centers Struck (BBC): https://www.bbc.com/news/articles/cgk28nj0lrjoWeekly Vulnerability Report: https://www.wordfence.com/blog/2026/03/wordfence-intelligence-weekly-wordpress-vulnerability-report-march-2-2026-to-march-8-2026/Stay informed and secure: get the latest WordPress security news on the Wordfence blog or subscribe to the WordPress Security Newsletter.

NOW PLAYING

30,000 Sites at Risk, Cisco Zero-Day & Stryker Attack | Wordfence Security News | Week of Mar 9, 2026

0:00 5:43

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of Wordfence Security News?

This episode is 5 minutes long.

When was this Wordfence Security News episode published?

This episode was published on March 13, 2026.

What is this episode about?

This week in Wordfence Security News (Week of Mar 9, 2026): A critical auth bypass in Tutor LMS Pro exposes 30,000+ WordPress sites — attackers can hijack admin accounts via a Google sign-in flawAn unauthenticated SQL injection in Ally (400K+...

Is there a transcript available for this episode?

Yes, a full transcript is available for this episode. You can read the complete transcript on the episode page.

Can I download this Wordfence Security News episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!