EPISODE · May 22, 2026 · 11 MIN
Burst Statistics Bypass Threatens 200,000 WordPress Sites | Microsoft Exchange Zero-Day Under Active Exploitation | Critical Cisco SD-WAN Controller Flaw Exploited | Shai-Hulud Worm Source Code Open-Sourced | Wordfence Security News | Week of May 18, 2026
from Wordfence Security News · host Wordfence
This week in Wordfence Security News (Week of May 18, 2026):Burst Statistics plugin auth bypass lets unauthenticated attackers impersonate admins; Wordfence blocked 88,000+ requests across 376 sites.Microsoft Exchange OWA zero-day XSS flaw under active exploitation with no permanent patch; CISA deadline set for May 29th.Cisco Catalyst SD-WAN auth bypass exploited by UAT-8616; CISA gave federal agencies three days to patch under Emergency Directive 26-03.ChromaDB pre-auth RCE loads attacker-controlled AI models before the auth check runs; 73% of exposed instances run a vulnerable version.Shai-Hulud worm source code released on GitHub by TeamPCP; copycat packages appeared on NPM within days of publication.node-ipc npm package with 800,000 weekly downloads was compromised via an attacker re-registering a maintainer's expired email domain.Timestamps:0:00 Introduction0:37 Burst Statistics Auth Bypass Threatens 200K WordPress Sites2:52 Microsoft Exchange OWA Zero-Day Under Active Exploitation5:24 Critical Cisco Catalyst SD-WAN Controller Auth Bypass Under Attack7:11 ChromaDB Pre-Auth RCE Allows AI Vector Database Server Takeover9:24 Shai-Hulud Worm Source Code Released on GitHub11:02 node-ipc npm Package Compromised via Expired Maintainer DomainStory Links:Burst Statistics Auth Bypass Threatens 200K WordPress Sites: https://www.wordfence.com/blog/2026/05/200000-wordpress-sites-at-risk-from-critical-authentication-bypass-vulnerability-in-burst-statistics-plugin/Microsoft Exchange OWA Zero-Day Under Active Exploitation: https://techcommunity.microsoft.com/blog/exchange/addressing-exchange-server-may-2026-vulnerability-cve-2026-42897/4518498Critical Cisco Catalyst SD-WAN Controller Auth Bypass Under Attack: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SWChromaDB Pre-Auth RCE Allows AI Vector Database Server Takeover: https://www.hiddenlayer.com/research/chromatoast-served-pre-authShai-Hulud Worm Source Code Released on GitHub: https://www.ox.security/blog/shai-hulud-open-source-malware-github/node-ipc npm Package Compromised via Expired Maintainer Domain: https://www.bleepingcomputer.com/news/security/popular-node-ipc-npm-package-compromised-to-steal-credentials/Stay informed and secure: get the latest WordPress security news on the Wordfence blog or subscribe to the WordPress Security Newsletter.
What this episode covers
This week in Wordfence Security News (Week of May 18, 2026):Burst Statistics plugin auth bypass lets unauthenticated attackers impersonate admins; Wordfence blocked 88,000+ requests across 376 sites.Microsoft Exchange OWA zero-day XSS flaw under active exploitation with no permanent patch; CISA deadline set for May 29th.Cisco Catalyst SD-WAN auth bypass exploited by UAT-8616; CISA gave federal agencies three days to patch under Emergency Directive 26-03.ChromaDB pre-auth RCE loads attacker-controlled AI models before the auth check runs; 73% of exposed instances run a vulnerable version.Shai-Hulud worm source code released on GitHub by TeamPCP; copycat packages appeared on NPM within days of publication.node-ipc npm package with 800,000 weekly downloads was compromised via an attacker re-registering a maintainer's expired email domain.Timestamps:0:00 Introduction0:37 Burst Statistics Auth Bypass Threatens 200K WordPress Sites2:52 Microsoft Exchange OWA Zero-Day Under Active Exploitation5:24 Critical Cisco Catalyst SD-WAN Controller Auth Bypass Under Attack7:11 ChromaDB Pre-Auth RCE Allows AI Vector Database Server Takeover9:24 Shai-Hulud Worm Source Code Released on GitHub11:02 node-ipc npm Package Compromised via Expired Maintainer DomainStory Links:Burst Statistics Auth Bypass Threatens 200K WordPress Sites: https://www.wordfence.com/blog/2026/05/200000-wordpress-sites-at-risk-from-critical-authentication-bypass-vulnerability-in-burst-statistics-plugin/Microsoft Exchange OWA Zero-Day Under Active Exploitation: https://techcommunity.microsoft.com/blog/exchange/addressing-exchange-server-may-2026-vulnerability-cve-2026-42897/4518498Critical Cisco Catalyst SD-WAN Controller Auth Bypass Under Attack: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SWChromaDB Pre-Auth RCE Allows AI Vector Database Server Takeover: https://www.hiddenlayer.com/research/chromatoast-served-pre-authShai-Hulud Worm Source Code Released on GitHub: https://www.ox.security/blog/shai-hulud-open-source-malware-github/node-ipc npm Package Compromised via Expired Maintainer Domain: https://www.bleepingcomputer.com/news/security/popular-node-ipc-npm-package-compromised-to-steal-credentials/Stay informed and secure: get the latest WordPress security news on the Wordfence blog or subscribe to the WordPress Security Newsletter.
NOW PLAYING
Burst Statistics Bypass Threatens 200,000 WordPress Sites | Microsoft Exchange Zero-Day Under Active Exploitation | Critical Cisco SD-WAN Controller Flaw Exploited | Shai-Hulud Worm Source Code Open-Sourced | Wordfence Security News | Week of May 18, 2026
No transcript for this episode yet
Similar Episodes
No similar episodes found.
Similar Podcasts
No similar podcasts found.