Burst Statistics Bypass Threatens 200,000 WordPress Sites | Microsoft Exchange Zero-Day Under Active Exploitation | Critical Cisco SD-WAN Controller Flaw Exploited | Shai-Hulud Worm Source Code Open-Sourced | Wordfence Security News | Week of May 18, 2026 episode artwork

EPISODE · May 22, 2026 · 11 MIN

Burst Statistics Bypass Threatens 200,000 WordPress Sites | Microsoft Exchange Zero-Day Under Active Exploitation | Critical Cisco SD-WAN Controller Flaw Exploited | Shai-Hulud Worm Source Code Open-Sourced | Wordfence Security News | Week of May 18, 2026

from Wordfence Security News · host Wordfence

This week in Wordfence Security News (Week of May 18, 2026):Burst Statistics plugin auth bypass lets unauthenticated attackers impersonate admins; Wordfence blocked 88,000+ requests across 376 sites.Microsoft Exchange OWA zero-day XSS flaw under active exploitation with no permanent patch; CISA deadline set for May 29th.Cisco Catalyst SD-WAN auth bypass exploited by UAT-8616; CISA gave federal agencies three days to patch under Emergency Directive 26-03.ChromaDB pre-auth RCE loads attacker-controlled AI models before the auth check runs; 73% of exposed instances run a vulnerable version.Shai-Hulud worm source code released on GitHub by TeamPCP; copycat packages appeared on NPM within days of publication.node-ipc npm package with 800,000 weekly downloads was compromised via an attacker re-registering a maintainer's expired email domain.Timestamps:0:00 Introduction0:37 Burst Statistics Auth Bypass Threatens 200K WordPress Sites2:52 Microsoft Exchange OWA Zero-Day Under Active Exploitation5:24 Critical Cisco Catalyst SD-WAN Controller Auth Bypass Under Attack7:11 ChromaDB Pre-Auth RCE Allows AI Vector Database Server Takeover9:24 Shai-Hulud Worm Source Code Released on GitHub11:02 node-ipc npm Package Compromised via Expired Maintainer DomainStory Links:Burst Statistics Auth Bypass Threatens 200K WordPress Sites: https://www.wordfence.com/blog/2026/05/200000-wordpress-sites-at-risk-from-critical-authentication-bypass-vulnerability-in-burst-statistics-plugin/Microsoft Exchange OWA Zero-Day Under Active Exploitation: https://techcommunity.microsoft.com/blog/exchange/addressing-exchange-server-may-2026-vulnerability-cve-2026-42897/4518498Critical Cisco Catalyst SD-WAN Controller Auth Bypass Under Attack: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SWChromaDB Pre-Auth RCE Allows AI Vector Database Server Takeover: https://www.hiddenlayer.com/research/chromatoast-served-pre-authShai-Hulud Worm Source Code Released on GitHub: https://www.ox.security/blog/shai-hulud-open-source-malware-github/node-ipc npm Package Compromised via Expired Maintainer Domain: https://www.bleepingcomputer.com/news/security/popular-node-ipc-npm-package-compromised-to-steal-credentials/Stay informed and secure: get the latest WordPress security news on the Wordfence blog or subscribe to the WordPress Security Newsletter.

This week in Wordfence Security News (Week of May 18, 2026):Burst Statistics plugin auth bypass lets unauthenticated attackers impersonate admins; Wordfence blocked 88,000+ requests across 376 sites.Microsoft Exchange OWA zero-day XSS flaw under active exploitation with no permanent patch; CISA deadline set for May 29th.Cisco Catalyst SD-WAN auth bypass exploited by UAT-8616; CISA gave federal agencies three days to patch under Emergency Directive 26-03.ChromaDB pre-auth RCE loads attacker-controlled AI models before the auth check runs; 73% of exposed instances run a vulnerable version.Shai-Hulud worm source code released on GitHub by TeamPCP; copycat packages appeared on NPM within days of publication.node-ipc npm package with 800,000 weekly downloads was compromised via an attacker re-registering a maintainer's expired email domain.Timestamps:0:00 Introduction0:37 Burst Statistics Auth Bypass Threatens 200K WordPress Sites2:52 Microsoft Exchange OWA Zero-Day Under Active Exploitation5:24 Critical Cisco Catalyst SD-WAN Controller Auth Bypass Under Attack7:11 ChromaDB Pre-Auth RCE Allows AI Vector Database Server Takeover9:24 Shai-Hulud Worm Source Code Released on GitHub11:02 node-ipc npm Package Compromised via Expired Maintainer DomainStory Links:Burst Statistics Auth Bypass Threatens 200K WordPress Sites: https://www.wordfence.com/blog/2026/05/200000-wordpress-sites-at-risk-from-critical-authentication-bypass-vulnerability-in-burst-statistics-plugin/Microsoft Exchange OWA Zero-Day Under Active Exploitation: https://techcommunity.microsoft.com/blog/exchange/addressing-exchange-server-may-2026-vulnerability-cve-2026-42897/4518498Critical Cisco Catalyst SD-WAN Controller Auth Bypass Under Attack: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SWChromaDB Pre-Auth RCE Allows AI Vector Database Server Takeover: https://www.hiddenlayer.com/research/chromatoast-served-pre-authShai-Hulud Worm Source Code Released on GitHub: https://www.ox.security/blog/shai-hulud-open-source-malware-github/node-ipc npm Package Compromised via Expired Maintainer Domain: https://www.bleepingcomputer.com/news/security/popular-node-ipc-npm-package-compromised-to-steal-credentials/Stay informed and secure: get the latest WordPress security news on the Wordfence blog or subscribe to the WordPress Security Newsletter.

NOW PLAYING

Burst Statistics Bypass Threatens 200,000 WordPress Sites | Microsoft Exchange Zero-Day Under Active Exploitation | Critical Cisco SD-WAN Controller Flaw Exploited | Shai-Hulud Worm Source Code Open-Sourced | Wordfence Security News | Week of May 18, 2026

0:00 11:40

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of Wordfence Security News?

This episode is 11 minutes long.

When was this Wordfence Security News episode published?

This episode was published on May 22, 2026.

What is this episode about?

This week in Wordfence Security News (Week of May 18, 2026):Burst Statistics plugin auth bypass lets unauthenticated attackers impersonate admins; Wordfence blocked 88,000+ requests across 376 sites.Microsoft Exchange OWA zero-day XSS flaw under...

Can I download this Wordfence Security News episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!