EPISODE · May 16, 2026 · 10 MIN
Google Identifies First AI-Developed Zero-Day | Gravity SMTP Mass Exploitation Leaks API Keys | Palo Alto Firewall Flaw Exploited by State Actors | TanStack Release Pipeline Hijacked | Wordfence Security News | Week of May 11, 2026
from Wordfence Security News · host Wordfence
This week in Wordfence Security News (Week of May 11, 2026):Active mass exploitation of an information disclosure vulnerability in Gravity SMTP exposes API keys and mail service credentials, with the Wordfence firewall blocking nearly 788,000 exploit attempts across more than 77,000 unique WordPress sitesA critical authentication bypass in cPanel and WHM is now under active exploitation, allowing unauthenticated attackers to gain administrative access and potentially compromising every WordPress site on a shared hostSuspected state-sponsored attackers exploit a Palo Alto PAN-OS zero-day buffer overflow in the User ID Authentication Portal, achieving root code execution on PA series and VM series firewalls and pivoting via high-availability failoverThe Shai-Hulud supply chain worm returns as attackers hijack TanStack's GitHub Actions release pipeline, publishing over 170 malicious packages across NPM and PyPI with valid signatures and provenance attestationsGoogle's Threat Intelligence group identifies the first zero-day exploit believed to have been developed with AI assistance, targeting a two-factor authentication bypass in an unnamed open source web administration toolA Linux kernel privilege escalation vulnerability called Dirty Frag becomes public after its coordinated disclosure embargo collapses, with Microsoft Defender reporting limited in-the-wild exploitation for root escalation after SSH accessTimestamps:0:00 Introduction0:33 Gravity SMTP Information Disclosure Exploitation3:19 cPanel and WHM Authentication Bypass4:22 Palo Alto PAN-OS Zero-Day5:56 Shai-Hulud Supply Chain Worm Hits TanStack7:09 Google Identifies First AI-Assisted Zero-Day8:24 Dirty Frag Linux Kernel Privilege EscalationStory Links:Gravity SMTP Exploited at Scale: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/gravitysmtp/gravity-smtp-214-unauthenticated-sensitive-information-exposure-via-rest-apiPAN-OS zero-day: https://security.paloaltonetworks.com/CVE-2026-0300Mini Shai-Hulud worm: https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromisedGoogle GTIG AI zero-day: https://cloud.google.com/blog/topics/threat-intelligence/ai-vulnerability-exploitation-initial-accessDirtyFrag Linux LPE: https://github.com/V4bel/dirtyfragStay informed and secure: get the latest WordPress security news on the Wordfence blog or subscribe to the WordPress Security Newsletter.
What this episode covers
This week in Wordfence Security News (Week of May 11, 2026):Active mass exploitation of an information disclosure vulnerability in Gravity SMTP exposes API keys and mail service credentials, with the Wordfence firewall blocking nearly 788,000 exploit attempts across more than 77,000 unique WordPress sitesA critical authentication bypass in cPanel and WHM is now under active exploitation, allowing unauthenticated attackers to gain administrative access and potentially compromising every WordPress site on a shared hostSuspected state-sponsored attackers exploit a Palo Alto PAN-OS zero-day buffer overflow in the User ID Authentication Portal, achieving root code execution on PA series and VM series firewalls and pivoting via high-availability failoverThe Shai-Hulud supply chain worm returns as attackers hijack TanStack's GitHub Actions release pipeline, publishing over 170 malicious packages across NPM and PyPI with valid signatures and provenance attestationsGoogle's Threat Intelligence group identifies the first zero-day exploit believed to have been developed with AI assistance, targeting a two-factor authentication bypass in an unnamed open source web administration toolA Linux kernel privilege escalation vulnerability called Dirty Frag becomes public after its coordinated disclosure embargo collapses, with Microsoft Defender reporting limited in-the-wild exploitation for root escalation after SSH accessTimestamps:0:00 Introduction0:33 Gravity SMTP Information Disclosure Exploitation3:19 cPanel and WHM Authentication Bypass4:22 Palo Alto PAN-OS Zero-Day5:56 Shai-Hulud Supply Chain Worm Hits TanStack7:09 Google Identifies First AI-Assisted Zero-Day8:24 Dirty Frag Linux Kernel Privilege EscalationStory Links:Gravity SMTP Exploited at Scale: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/gravitysmtp/gravity-smtp-214-unauthenticated-sensitive-information-exposure-via-rest-apiPAN-OS zero-day: https://security.paloaltonetworks.com/CVE-2026-0300Mini Shai-Hulud worm: https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromisedGoogle GTIG AI zero-day: https://cloud.google.com/blog/topics/threat-intelligence/ai-vulnerability-exploitation-initial-accessDirtyFrag Linux LPE: https://github.com/V4bel/dirtyfragStay informed and secure: get the latest WordPress security news on the Wordfence blog or subscribe to the WordPress Security Newsletter.
NOW PLAYING
Google Identifies First AI-Developed Zero-Day | Gravity SMTP Mass Exploitation Leaks API Keys | Palo Alto Firewall Flaw Exploited by State Actors | TanStack Release Pipeline Hijacked | Wordfence Security News | Week of May 11, 2026
No transcript for this episode yet
Similar Episodes
No similar episodes found.
Similar Podcasts
No similar podcasts found.