Google Identifies First AI-Developed Zero-Day | Gravity SMTP Mass Exploitation Leaks API Keys | Palo Alto Firewall Flaw Exploited by State Actors | TanStack Release Pipeline Hijacked | Wordfence Security News | Week of May 11, 2026 episode artwork

EPISODE · May 16, 2026 · 10 MIN

Google Identifies First AI-Developed Zero-Day | Gravity SMTP Mass Exploitation Leaks API Keys | Palo Alto Firewall Flaw Exploited by State Actors | TanStack Release Pipeline Hijacked | Wordfence Security News | Week of May 11, 2026

from Wordfence Security News · host Wordfence

This week in Wordfence Security News (Week of May 11, 2026):Active mass exploitation of an information disclosure vulnerability in Gravity SMTP exposes API keys and mail service credentials, with the Wordfence firewall blocking nearly 788,000 exploit attempts across more than 77,000 unique WordPress sitesA critical authentication bypass in cPanel and WHM is now under active exploitation, allowing unauthenticated attackers to gain administrative access and potentially compromising every WordPress site on a shared hostSuspected state-sponsored attackers exploit a Palo Alto PAN-OS zero-day buffer overflow in the User ID Authentication Portal, achieving root code execution on PA series and VM series firewalls and pivoting via high-availability failoverThe Shai-Hulud supply chain worm returns as attackers hijack TanStack's GitHub Actions release pipeline, publishing over 170 malicious packages across NPM and PyPI with valid signatures and provenance attestationsGoogle's Threat Intelligence group identifies the first zero-day exploit believed to have been developed with AI assistance, targeting a two-factor authentication bypass in an unnamed open source web administration toolA Linux kernel privilege escalation vulnerability called Dirty Frag becomes public after its coordinated disclosure embargo collapses, with Microsoft Defender reporting limited in-the-wild exploitation for root escalation after SSH accessTimestamps:0:00 Introduction0:33 Gravity SMTP Information Disclosure Exploitation3:19 cPanel and WHM Authentication Bypass4:22 Palo Alto PAN-OS Zero-Day5:56 Shai-Hulud Supply Chain Worm Hits TanStack7:09 Google Identifies First AI-Assisted Zero-Day8:24 Dirty Frag Linux Kernel Privilege EscalationStory Links:Gravity SMTP Exploited at Scale: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/gravitysmtp/gravity-smtp-214-unauthenticated-sensitive-information-exposure-via-rest-apiPAN-OS zero-day: https://security.paloaltonetworks.com/CVE-2026-0300Mini Shai-Hulud worm: https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromisedGoogle GTIG AI zero-day: https://cloud.google.com/blog/topics/threat-intelligence/ai-vulnerability-exploitation-initial-accessDirtyFrag Linux LPE: https://github.com/V4bel/dirtyfragStay informed and secure: get the latest WordPress security news on the Wordfence blog or subscribe to the WordPress Security Newsletter.

This week in Wordfence Security News (Week of May 11, 2026):Active mass exploitation of an information disclosure vulnerability in Gravity SMTP exposes API keys and mail service credentials, with the Wordfence firewall blocking nearly 788,000 exploit attempts across more than 77,000 unique WordPress sitesA critical authentication bypass in cPanel and WHM is now under active exploitation, allowing unauthenticated attackers to gain administrative access and potentially compromising every WordPress site on a shared hostSuspected state-sponsored attackers exploit a Palo Alto PAN-OS zero-day buffer overflow in the User ID Authentication Portal, achieving root code execution on PA series and VM series firewalls and pivoting via high-availability failoverThe Shai-Hulud supply chain worm returns as attackers hijack TanStack's GitHub Actions release pipeline, publishing over 170 malicious packages across NPM and PyPI with valid signatures and provenance attestationsGoogle's Threat Intelligence group identifies the first zero-day exploit believed to have been developed with AI assistance, targeting a two-factor authentication bypass in an unnamed open source web administration toolA Linux kernel privilege escalation vulnerability called Dirty Frag becomes public after its coordinated disclosure embargo collapses, with Microsoft Defender reporting limited in-the-wild exploitation for root escalation after SSH accessTimestamps:0:00 Introduction0:33 Gravity SMTP Information Disclosure Exploitation3:19 cPanel and WHM Authentication Bypass4:22 Palo Alto PAN-OS Zero-Day5:56 Shai-Hulud Supply Chain Worm Hits TanStack7:09 Google Identifies First AI-Assisted Zero-Day8:24 Dirty Frag Linux Kernel Privilege EscalationStory Links:Gravity SMTP Exploited at Scale: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/gravitysmtp/gravity-smtp-214-unauthenticated-sensitive-information-exposure-via-rest-apiPAN-OS zero-day: https://security.paloaltonetworks.com/CVE-2026-0300Mini Shai-Hulud worm: https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromisedGoogle GTIG AI zero-day: https://cloud.google.com/blog/topics/threat-intelligence/ai-vulnerability-exploitation-initial-accessDirtyFrag Linux LPE: https://github.com/V4bel/dirtyfragStay informed and secure: get the latest WordPress security news on the Wordfence blog or subscribe to the WordPress Security Newsletter.

NOW PLAYING

Google Identifies First AI-Developed Zero-Day | Gravity SMTP Mass Exploitation Leaks API Keys | Palo Alto Firewall Flaw Exploited by State Actors | TanStack Release Pipeline Hijacked | Wordfence Security News | Week of May 11, 2026

0:00 10:08

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of Wordfence Security News?

This episode is 10 minutes long.

When was this Wordfence Security News episode published?

This episode was published on May 16, 2026.

What is this episode about?

This week in Wordfence Security News (Week of May 11, 2026):Active mass exploitation of an information disclosure vulnerability in Gravity SMTP exposes API keys and mail service credentials, with the Wordfence firewall blocking nearly 788,000...

Can I download this Wordfence Security News episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!