EPISODE · Jun 4, 2026 · 13 MIN
WooCommerce RCE | Drupal SQLi | Ghost CMS Clickfix Attack | Wordfence Security News | May 25, 2026
from Wordfence Security News · host Wordfence
WooCommerce RCE active exploitation, Drupal SQL injection attacks, Microsoft Defender zero-days, Ghost CMS ClickFix campaign, TrapDoor supply chain, Nimbus Manticore backdoor.This week in Wordfence Security News (Week of May 25, 2025):WooCommerce Custom Product Add-ons Pro RCE flaw (CVE-2026-4001) is under active attack, with exploit attempts spiking May 23-27 against the 21,000-install plugin.Drupal Core SQL injection (CVE-2026-9082) hit 6,000 sites across 65 countries within 48 hours of patch release, with attackers exploiting PostgreSQL-backend installs.Microsoft issued emergency out-of-band Defender patches for two exploited zero-days - RedSun and UnDefend - after a researcher published proof-of-concept exploits without coordinated disclosure.Over 700 Ghost CMS sites were compromised via a ClickFix campaign exploiting a SQL injection flaw discovered by Claude Opus 4.6 during Anthropic security testing.TrapDoor cross-ecosystem supply chain campaign spread across NPM, PyPI, and Crates.io with 34-plus malicious packages stealing SSH keys, cloud credentials, and crypto wallet data.Iranian state-aligned Nimbus Manticore ran three campaign waves since late February, deploying a new AI-assisted MiniFast backdoor via phishing, trojanized Zoom installers, and search engine poisoning.Timestamps:0:00 Introduction0:31 WooCommerce Custom Product Add-ons Pro RCE Active Exploitation2:06 Drupal Core SQL Injection Active Exploitation4:37 Microsoft Defender RedSun and UnDefend Zero-Days7:11 Ghost CMS ClickFix Campaign9:43 TrapDoor Cross-Ecosystem Supply Chain Campaign11:43 Nimbus Manticore AI-Assisted MiniFast BackdoorStory Links:WooCommerce Custom Product Addons Pro RCE (CVE-2026-4001)Drupal Core SQL Injection (CVE-2026-9082)Microsoft Defender RedSun and UnDefend Zero-Days (CVE-2026-41091, CVE-2026-45498)Ghost CMS ClickFix Campaign (CVE-2026-26980)TrapDoor Cross-Ecosystem Supply Chain CampaignNimbus Manticore AI-Assisted MiniFast BackdoorStay informed and secure: get the latest WordPress security news on the Wordfence blog or subscribe to the WordPress Security Newsletter.
What this episode covers
WooCommerce RCE active exploitation, Drupal SQL injection attacks, Microsoft Defender zero-days, Ghost CMS ClickFix campaign, TrapDoor supply chain, Nimbus Manticore backdoor.This week in Wordfence Security News (Week of May 25, 2025):WooCommerce Custom Product Add-ons Pro RCE flaw (CVE-2026-4001) is under active attack, with exploit attempts spiking May 23-27 against the 21,000-install plugin.Drupal Core SQL injection (CVE-2026-9082) hit 6,000 sites across 65 countries within 48 hours of patch release, with attackers exploiting PostgreSQL-backend installs.Microsoft issued emergency out-of-band Defender patches for two exploited zero-days - RedSun and UnDefend - after a researcher published proof-of-concept exploits without coordinated disclosure.Over 700 Ghost CMS sites were compromised via a ClickFix campaign exploiting a SQL injection flaw discovered by Claude Opus 4.6 during Anthropic security testing.TrapDoor cross-ecosystem supply chain campaign spread across NPM, PyPI, and Crates.io with 34-plus malicious packages stealing SSH keys, cloud credentials, and crypto wallet data.Iranian state-aligned Nimbus Manticore ran three campaign waves since late February, deploying a new AI-assisted MiniFast backdoor via phishing, trojanized Zoom installers, and search engine poisoning.Timestamps:0:00 Introduction0:31 WooCommerce Custom Product Add-ons Pro RCE Active Exploitation2:06 Drupal Core SQL Injection Active Exploitation4:37 Microsoft Defender RedSun and UnDefend Zero-Days7:11 Ghost CMS ClickFix Campaign9:43 TrapDoor Cross-Ecosystem Supply Chain Campaign11:43 Nimbus Manticore AI-Assisted MiniFast BackdoorStory Links:WooCommerce Custom Product Addons Pro RCE (CVE-2026-4001)Drupal Core SQL Injection (CVE-2026-9082)Microsoft Defender RedSun and UnDefend Zero-Days (CVE-2026-41091, CVE-2026-45498)Ghost CMS ClickFix Campaign (CVE-2026-26980)TrapDoor Cross-Ecosystem Supply Chain CampaignNimbus Manticore AI-Assisted MiniFast BackdoorStay informed and secure: get the latest WordPress security news on the Wordfence blog or subscribe to the WordPress Security Newsletter.
NOW PLAYING
WooCommerce RCE | Drupal SQLi | Ghost CMS Clickfix Attack | Wordfence Security News | May 25, 2026
No transcript for this episode yet
Similar Episodes
No similar episodes found.
Similar Podcasts
No similar podcasts found.