WooCommerce RCE | Drupal SQLi | Ghost CMS Clickfix Attack | Wordfence Security News | May 25, 2026 episode artwork

EPISODE · Jun 4, 2026 · 13 MIN

WooCommerce RCE | Drupal SQLi | Ghost CMS Clickfix Attack | Wordfence Security News | May 25, 2026

from Wordfence Security News · host Wordfence

WooCommerce RCE active exploitation, Drupal SQL injection attacks, Microsoft Defender zero-days, Ghost CMS ClickFix campaign, TrapDoor supply chain, Nimbus Manticore backdoor.This week in Wordfence Security News (Week of May 25, 2025):WooCommerce Custom Product Add-ons Pro RCE flaw (CVE-2026-4001) is under active attack, with exploit attempts spiking May 23-27 against the 21,000-install plugin.Drupal Core SQL injection (CVE-2026-9082) hit 6,000 sites across 65 countries within 48 hours of patch release, with attackers exploiting PostgreSQL-backend installs.Microsoft issued emergency out-of-band Defender patches for two exploited zero-days - RedSun and UnDefend - after a researcher published proof-of-concept exploits without coordinated disclosure.Over 700 Ghost CMS sites were compromised via a ClickFix campaign exploiting a SQL injection flaw discovered by Claude Opus 4.6 during Anthropic security testing.TrapDoor cross-ecosystem supply chain campaign spread across NPM, PyPI, and Crates.io with 34-plus malicious packages stealing SSH keys, cloud credentials, and crypto wallet data.Iranian state-aligned Nimbus Manticore ran three campaign waves since late February, deploying a new AI-assisted MiniFast backdoor via phishing, trojanized Zoom installers, and search engine poisoning.Timestamps:0:00 Introduction0:31 WooCommerce Custom Product Add-ons Pro RCE Active Exploitation2:06 Drupal Core SQL Injection Active Exploitation4:37 Microsoft Defender RedSun and UnDefend Zero-Days7:11 Ghost CMS ClickFix Campaign9:43 TrapDoor Cross-Ecosystem Supply Chain Campaign11:43 Nimbus Manticore AI-Assisted MiniFast BackdoorStory Links:WooCommerce Custom Product Addons Pro RCE (CVE-2026-4001)Drupal Core SQL Injection (CVE-2026-9082)Microsoft Defender RedSun and UnDefend Zero-Days (CVE-2026-41091, CVE-2026-45498)Ghost CMS ClickFix Campaign (CVE-2026-26980)TrapDoor Cross-Ecosystem Supply Chain CampaignNimbus Manticore AI-Assisted MiniFast BackdoorStay informed and secure: get the latest WordPress security news on the Wordfence blog or subscribe to the WordPress Security Newsletter.

WooCommerce RCE active exploitation, Drupal SQL injection attacks, Microsoft Defender zero-days, Ghost CMS ClickFix campaign, TrapDoor supply chain, Nimbus Manticore backdoor.This week in Wordfence Security News (Week of May 25, 2025):WooCommerce Custom Product Add-ons Pro RCE flaw (CVE-2026-4001) is under active attack, with exploit attempts spiking May 23-27 against the 21,000-install plugin.Drupal Core SQL injection (CVE-2026-9082) hit 6,000 sites across 65 countries within 48 hours of patch release, with attackers exploiting PostgreSQL-backend installs.Microsoft issued emergency out-of-band Defender patches for two exploited zero-days - RedSun and UnDefend - after a researcher published proof-of-concept exploits without coordinated disclosure.Over 700 Ghost CMS sites were compromised via a ClickFix campaign exploiting a SQL injection flaw discovered by Claude Opus 4.6 during Anthropic security testing.TrapDoor cross-ecosystem supply chain campaign spread across NPM, PyPI, and Crates.io with 34-plus malicious packages stealing SSH keys, cloud credentials, and crypto wallet data.Iranian state-aligned Nimbus Manticore ran three campaign waves since late February, deploying a new AI-assisted MiniFast backdoor via phishing, trojanized Zoom installers, and search engine poisoning.Timestamps:0:00 Introduction0:31 WooCommerce Custom Product Add-ons Pro RCE Active Exploitation2:06 Drupal Core SQL Injection Active Exploitation4:37 Microsoft Defender RedSun and UnDefend Zero-Days7:11 Ghost CMS ClickFix Campaign9:43 TrapDoor Cross-Ecosystem Supply Chain Campaign11:43 Nimbus Manticore AI-Assisted MiniFast BackdoorStory Links:WooCommerce Custom Product Addons Pro RCE (CVE-2026-4001)Drupal Core SQL Injection (CVE-2026-9082)Microsoft Defender RedSun and UnDefend Zero-Days (CVE-2026-41091, CVE-2026-45498)Ghost CMS ClickFix Campaign (CVE-2026-26980)TrapDoor Cross-Ecosystem Supply Chain CampaignNimbus Manticore AI-Assisted MiniFast BackdoorStay informed and secure: get the latest WordPress security news on the Wordfence blog or subscribe to the WordPress Security Newsletter.

NOW PLAYING

WooCommerce RCE | Drupal SQLi | Ghost CMS Clickfix Attack | Wordfence Security News | May 25, 2026

0:00 13:36

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of Wordfence Security News?

This episode is 13 minutes long.

When was this Wordfence Security News episode published?

This episode was published on June 4, 2026.

What is this episode about?

WooCommerce RCE active exploitation, Drupal SQL injection attacks, Microsoft Defender zero-days, Ghost CMS ClickFix campaign, TrapDoor supply chain, Nimbus Manticore backdoor.This week in Wordfence Security News (Week of May 25, 2025):WooCommerce...

Can I download this Wordfence Security News episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!