Wordfence Security News #10 - WPMaps Pro Exploited, Palo Alto VPN Bug, and AI Agent-Driven Intrusion episode artwork

EPISODE · Jun 10, 2026 · 11 MIN

Wordfence Security News #10 - WPMaps Pro Exploited, Palo Alto VPN Bug, and AI Agent-Driven Intrusion

from Wordfence Security News · host Wordfence

Wordfence Security News #10 - WPMaps Pro Exploited, Palo Alto VPN Bug, and AI Agent-Driven IntrusionThis week in Wordfence Security News (Week of June 1, 2026):WP Maps Pro flaw lets unauthenticated attackers forge admin accounts; exploitation began May 19th, before public disclosure.Palo Alto PAN-OS GlobalProtect authentication bypass under active attack; CISA added it to KEV with a June 1st federal patch deadline.FortiClient EMS exploited post-patch to push EKZ infostealer disguised as a Fortinet update to managed endpoints.Sysdig documented the first captured intrusion where an LLM agent drove post-compromise activity in real time via unpatched Marimo.Flowise one-click RCE lets a malicious chatflow execute code on import; self-hosted installs at risk via STDIO MCP execution path.Timestamps:0:00 Introduction0:34 WP Maps Pro Unauthenticated Admin Account Creation (CVE-2026-8732)3:00 Palo Alto PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257)5:36 FortiClient EMS Exploited to Deliver EKZ Infostealer (CVE-2026-35616)7:11 First Documented LLM-Agent-Driven Intrusion (Marimo, CVE-2026-39987)9:32 Flowise One-Click RCE and the MCP stdio Execution Problem (CVE-2026-40933)Story Links:WP Maps Pro Unauthenticated Admin Account Creation (CVE-2026-8732)Palo Alto PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257)FortiClient EMS Exploited to Deliver EKZ Infostealer (CVE-2026-35616)First Documented LLM-Agent-Driven Intrusion (Marimo, CVE-2026-39987)Flowise One-Click RCE and the MCP stdio Execution Problem (CVE-2026-40933)Stay informed and secure: get the latest WordPress security news on the Wordfence blog or subscribe to the WordPress Security Newsletter.

Wordfence Security News #10 - WPMaps Pro Exploited, Palo Alto VPN Bug, and AI Agent-Driven IntrusionThis week in Wordfence Security News (Week of June 1, 2026):WP Maps Pro flaw lets unauthenticated attackers forge admin accounts; exploitation began May 19th, before public disclosure.Palo Alto PAN-OS GlobalProtect authentication bypass under active attack; CISA added it to KEV with a June 1st federal patch deadline.FortiClient EMS exploited post-patch to push EKZ infostealer disguised as a Fortinet update to managed endpoints.Sysdig documented the first captured intrusion where an LLM agent drove post-compromise activity in real time via unpatched Marimo.Flowise one-click RCE lets a malicious chatflow execute code on import; self-hosted installs at risk via STDIO MCP execution path.Timestamps:0:00 Introduction0:34 WP Maps Pro Unauthenticated Admin Account Creation (CVE-2026-8732)3:00 Palo Alto PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257)5:36 FortiClient EMS Exploited to Deliver EKZ Infostealer (CVE-2026-35616)7:11 First Documented LLM-Agent-Driven Intrusion (Marimo, CVE-2026-39987)9:32 Flowise One-Click RCE and the MCP stdio Execution Problem (CVE-2026-40933)Story Links:WP Maps Pro Unauthenticated Admin Account Creation (CVE-2026-8732)Palo Alto PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257)FortiClient EMS Exploited to Deliver EKZ Infostealer (CVE-2026-35616)First Documented LLM-Agent-Driven Intrusion (Marimo, CVE-2026-39987)Flowise One-Click RCE and the MCP stdio Execution Problem (CVE-2026-40933)Stay informed and secure: get the latest WordPress security news on the Wordfence blog or subscribe to the WordPress Security Newsletter.

NOW PLAYING

Wordfence Security News #10 - WPMaps Pro Exploited, Palo Alto VPN Bug, and AI Agent-Driven Intrusion

0:00 11:51

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of Wordfence Security News?

This episode is 11 minutes long.

When was this Wordfence Security News episode published?

This episode was published on June 10, 2026.

What is this episode about?

Wordfence Security News #10 - WPMaps Pro Exploited, Palo Alto VPN Bug, and AI Agent-Driven IntrusionThis week in Wordfence Security News (Week of June 1, 2026):WP Maps Pro flaw lets unauthenticated attackers forge admin accounts; exploitation began...

Can I download this Wordfence Security News episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!