EPISODE · Jun 10, 2026 · 11 MIN
Wordfence Security News #10 - WPMaps Pro Exploited, Palo Alto VPN Bug, and AI Agent-Driven Intrusion
from Wordfence Security News · host Wordfence
Wordfence Security News #10 - WPMaps Pro Exploited, Palo Alto VPN Bug, and AI Agent-Driven IntrusionThis week in Wordfence Security News (Week of June 1, 2026):WP Maps Pro flaw lets unauthenticated attackers forge admin accounts; exploitation began May 19th, before public disclosure.Palo Alto PAN-OS GlobalProtect authentication bypass under active attack; CISA added it to KEV with a June 1st federal patch deadline.FortiClient EMS exploited post-patch to push EKZ infostealer disguised as a Fortinet update to managed endpoints.Sysdig documented the first captured intrusion where an LLM agent drove post-compromise activity in real time via unpatched Marimo.Flowise one-click RCE lets a malicious chatflow execute code on import; self-hosted installs at risk via STDIO MCP execution path.Timestamps:0:00 Introduction0:34 WP Maps Pro Unauthenticated Admin Account Creation (CVE-2026-8732)3:00 Palo Alto PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257)5:36 FortiClient EMS Exploited to Deliver EKZ Infostealer (CVE-2026-35616)7:11 First Documented LLM-Agent-Driven Intrusion (Marimo, CVE-2026-39987)9:32 Flowise One-Click RCE and the MCP stdio Execution Problem (CVE-2026-40933)Story Links:WP Maps Pro Unauthenticated Admin Account Creation (CVE-2026-8732)Palo Alto PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257)FortiClient EMS Exploited to Deliver EKZ Infostealer (CVE-2026-35616)First Documented LLM-Agent-Driven Intrusion (Marimo, CVE-2026-39987)Flowise One-Click RCE and the MCP stdio Execution Problem (CVE-2026-40933)Stay informed and secure: get the latest WordPress security news on the Wordfence blog or subscribe to the WordPress Security Newsletter.
What this episode covers
Wordfence Security News #10 - WPMaps Pro Exploited, Palo Alto VPN Bug, and AI Agent-Driven IntrusionThis week in Wordfence Security News (Week of June 1, 2026):WP Maps Pro flaw lets unauthenticated attackers forge admin accounts; exploitation began May 19th, before public disclosure.Palo Alto PAN-OS GlobalProtect authentication bypass under active attack; CISA added it to KEV with a June 1st federal patch deadline.FortiClient EMS exploited post-patch to push EKZ infostealer disguised as a Fortinet update to managed endpoints.Sysdig documented the first captured intrusion where an LLM agent drove post-compromise activity in real time via unpatched Marimo.Flowise one-click RCE lets a malicious chatflow execute code on import; self-hosted installs at risk via STDIO MCP execution path.Timestamps:0:00 Introduction0:34 WP Maps Pro Unauthenticated Admin Account Creation (CVE-2026-8732)3:00 Palo Alto PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257)5:36 FortiClient EMS Exploited to Deliver EKZ Infostealer (CVE-2026-35616)7:11 First Documented LLM-Agent-Driven Intrusion (Marimo, CVE-2026-39987)9:32 Flowise One-Click RCE and the MCP stdio Execution Problem (CVE-2026-40933)Story Links:WP Maps Pro Unauthenticated Admin Account Creation (CVE-2026-8732)Palo Alto PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257)FortiClient EMS Exploited to Deliver EKZ Infostealer (CVE-2026-35616)First Documented LLM-Agent-Driven Intrusion (Marimo, CVE-2026-39987)Flowise One-Click RCE and the MCP stdio Execution Problem (CVE-2026-40933)Stay informed and secure: get the latest WordPress security news on the Wordfence blog or subscribe to the WordPress Security Newsletter.
NOW PLAYING
Wordfence Security News #10 - WPMaps Pro Exploited, Palo Alto VPN Bug, and AI Agent-Driven Intrusion
No transcript for this episode yet
Similar Episodes
No similar episodes found.
Similar Podcasts
No similar podcasts found.