Security news.
Today's security landscape highlights active exploitation of critical vulnerabilities, particularly in WordPress plugins and Microsoft Exchange, alongside the evolving tactics of state-sponsored groups. The increasing role of AI in both generating vulnerable code and discovering exploits also signals a shift in defensive strategies.
Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming
A critical vulnerability in the Funnel Builder WordPress plugin is being actively exploited to inject malicious JavaScript into WooCommerce checkout pages, aiming to steal payment data.
PoC Code Published for Critical NGINX Vulnerability
Proof-of-concept code has been published for a critical NGINX vulnerability, introduced in 2008 and recently patched in NGINX Plus and open-source versions.
Russian Hackers Turn Kazuar Backdoor into Modular P2P Botnet
The Russian hacker group Secret Blizzard has evolved its Kazuar backdoor into a modular peer-to-peer (P2P) botnet, designed for long-term persistence and data collection.
Microsoft Exchange, Windows 11 Hacked on Second Day of Pwn2Own
Competitors at Pwn2Own Berlin 2026 exploited 15 unique zero-day vulnerabilities in products including Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux, earning $385,750.
Popular node-ipc npm Package Compromised to Steal Credentials
Hackers have injected credential-stealing malware into new versions of the popular node-ipc npm package, in a supply chain attack.
CISA Adds Microsoft Exchange Server Zero-Day to KEV Catalog
CISA has added CVE-2026-42897, a Microsoft Exchange Server cross-site scripting vulnerability, to its Known Exploited Vulnerabilities Catalog due to active exploitation.
OpenAI Hit by TanStack Supply Chain Attack
Two OpenAI employee devices were compromised in a Mini Shai-Hulud supply chain attack on TanStack, leading to the theft of credential material from code repositories.
AI Agents and Code Generation Pose New Cyber Risks
The emergence of AI agents capable of discovering and exploiting obscure vulnerabilities, coupled with the proliferation of AI-generated code, is forcing cybersecurity defenders to adapt.