Security news.
Today's security news highlights active exploitation of critical vulnerabilities, including a WordPress plugin flaw used for credit card skimming and a Microsoft Exchange zero-day. Supply chain attacks continue to be a concern, with incidents affecting Grafana and OpenAI, alongside the evolution of sophisticated backdoors into P2P botnets.
Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming
A critical vulnerability in the Funnel Builder WordPress plugin is being actively exploited to inject malicious JavaScript into WooCommerce checkout pages to steal payment data.
PoC Code Published for Critical NGINX Vulnerability
Proof-of-concept code has been published for a critical NGINX vulnerability, patched this week in NGINX Plus and NGINX open source, that was introduced in 2008.
Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
Grafana disclosed that an unauthorized party obtained a token to access its GitHub environment and download its codebase, though no customer data was accessed.
Microsoft Exchange, Windows 11 Hacked on Second Day of Pwn2Own
Competitors at Pwn2Own Berlin 2026 exploited 15 unique zero-day vulnerabilities in products including Windows 11 and Microsoft Exchange, earning $385,750.
Popular node-ipc npm package compromised to steal credentials
Credential-stealing malware was injected into new versions of the popular node-ipc npm package in a supply chain attack.
Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild
Microsoft has issued mitigations for CVE-2026-42897, a high-severity Exchange Server cross-site scripting (XSS) vulnerability actively exploited in attacks.
CISA Adds Microsoft Exchange Server XSS Vulnerability to KEV Catalog
CISA has added CVE-2026-42897, a Microsoft Exchange Server Cross-Site Scripting Vulnerability, to its Known Exploited Vulnerabilities Catalog due to active exploitation.
Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access
The Russian state-sponsored hacking group Turla has evolved its Kazuar backdoor into a modular peer-to-peer (P2P) botnet for stealthy, persistent access.