Quarterly WordPress Threat Intelligence Report – Q1 2026

As the leader in WordPress security, Wordfence provides unparalleled security coverage that fully encompasses protection, active monitoring, detection, and response all built around our threat intelligence, demonstrating a strong commitment to security. Our mission is to ensure comprehensive...

PT-2026-46379

That number got my attention. I've cleaned up enough incidents to know what usually happens when a vulnerability becomes public. Attackers don't wait. Right now there are 145 WordPress plugins/themes with publicly disclosed vulnerabilities that still have no available fix. If you're running any o...

PT-2026-45052

Summary CVE-2026-44338 GHSA-6rmh-7xcm-cpxj documents that PraisonAI ships a code-generator praisonai.deploy.api.generate api server code that emits a Flask API server with authentication disabled by default. Users who follow the documented quickstart praisonai deploy --type api get a server that:...

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework. The affected packages include - laravel-lang/lang laravel-lang/http-statuses...

Verizon DBIR: AI Helped Hackers Exploit Vulnerabilities in 31% of Recent Breaches

Verizon DBIR 2026 reveals software vulnerabilities overtook stolen passwords in cyberattacks, with AI helping hackers exploit flaws within hours...

Astra Linux - уязвимость в apache2

When an HTTP/2 stream was reset by a client, there was a time window during which the memory resources associated with the request were not immediately reclaimed. Instead, the de-allocation of those resources was delayed until after the connection was closed. This allowed clients to continue...

Malicious code in @antv/l7-extension-g-layer (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Exploit for Uncontrolled Resource Consumption in Siemens Simatic_S7-1500_Cpu_1518F-4_Pn\/Dp_Mfp_Firmware

CVE-2023-44487 — HTTP/2 Rapid Reset Test Lab Educational envi...

fast-xml-builder Comment Value regex can be bypassed

Summary The fix for https://github.com/advisories/GHSA-gh4j-gqv2-49f6 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace/--/g, '- -'. This skip the values containing three consecutive dashes e.g., ---..., allowing an attacker to break out of an XML comment and inject...

One Click, Total Shutdown: The "Patient Zero" Webinar on Killing Stealth Breaches

The hardest part of cybersecurity isn't the technology, it’s the people. Every major breach you’ve read about lately usually starts the same way: one employee, one clever email, and one "Patient Zero" infection. In 2026, hackers are using AI to make these "first clicks" nearly impossible to spot...

Cyber Insurance Requirements for Cybersecurity

Cyber Insurance Requirements for Cybersecurity Cyber insurance requirements cybersecurity teams face today are stricter than they were even a few years ago. Underwriters no longer accept a simple security questionnaire and a list of tools. They want evidence that your organization can identify...

RHCOS 4 : OpenShift Container Platform 4.14.2 (RHSA-2023:6839)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6839 advisory. - golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325 - HTTP/2: Multiple HTTP/...

Securing the git push pipeline: Responding to a critical remote code execution vulnerability

On March 4, 2026, we received a vulnerability report through our Bug Bounty program from researchers at Wiz describing a critical remote code execution vulnerability affecting github.com, GitHub Enterprise Cloud, GitHub Enterprise Cloud with Data Residency, GitHub Enterprise Cloud with Enterprise...

Security Bulletin: Multiple vulnerabilities in IBM Rapid Infrastructure Automation

Summary IBM Concert Workflows addresses multiple security vulnerabilities that originate from IBM Rapid Infrastructure Automation. IBM Concert Workflows is built on the same underlying technology and provides equivalent core functionality. Vulnerability Details CVEID:CVE-2025-23022 DESCRIPTION:...

The Industrialization of Exploitation: Why Defensive AI Must Outpace Offensive AI

Today, vulnerabilities can be discovered, connected, and operationalized at a speed that traditional security processes were never designed to match. Learn more...

Exploit for Uncontrolled Resource Consumption in Ietf Http

!/usr/bin/env python3 """ Evidencia CVE-2023-44487 HTTP/2 Rapi...

golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

CVE-2026-39687

Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle Data free-vehicle-data-uk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rapid Car Check Vehicle Data: from n/a through = 2.0...

MAL-2026-2559 Malicious code in databasesupalake (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 78dbe2b5e300604ea36dc85a6b0e9eae4e92b7b3729de10b3951f5e3bfc7729b During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

[Video] The TTP Ep. 22: The Collapse of the Patch Window

!\Video\ The TTP Ep. 22: The Collapse of the Patch Windowhttps://storage.ghost.io/c/af/a0/afa04ee3-414f-4481-8d23-7e7c146f192e/content/images/2026/04/YiR2025cover2x1-3.jpg One of the clearest trends in the 2025 Talos Year in Review is just how quickly vulnerabilities are now being turned into...