Sign up to save your podcasts
Or
Share WooCommerce RCE | Drupal SQLi | Ghost CMS Clickfix Attack | Wordfence Security News | May 25, 2026
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
WooCommerce RCE | Drupal SQLi | Ghost CMS Clickfix Attack | Wordfence Security News | May 25, 2026
WooCommerce RCE active exploitation, Drupal SQL injection attacks, Microsoft Defender zero-days, Ghost CMS ClickFix campaign, TrapDoor supply chain, Nimbus Manticore backdoor.
This week in Wordfence Security News (Week of May 25, 2025):
- WooCommerce Custom Product Add-ons Pro RCE flaw (CVE-2026-4001) is under active attack, with exploit attempts spiking May 23-27 against the 21,000-install plugin.
- Drupal Core SQL injection (CVE-2026-9082) hit 6,000 sites across 65 countries within 48 hours of patch release, with attackers exploiting PostgreSQL-backend installs.
- Microsoft issued emergency out-of-band Defender patches for two exploited zero-days - RedSun and UnDefend - after a researcher published proof-of-concept exploits without coordinated disclosure.
- Over 700 Ghost CMS sites were compromised via a ClickFix campaign exploiting a SQL injection flaw discovered by Claude Opus 4.6 during Anthropic security testing.
- TrapDoor cross-ecosystem supply chain campaign spread across NPM, PyPI, and Crates.io with 34-plus malicious packages stealing SSH keys, cloud credentials, and crypto wallet data.
- Iranian state-aligned Nimbus Manticore ran three campaign waves since late February, deploying a new AI-assisted MiniFast backdoor via phishing, trojanized Zoom installers, and search engine poisoning.
Timestamps:
0:00 Introduction
0:31 WooCommerce Custom Product Add-ons Pro RCE Active Exploitation
2:06 Drupal Core SQL Injection Active Exploitation
4:37 Microsoft Defender RedSun and UnDefend Zero-Days
7:11 Ghost CMS ClickFix Campaign
9:43 TrapDoor Cross-Ecosystem Supply Chain Campaign
11:43 Nimbus Manticore AI-Assisted MiniFast Backdoor
Story Links:
- WooCommerce Custom Product Addons Pro RCE (CVE-2026-4001)
- Drupal Core SQL Injection (CVE-2026-9082)
- Microsoft Defender RedSun and UnDefend Zero-Days (CVE-2026-41091, CVE-2026-45498)
- Ghost CMS ClickFix Campaign (CVE-2026-26980)
- TrapDoor Cross-Ecosystem Supply Chain Campaign
- Nimbus Manticore AI-Assisted MiniFast Backdoor
Stay informed and secure: get the latest WordPress security news on the Wordfence blog or subscribe to the WordPress Security Newsletter.
View all episodes
By WordfenceWooCommerce RCE active exploitation, Drupal SQL injection attacks, Microsoft Defender zero-days, Ghost CMS ClickFix campaign, TrapDoor supply chain, Nimbus Manticore backdoor.
This week in Wordfence Security News (Week of May 25, 2025):
- WooCommerce Custom Product Add-ons Pro RCE flaw (CVE-2026-4001) is under active attack, with exploit attempts spiking May 23-27 against the 21,000-install plugin.
- Drupal Core SQL injection (CVE-2026-9082) hit 6,000 sites across 65 countries within 48 hours of patch release, with attackers exploiting PostgreSQL-backend installs.
- Microsoft issued emergency out-of-band Defender patches for two exploited zero-days - RedSun and UnDefend - after a researcher published proof-of-concept exploits without coordinated disclosure.
- Over 700 Ghost CMS sites were compromised via a ClickFix campaign exploiting a SQL injection flaw discovered by Claude Opus 4.6 during Anthropic security testing.
- TrapDoor cross-ecosystem supply chain campaign spread across NPM, PyPI, and Crates.io with 34-plus malicious packages stealing SSH keys, cloud credentials, and crypto wallet data.
- Iranian state-aligned Nimbus Manticore ran three campaign waves since late February, deploying a new AI-assisted MiniFast backdoor via phishing, trojanized Zoom installers, and search engine poisoning.
Timestamps:
0:00 Introduction
0:31 WooCommerce Custom Product Add-ons Pro RCE Active Exploitation
2:06 Drupal Core SQL Injection Active Exploitation
4:37 Microsoft Defender RedSun and UnDefend Zero-Days
7:11 Ghost CMS ClickFix Campaign
9:43 TrapDoor Cross-Ecosystem Supply Chain Campaign
11:43 Nimbus Manticore AI-Assisted MiniFast Backdoor
Story Links:
- WooCommerce Custom Product Addons Pro RCE (CVE-2026-4001)
- Drupal Core SQL Injection (CVE-2026-9082)
- Microsoft Defender RedSun and UnDefend Zero-Days (CVE-2026-41091, CVE-2026-45498)
- Ghost CMS ClickFix Campaign (CVE-2026-26980)
- TrapDoor Cross-Ecosystem Supply Chain Campaign
- Nimbus Manticore AI-Assisted MiniFast Backdoor
Stay informed and secure: get the latest WordPress security news on the Wordfence blog or subscribe to the WordPress Security Newsletter.