Wordfence Security News – Détails, épisodes et analyse
Détails du podcast
Informations techniques et générales issues du flux RSS du podcast.


Classements récents
Dernières positions dans les classements Apple Podcasts et Spotify.
Apple Podcasts
🇺🇸 États-Unis - techNews
04/04/2026#78
Spotify
Aucun classement récent disponible
Liens partagés entre épisodes et podcasts
Liens présents dans les descriptions d'épisodes et autres podcasts les utilisant également.
See allQualité et score du flux RSS
Évaluation technique de la qualité et de la structure du flux RSS.
See allScore global : 63%
Historique des publications
Répartition mensuelle des publications d'épisodes au fil des années.
MW WP Form 200K Sites at Risk | Axios Hack | Cisco Breach | Wordfence Security News | March 30, 2026
Épisode 3
vendredi 3 avril 2026 • Durée 07:22
This week in Wordfence Security News (Week of Mar 30, 2026):
- Over 200,000 WordPress sites at risk from an unauthenticated arbitrary file move vulnerability in the MW WP Form plugin, allowing full site takeover
- Massive spike in exploitation attempts targeting the Kali Forms RCE vulnerability, with activity increasing over 60x week-over-week
- A major supply chain attack compromises the widely used Axios JavaScript library, distributing backdoored versions to developers worldwide Active exploitation of a critical Citrix NetScaler vulnerability enabling session hijacking and potential full appliance compromise
- European Commission confirms a cloud breach with data theft claims by ShinyHunters
- Cisco internal development environment breached via poisoned Trivy supply chain attack, exposing source code and credentials
Timestamps:
0:00 Introduction
0:30 MW WP Form Vulnerability
1:15 Kali Forms Exploitation Surge
1:55 Axios Supply Chain Attack
3:20 Citrix NetScaler Active Exploitation
4:57 European Commission Breach
5:50 Cisco Dev Environment Breach
6:47 Wrap up discussion
Story Links:
- MW WP Form Vulnerability
- Kali Forms Exploitation Update
- Axios Supply Chain Attack (Wiz)
- Citrix NetScaler Advisory
- European Commission Breach (Bloomberg)
- Cisco / Trivy Supply Chain Attack
Stay informed and secure: get the latest WordPress security news on the Wordfence blog or subscribe to the WordPress Security Newsletter.
Iran-Linked Hackers Breach FBI Director's Email | Wordfence Security News| Week of March 23, 2026
Épisode 2
vendredi 27 mars 2026 • Durée 06:35
This week in Wordfence Security News (Week of Mar 23, 2026):
- Same-day exploitation of a critical RCE vulnerability in the Kali Forms plugin, attackers can achieve full admin takeover with a single request
- Ongoing mass exploitation of the s2Member plugin targeting password reset functionality
- Breaking News: Iran-linked hackers claim breach of FBI Director Kash Patel’s personal email
- A critical Cisco firewall management vulnerability exploited as a zero-day by ransomware actors
- FBI and CISA warn of phishing campaigns targeting messaging app accounts
Timestamps:
0:00 Introduction
0:25 Kali Forms RCE Vulnerability
1:34 s2Member Mass Exploitation
2:20 Breaking News – FBI Email Breach
2:45 Cisco Firewall RCE Exploitation
5:03 Messaging App Phishing Campaigns
Story Links:
- Kali Forms RCE Vulnerability: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/kali-forms/kali-forms-249-unauthenticated-remote-code-execution-via-form-process
- s2Member Exploitation Campaign: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/s2member/s2member-260127-unauthenticated-privilege-escalation-via-account-takeover
- Cisco Firewall Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh
- Interlock Ransomware Coverage: https://www.ic3.gov/PSA/2026/PSA260320
- Reuters – FBI Email Breach: https://www.reuters.com/world/us/iran-linked-hackers-claim-breach-of-fbi-directors-personal-email-doj-official-2026-03-27/
Stay informed and secure: get the latest WordPress security news on the Wordfence blog or subscribe to the WordPress Security Newsletter.
30,000 Sites at Risk, Cisco Zero-Day & Stryker Attack | Wordfence Security News | Week of Mar 9, 2026
Épisode 1
vendredi 13 mars 2026 • Durée 05:43
This week in Wordfence Security News (Week of Mar 9, 2026):
- A critical auth bypass in Tutor LMS Pro exposes 30,000+ WordPress sites — attackers can hijack admin accounts via a Google sign-in flaw
- An unauthenticated SQL injection in Ally (400K+ sites)
- Microsoft Patch Tuesday with ~80 fixes including AI-related exploits
- A max-severity Cisco SD-WAN zero-day exploited since 2023
- Iran-linked group Handala's claimed attack on medical device maker Stryker.
Timestamps:
0:00 Introduction
0:22 Tutor LMS Pro Authentication Bypass
1:31 Ally WordPress Plugin SQL Injection
1:50 Microsoft Patch Tuesday
2:46 Cisco SD-WAN Zero-Day
4:26 Handala Attack on Stryker
5:03 Iranian Drone Strikes on AWS Data Centers
Story Links:
- Tutor LMS Pro Auth Bypass: https://www.wordfence.com/blog/2026/03/30000-wordpress-sites-affected-by-authentication-bypass-vulnerability-in-tutor-lms-pro-wordpress-plugin/
- Ally Plugin SQL Injection: https://www.wordfence.com/blog/2026/03/400000-wordpress-sites-affected-by-unauthenticated-sql-injection-vulnerability-in-ally-wordpress-plugin/
- Microsoft Patch Tuesday: https://msrc.microsoft.com/update-guide/
- Cisco SD-WAN Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-authbp-qwCX8D4v
- Iran Cyber Retaliation: https://industrialcyber.co/reports/cyber-retaliation-surges-after-us-israel-strikes-on-iran-as-hacktivists-hit-governments-defense-critical-sectors/
- Stryker Cyberattack (WSJ): https://www.wsj.com/articles/stryker-hit-with-suspected-iran-linked-cyberattack-52f6615c
- AWS Data Centers Struck (BBC): https://www.bbc.com/news/articles/cgk28nj0lrjo
- Weekly Vulnerability Report: https://www.wordfence.com/blog/2026/03/wordfence-intelligence-weekly-wordpress-vulnerability-report-march-2-2026-to-march-8-2026/
Stay informed and secure: get the latest WordPress security news on the Wordfence blog or subscribe to the WordPress Security Newsletter.
