InfoBedingungenDatenschutzKontakt
 
Wird aktualisiert
Wordfence Security News

Wordfence Security News

Veröffentlicht: 2026-05-04
© 2012-2026 Defiant Inc. All Rights Reserved
Wordfence Security News - QR Code
6 Folgen
Audio
Anhören auf Apple Podcasts
6 Folgen
Audio
Anhören auf Apple Podcasts
Veröffentlicht: 2026-05-04
© 2012-2026 Defiant Inc. All Rights Reserved
Aktuelle Folge
Breeze Cache Mass Exploitation in 24 Hours | Bitwarden CLI Supply Chain Attack | ADT Confirmed in ShinyHunters Breach | Pack2TheRoot 12-Year-Old PackageKit Privilege Escalation (CVE-2026-41651) | Wordfence Security News | Week of April 27, 2026

Breeze Cache Mass Exploitation in 24 Hours | Bitwarden CLI Supply Chain Attack | ADT Confirmed in ShinyHunters Breach | Pack2TheRoot 12-Year-Old PackageKit Privilege Escalation (CVE-2026-41651) | Wordfence Security News | Week of April 27, 2026

This week in Wordfence Security News (Week of Apr 27, 2026): A critical unauthenticated arbitrary file upload vulnerability in BreezeCache, a caching plugin with over 400,000 active installations, went from disclosure to mass exploitation in under 24 ho
Länge: 10:24
This week in Wordfence Security News (Week of Apr 27, 2026):
A critical unauthenticated arbitrary file upload vulnerability in BreezeCache, a caching plugin with over 400,000 active installations, went from disclosure to mass exploitation in under 24 hours with over 22,000 exploit attempts blocked across nearly 5,000 sitesAttackers published a malicious version of the Bitwarden CLI package on NPM that harvested credentials from six different sources including SSH keys, cloud secret stores, and AI assistant configs during a 93-minute window before removalThe Bitwarden supply chain attack connects to a broader campaign targeting Checkmarx, with Team PCP claiming responsibility and links to the Shai-Hulud self-propagating NPM worm from 2025Home security giant ADT confirmed a data breach after ShinyHunters listed the company on its leak site, with Have I Been Pwned tracking 5.5 million unique email addresses tied to the breachShinyHunters used a voice phishing attack to compromise an ADT employee's Okta SSO account and pivot to Salesforce, highlighting why phishing-resistant MFA like FIDO2 or WebAuthn is critical over SMS or TOTPA 12-year-old privilege escalation vulnerability dubbed Pack2TheRoot in PackageKit lets any local unprivileged user install arbitrary packages as root, affecting Ubuntu, Debian, Fedora, and Rocky Linux since 2014Timestamps:
0:00 Introduction0:34 BreezeCache Critical File Upload Vulnerability and Mass Exploitation3:50 Bitwarden CLI Supply Chain Attack via NPM6:25 ADT Data Breach by ShinyHunters7:49 Why Phishing-Resistant MFA Matters8:54 PackageKit Privilege Escalation Vulnerability
Story Links:
Breeze Cache — Active Exploitation (CVE-2026-3844): https://www.wordfence.com/threat-intel/vulnerabilities/id/e342b1c0-6e7f-4e2c-8a52-018df12c12a0Bitwarden CLI Compromised in Checkmarx Supply Chain Attack: https://thehackernews.com/2026/04/bitwarden-cli-compromised-in-ongoing.htmlSharePoint Patching Laggards — CVE-2026-32201: https://www.bleepingcomputer.com/news/security/over-1-300-microsoft-sharepoint-servers-vulnerable-to-ongoing-attacks/ADT Confirmed in ShinyHunters Breach: https://www.bleepingcomputer.com/news/security/adt-confirms-data-breach-after-shinyhunters-leak-threat/Pack2TheRoot — 12-Year-Old PackageKit Privilege Escalation (CVE-2026-41651): https://github.security.telekom.com/2026/04/pack2theroot-linux-local-privilege-escalation.htmlStay informed and secure: get the latest WordPress security news on the Wordfence blog or subscribe to the WordPress Security Newsletter.
Folgen-ID: 1000766108048
GUID: bfe2b51b-9a74-43df-9c57-44587cffae87
Erscheinungs­datum: 4.5.2026, 22:02:37

Beschreibung

Wordfence Security News is a weekly cybersecurity news podcast covering the top news stories from the world of WordPress security and the broader cybersecurity threat landscape. Hosted by cybersecurity expert and Wordfence researcher Alex Thomas.

Apple Podcasts: Kundenrezensionen

Kein Eintrag