infosecintel – Curated Information Security Articles and Threat Intelligence News

Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming

May 16, 2026

A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout pages with the goal of stealing payment data. Details of the activity were published by Sansec this week. The vulnerability currently does notRead More »Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming

PoC Code Published for Critical NGINX Vulnerability

May 16, 2026

Introduced in 2008, the critical-severity security defect was patched this week in NGINX Plus and NGINX open source. The post PoC Code Published for Critical NGINX Vulnerability appeared first on SecurityWeek.

Friday Squid Blogging: Bigfin Squid

May 16, 2026

Article about the bigfin squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.

Did Iran Hack Tank Readers at US Gas Stations? Security Leaders Discuss

May 15, 2026

Security leaders share their thoughts on the attack, Iran’s potential involvement and the broader implications.

Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

May 15, 2026

The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that’s engineered for stealth and persistent access to compromised hosts. Turla, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA), is assessed to be affiliated with Center 16 of Russia’sRead More »Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws

May 15, 2026

Other noteworthy stories that might have slipped under the radar: Nvidia cloud gaming data breach, Android 17 security upgrades, FBI warning after ShinyHunters hacks Canvas. The post In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws appeared first on SecurityWeek.

Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence

May 15, 2026

Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, and persistence. The vulnerabilities, collectively dubbed Claw Chain by Cyera, can permit an attacker to establish a foothold, expose sensitive data, and plant backdoors. A brief description ofRead More »Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence

Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild

May 15, 2026

Microsoft has shared mitigations for CVE-2026-42897 until a permanent patch can be released for affected Exchange Server versions. The post Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild appeared first on SecurityWeek.

AI Makes Phishing Scams Harder to Identify in the Workplace

May 15, 2026

Phishing grows harder to identify in the age of AI.

Funding Has Limited Security Readiness

May 15, 2026

Limited security funding opens organizations to threat actors.