{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"Wordfence Security News","title":"Wordfence Security News #10 - WPMaps Pro Exploited, Palo Alto VPN Bug, and AI Agent-Driven Intrusion","html":"<iframe width=\"100%\" height=\"180\" frameborder=\"no\" scrolling=\"no\" seamless src=\"https://share.transistor.fm/e/451a2ae5\"></iframe>","width":"100%","height":180,"duration":711,"description":"Wordfence Security News #10 - WPMaps Pro Exploited, Palo Alto VPN Bug, and AI Agent-Driven IntrusionThis week in Wordfence Security News (Week of June 1, 2026):WP Maps Pro flaw lets unauthenticated attackers forge admin accounts; exploitation began May 19th, before public disclosure.Palo Alto PAN-OS GlobalProtect authentication bypass under active attack; CISA added it to KEV with a June 1st federal patch deadline.FortiClient EMS exploited post-patch to push EKZ infostealer disguised as a Fortinet update to managed endpoints.Sysdig documented the first captured intrusion where an LLM agent drove post-compromise activity in real time via unpatched Marimo.Flowise one-click RCE lets a malicious chatflow execute code on import; self-hosted installs at risk via STDIO MCP execution path.Timestamps:0:00 Introduction0:34 WP Maps Pro Unauthenticated Admin Account Creation (CVE-2026-8732)3:00 Palo Alto PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257)5:36 FortiClient EMS Exploited to Deliver EKZ Infostealer (CVE-2026-35616)7:11 First Documented LLM-Agent-Driven Intrusion (Marimo, CVE-2026-39987)9:32 Flowise One-Click RCE and the MCP stdio Execution Problem (CVE-2026-40933)Story Links:WP Maps Pro Unauthenticated Admin Account Creation (CVE-2026-8732)Palo Alto PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257)FortiClient EMS Exploited to Deliver EKZ Infostealer (CVE-2026-35616)First Documented LLM-Agent-Driven Intrusion (Marimo, CVE-2026-39987)Flowise One-Click RCE and the MCP stdio Execution Problem (CVE-2026-40933)Stay informed and secure: get the latest WordPress security news on the Wordfence blog or subscribe to the WordPress Security Newsletter.","thumbnail_url":"https://img.transistorcdn.com/tNZ1BCLBa7hdisGHRggcQKe1fS0BRjNwLU5euMPMXfE/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS8yNjZm/M2NiNzczNWQ4MDdh/OTYyMTg5MDQ5ODk3/ODI5ZC5wbmc.webp","thumbnail_width":300,"thumbnail_height":300}