---
title: Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming
type: raw
source: newsletter
source_url: https://www.thehackernews.com/2026/05/funnel-builder-flaw-under-active.html
tags: [security]
fetcher: jina
review_value: 8
review_confidence: 9
review_recommendation: strong
review_stars: 4
ingested: 2026-05-20
sha256: 2357093c22de3c15
---
# Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming
Published Time: Tue, 19 May 2026 16:38:12 GMT
Markdown Content:
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million[__](https://twitter.com/thehackersnews)[__](https://www.linkedin.com/company/thehackernews/)[__](https://www.facebook.com/thehackernews)
[![Image 4: The Hacker News Logo](blob:http://localhost/5c34172ae87fab3ecb77bf8cfaf83e48)](https://www.thehackernews.com/)
[__](javascript:void(0))
__
[__ Get the Latest News](https://www.thehackernews.com/2026/05/funnel-builder-flaw-under-active.html#email-outer)
*   [Home](https://www.thehackernews.com/)
*   [Newsletter](https://www.thehackernews.com/2026/05/funnel-builder-flaw-under-active.html#email-outer)
*   [Webinars](https://www.thehackernews.com/p/upcoming-hacker-news-webinars.html)
*   [Home](https://www.thehackernews.com/)
*   [Threat Intelligence](https://www.thehackernews.com/search/label/Threat%20Intelligence)
*   [Vulnerabilities](https://www.thehackernews.com/search/label/Vulnerability)
*   [Cyber Attacks](https://www.thehackernews.com/search/label/Cyber%20Attack)
*   [Webinars](https://www.thehackernews.com/p/upcoming-hacker-news-webinars.html)
*   [Expert Insights](https://thehackernews.com/expert-insights/)
*   [Awards](https://awards.thehackernews.com/)
[__](javascript:void(0))
__
[__](javascript:void(0))
Resources
*   [Webinars](https://www.thehackernews.com/p/upcoming-hacker-news-webinars.html)
*   [Awards](https://awards.thehackernews.com/)
*   [Free eBooks](https://thehackernews.tradepub.com/)
About Site
*   [About THN](https://www.thehackernews.com/p/about-us.html)
*   [Jobs](https://www.thehackernews.com/p/careers-technical-writer-designer-and.html)
*   [Advertise with us](https://www.thehackernews.com/p/advertising-with-hacker-news.html)
Contact/Tip Us
[__ Reach out to get featured—contact us to send your exclusive story idea, research, hacks, or ask us a question or leave a comment/feedback!](https://www.thehackernews.com/p/submit-news.html)
Follow Us On Social Media
[__](https://www.facebook.com/thehackernews)[__](https://twitter.com/thehackersnews)[__](https://www.linkedin.com/company/thehackernews/)[__](https://www.youtube.com/c/thehackernews?sub_confirmation=1)[__](https://www.instagram.com/thehackernews/)
[__ RSS Feeds](https://feeds.feedburner.com/TheHackersNews)[__ Email Alerts](https://www.thehackernews.com/2026/05/funnel-builder-flaw-under-active.html#email-outer)
[![Image 5: cybersecurity](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyqUz0-ifa8jE9rCzud3wzxmhcuzTp1VOWFEvGMoZXDYfaB_4459fPyvyQw7wvAnzjzDL09PkyJM83QGheO69fC3esg1WA7WnJ89i_t_q3K8DxYmgV__QujU8RWRnCK4MpbKqu8nwuMFfLaiRVHy_ov7IZ16hoKI3rIu-5BcISmqXPjlQU7N0sa4lWI-n-/s728-e100/wiz-d.png)](https://thehackernews.uk/wiz-ai-state-d)
# [Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming](https://thehackernews.com/2026/05/funnel-builder-flaw-under-active.html)
__ Ravie Lakshmanan __ May 16, 2026 Vulnerability / Website Security
[![Image 6](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYS8AhChFEeH6IwT4x1eB5VAeGfriF4VVcwINAxXVIGyap3g0CKx0R2BdI4s99cE3Q5JHr-KUVHqdhAFNfQIrCTJ6p-vq7u5naMTwb-WFjgis4vBdR29M94wAT-Dqh46zsbo4heSJOVdFRxXzR3SgHt2ZoTPPBEbB3cu4azACiFFl7jcIGNxw1d_U7eVU9/s1700-e365/funnel.png)](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYS8AhChFEeH6IwT4x1eB5VAeGfriF4VVcwINAxXVIGyap3g0CKx0R2BdI4s99cE3Q5JHr-KUVHqdhAFNfQIrCTJ6p-vq7u5naMTwb-WFjgis4vBdR29M94wAT-Dqh46zsbo4heSJOVdFRxXzR3SgHt2ZoTPPBEbB3cu4azACiFFl7jcIGNxw1d_U7eVU9/s1700-e365/funnel.png)
A critical security vulnerability impacting the [Funnel Builder](https://wordpress.org/plugins/funnel-builder/) plugin for WordPress has come under active exploitation in the wild to [inject malicious JavaScript code](https://thehackernews.com/2026/03/webrtc-skimmer-bypasses-csp-to-steal.html) into WooCommerce checkout pages with the goal of stealing payment data.
Details of the activity were [published](https://sansec.io/research/funnelkit-woocommerce-vulnerability-exploited) by Sansec this week. The vulnerability currently does not have an official CVE identifier. It affects all versions of the plugin before 3.15.0.3. It's used in more than 40,000 WooCommerce stores.
The flaw lets unauthenticated attackers inject arbitrary JavaScript into every checkout page on the store, the Dutch e-commerce security company said. FunnelKit, which maintains Funnel Builder, has released a patch for the vulnerability in version 3.15.0.3.
"Attackers are planting fake Google Tag Manager scripts into the plugin's 'External Scripts' setting," it noted. "The injected code looks like ordinary analytics next to the store's real tags, but loads a payment skimmer that steals credit card numbers, CVVs, and billing addresses from checkout."
[![Image 7: Cybersecurity](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnNON5UeWywT7OcPNw7V4L7QNWnCnm7Xl_99Y9ek8dL-gRwx-bWxQM1TKqt8deqqrdpUyKMuuijAWyyPQVB0s0qf8ntQ6ldFAJLru-QUWhddKTopc7SeNbBBnd-TsfFyRPP-AAyDuclLlL6XHK4_LXqDC_7eyaz9pzToYr7U543MhrJ7qcK-89sVWHTQUZ/s728-e100/zz-2-d.jpg)](https://thehackernews.uk/threatlabz-vpn-risk-2026-d)
Per Sansec, Funnel Builder includes a publicly exposed checkout endpoint that allows an incoming request to choose the type of internal method to run. However, older versions were designed such that they never checked the caller's permissions or limited which methods are allowed to be invoked.
[](https://www.thehackernews.com/2026/05/funnel-builder-flaw-under-active.html)
A bad actor could exploit this loophole by issuing an unauthenticated request that can reach an unspecified internal method that writes attacker-controlled data directly into the plugin's global settings. The added code snippet is then injected into every Funnel Builder checkout page.
As a result, an attacker could plant a malicious <script> tag that's triggered on every checkout transaction in a susceptible WordPress site.
In at least one case, Sansec said it observed a payload masquerading as a Google Tag Manager (GTM) loader to launch JavaScript hosted on a remote domain. It subsequently opens a WebSocket connection to the attacker's command-and-control (C2) server ("wss://protect-wss[.]com/ws") to retrieve a skimmer that's tailored to the victim's storefront.
The end goal of the attack is to siphon credit card numbers, CVVs, billing addresses, and other personal information that could be entered by site visitors at checkout. Site owners are advised to update the Funnel Builder plugin to the latest version and review Settings > Checkout > External Scripts for anything that's unfamiliar and remove it.
"Dressing skimmers up as Google Analytics or Tag Manager code is a [recurring Magecart pattern](https://thehackernews.com/2025/02/hackers-exploit-google-tag-manager-to.html) , since reviewers tend to skim straight past anything that looks like a familiar tracking tag," Sansec said.
[![Image 8: Cybersecurity](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPEV6-530TOlxG6PjrmdlY623wpBwduZ7t1HV6flcmO5R4q4AmfixDUzW0CrhlvMVNWbhvOIso-UDNTka4W_W9Chrdj_dglwBZwi7DuePM2IMIl-hfUYVIqBXgfpr_2619K8Gptb4LzwJ6gUbi7lWl2M8AFQJsHEaw63Q7tZ6708YGruiHrr0Y2W9YYxLQ/s728-e100/ThreatLocker-d.png)](https://thehackernews.uk/ai-cant-stop-d)
The disclosure comes weeks after Sucuri detailed a campaign in which Joomla websites are being backdoored with heavily obfuscated PHP code to contact attacker-controlled C2 servers, receive and process instructions sent by the operators, and serve spammy content to visitors and search engines without the site owner's knowledge. The ultimate aim is to leverage the sites' reputation for injecting spam.
"The script acts as a remote loader," security researcher Puja Srivastava [said](https://blog.sucuri.net/2026/04/joomla-seo-spam-injector-obfuscated-php-backdoor-hijacking-site-visitors.html) . "It contacts an external server, sends information about the infected website, and waits for instructions. The response from the remote server determines what content the infected site should serve."
"This approach allows attackers to change the behavior of the compromised website at any time without modifying the local files again. The attacker can inject spam product links, redirect visitors, or display malicious pages dynamically."
Found this article interesting? Follow us on [Google News](https://news.google.com/publications/CAAqLQgKIidDQklTRndnTWFoTUtFWFJvWldoaFkydGxjbTVsZDNNdVkyOXRLQUFQAQ), [Twitter](https://twitter.com/thehackersnews) and [LinkedIn](https://www.linkedin.com/company/thehackernews/) to read more exclusive content we post.
SHARE[__](https://www.facebook.com/sharer.php?u=https%3A%2F%2Fthehackernews.com%2F2026%2F05%2Ffunnel-builder-flaw-under-active.html)[__](https://twitter.com/intent/tweet?url=https%3A%2F%2Fthehackernews.com%2F2026%2F05%2Ffunnel-builder-flaw-under-active.html&text=Funnel%20Builder%20Flaw%20Under%20Active%20Exploitation%20Enables%20WooCommerce%20Checkout%20Skimming&via=TheHackersNews)[__](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fthehackernews.com%2F2026%2F05%2Ffunnel-builder-flaw-under-active.html)[__](javascript:void(0))
[__ Tweet](https://twitter.com/intent/tweet?url=https%3A%2F%2Fthehackernews.com%2F2026%2F05%2Ffunnel-builder-flaw-under-active.html&text=Funnel%20Builder%20Flaw%20Under%20Active%20Exploitation%20Enables%20WooCommerce%20Checkout%20Skimming&via=TheHackersNews)
[__ Share](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fthehackernews.com%2F2026%2F05%2Ffunnel-builder-flaw-under-active.html)
[__ Share](https://www.facebook.com/sharer.php?u=https%3A%2F%2Fthehackernews.com%2F2026%2F05%2Ffunnel-builder-flaw-under-active.html)
__ Share
[__](javascript:void(0))[__ Share on Facebook](https://www.facebook.com/sharer.php?u=https%3A%2F%2Fthehackernews.com%2F2026%2F05%2Ffunnel-builder-flaw-under-active.html)[__ Share on Twitter](https://twitter.com/intent/tweet?url=https%3A%2F%2Fthehackernews.com%2F2026%2F05%2Ffunnel-builder-flaw-under-active.html&text=Funnel%20Builder%20Flaw%20Under%20Active%20Exploitation%20Enables%20WooCommerce%20Checkout%20Skimming&via=TheHackersNews)[__ Share on Linkedin](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fthehackernews.com%2F2026%2F05%2Ffunnel-builder-flaw-under-active.html)[__ Share on Reddit](https://www.reddit.com/submit?url=https%3A%2F%2Fthehackernews.com%2F2026%2F05%2Ffunnel-builder-flaw-under-active.html)[__ Share on Hacker News](https://news.ycombinator.com/submitlink?u=https%3A%2F%2Fthehackernews.com%2F2026%2F05%2Ffunnel-builder-flaw-under-active.html&t=Funnel%20Builder%20Flaw%20Under%20Active%20Exploitation%20Enables%20WooCommerce%20Checkout%20Skimming)[__ Share on Email](mailto:?&subject=News%20Article%E2%80%94Funnel%20Builder%20Flaw%20Under%20Active%20Exploitation%20Enables%20WooCommerce%20Checkout%20Skimming&body=Check%20out%20this%20article%20from%20The%20Hacker%20News.%20%20%20Funnel%20Builder%20Flaw%20Under%20Active%20Exploitation%20Enables%20WooCommerce%20Checkout%20Skimming%20%E2%80%94%20https%3A%2F%2Fthehackernews.com%2F2026%2F05%2Ffunnel-builder-flaw-under-active.html)[__ Share on WhatsApp](https://api.whatsapp.com/send?text=Funnel%20Builder%20Flaw%20Under%20Active%20Exploitation%20Enables%20WooCommerce%20Checkout%20Skimming%20%E2%80%94%20https%3A%2F%2Fthehackernews.com%2F2026%2F05%2Ffunnel-builder-flaw-under-active.html)[![Image 9: Facebook Messenger](blob:http://localhost/4790c518974848fb287f0be1d99a37a0)Share on Facebook Messenger](fb-messenger://share/?link=https%3A%2F%2Fthehackernews.com%2F2026%2F05%2Ffunnel-builder-flaw-under-active.html&app_id=280117418781535)[__ Share on Telegram](https://telegram.me/share/url?url=https%3A%2F%2Fthehackernews.com%2F2026%2F05%2Ffunnel-builder-flaw-under-active.html&text=Funnel%20Builder%20Flaw%20Under%20Active%20Exploitation%20Enables%20WooCommerce%20Checkout%20Skimming)
[SHARE __](javascript:void(0))
[cybersecurity](https://thehackernews.com/search/label/cybersecurity), [data breach](https://thehackernews.com/search/label/data%20breach), [E-commerce Security](https://thehackernews.com/search/label/E-commerce%20Security), [JavaScript](https://thehackernews.com/search/label/JavaScript), [Magecart](https://thehackernews.com/search/label/Magecart), [Skimming](https://thehackernews.com/search/label/Skimming), [Vulnerability](https://thehackernews.com/search/label/Vulnerability), [WooCommerce](https://thehackernews.com/search/label/WooCommerce), [WordPress](https://thehackernews.com/search/label/WordPress)
[![Image 10: c](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJ6Ij4NJB1TTOtrxAFIKWwGA-PUlnS9as5AumGc9FrTHJP_QFdUUYBhn1I-xkcQ-Hig1BTAc9d6jZ_VRYAIZXa_u_vopIxUk5R1E95hjkqf3clEgct5mbNOuNBaUL23VbbLfkWffLdTM3Z47-Qqid0wR2074f9hnPqMhI4REY1oxeoYcsvYM3_X5wvU2P-/s300-e100/ThreatLocker-side.png)](https://thehackernews.uk/ai-vs-ai-short)
[![Image 11: c](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEizsSFBVbuTQTk80czBVTjnHQ7Aw9K06fYFcudsp6N0_VlDTO2FjbslNRAiED9ky46EMOeop0dd8Dx5uYb0HPo9LPG29EsIwdrBb8-sReaDKEfQsT-FWmjcTYQAbjz2Yz-VtTKifqb45HbrSQdHqOZMEwljHxjcFW586M4OwhUOjGYWjHPLTuuA0aFWyuXg/s300-e100/maze-3.png)](https://thehackernews.uk/cyber-ai-defense)
⚡ Top Stories This Week
[![Image 12: Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1Iq16GS3jdGiIU24GHBkwg6unk05ctdgYwXO5df8zRu1qko95_XhszCjq6jlEIRozLsrtZHgi5GqDZnS1Sw_KDzUzsagwP0If3VswmYHsnuYwVseU2lapxQiPpItTdAiv-CCdTFR87ZVOu65buyvmvzmdWuJPKHuPA4DSo58HQIMAV__2ymsmRe2g3UVe/w72-h72-c-rw-e365/windows-ai.jpg) Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday](https://thehackernews.com/2026/05/microsofts-mdash-ai-system-finds-16.html)
[![Image 13: On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirN79ZRjEd5wnVbOTlJJsWjQ54cwSj2bM5NDzBSgAFO8f_9LrlIwQRI0ZogQX42iejmhgc1n2YcA91pFrVqtqNKKyAIXblcQ1Yx9LTs1TeNDbNN6JMUBXCKDK1W0IwnwvYl1dhQmcyTPHwakckKT_Kc9fAUDAJRj94g2pENrjy4UyTCCniOXI2rO-q66PC/w72-h72-c-rw-e365/Microsoft-Exchange.png) On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email](https://thehackernews.com/2026/05/on-prem-microsoft-exchange-server-cve.html)
[![Image 14: Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9rok1ToP_K0gWug0GnICltZkvx6bMRyhHfTJG1AcSfrGpM_fOVc61O3Fpyen_IW-wpb4s6Hl3qZcU5nEs77SMWSpKNDR4rrlY2syVVSNEBrpHx8RkWmYaN9MZORNICc8LNhuNjXqqhxmy7JN-y389oyQnAAFoBMJC1NoQSQFaOZ2MnrpKQRfv_eYXIoWI/w72-h72-c-rw-e365/cisco-exploit.jpg) Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access](https://thehackernews.com/2026/05/cisco-catalyst-sd-wan-controller-auth.html)
[![Image 15: cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgInpdPoL0Kf1i9D6daAAGB1QPCR3E0d_ArELz-ks1Y6cJ_low0jdZYqamKMKMxC12OC-XMwUrDIWdh_xK_d7zLLQfH-rDl0-Vi_VSsFswAuJL0mEtQg-FW66c_1it8d59p2An-T3_oQJ_Q_yHLiX0PHtEq2OdLcGXwxniVKGJGLusWdjJfP7M-H9ADm8cK/w72-h72-c-rw-e365/cpcp.jpg) cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor](https://thehackernews.com/2026/05/cpanel-cve-2026-41940-under-active.html)
[![Image 16: New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrSn3emm_NbwXDi3elR0wo5ErHhg-gPT4-u4zk7MHZg4u0ruMmj2_KGgPF8fz06Riv6Gu5NXMN3eBP8H5bVf6dmvOz-lvb-qrvhLlssLUzl97ZVmIWoIOmMPOGrupv864dt0d4V_dxgaaxYYNuy2z9rbZMWIOcjlwZaiifq4-ktRqlEBCJ6a_m3MFiwq65/w72-h72-c-rw-e365/exim.jpg) New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution](https://thehackernews.com/2026/05/new-exim-bdat-vulnerability-exposes.html)
[![Image 17: Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjk3m3CoTiKH2QVXSFAOVKKnTl-Ybt1FDE4M7BGK_ujskSYNQ8pOlcvZfyNv8CW2EJIVdMQaORcCE0H-_ufTvD6hR-LOOZ64GZPS_9bH7YrE4i0r4LrGCn7vXmG0GjpFk8aNlRR_4_GjrM-jhXBS1NzIbYiRydcmiNSXIV2eUczvgjGmp34_gNz3M5kt-Jf/w72-h72-c-rw-e365/windows-patch-update.jpg) Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws](https://thehackernews.com/2026/05/microsoft-patches-138-vulnerabilities.html)
[![Image 18: ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjImYNT-qC7frGzEXeok3KDX_JNMKote6V1FVXIpkAoSEER2z1YyT8dpFq5RtRhBQ0cweEPbBIuioDWFf5rw_Mf-0V6rXR2ZrMh2ISDa7X7NlV9zIGsoLSAnyd_86eVkrR4wU24yxbuCYaAmyGFwlF77YCjvgU3n43P-yFT-pzjsmQ35Oaut1klg62bs_-i/w72-h72-c-rw-e365/threatsday-2.jpg) ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories](https://thehackernews.com/2026/05/threatsday-bulletin-pan-os-rce-mythos.html)
[![Image 19: ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiD4a3gzeAEAv4Bs5FqWbHG1cRyNqIOjygeSxxpNoChwyyMUWlbZHzkG0n8ysGpoAYuKqklfMtTKRct0OeYktaKLhdXpRH5pKH94tVaMX7iPeNDf7vZjFky3myBkFPJPl1xIdsWDlIYP30IeR7IZGhQZ5p82yHRdRO1OGkpAtTWgZcQSG3zXqh9tLbSSrgP/w72-h72-c-rw-e365/cyber-recap.jpg) ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More](https://thehackernews.com/2026/05/weekly-recap-linux-rootkit-macos-crypto.html)
[![Image 20: New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZEVPJhl5rAx5o22-s1GQ6E1KKHMlOsazAfObgwK72r5EGxr52OkNRHHQXJdHt39DQop0SAhxE_t9nMKgXxHNgYv1zyB-ZR1IqCIKUK2feTpx1swr4dZzKLpZ5uldjrOAX6qH-wYnUfRWieA2xQWPbAUB1JpXhkBGq4AA0Ft07F7MFqZSHCS9SMR6uXjoC/w72-h72-c-rw-e365/linux-2.jpg) New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption](https://thehackernews.com/2026/05/new-fragnesia-linux-kernel-lpe-grants.html)
[![Image 21: Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgz_tK9S8jS_n5CK694-FLGjQP5_Mmpg7z9ZRiBayWsJLsuFRIm-8j1hTlhH90779FvnvhpiFKeGP9CzI5RCPsxQEnOzAIQsPzUsAJhUWtNm9iwf9C1W9DbDmqoQ_jjHhM7huYDV210OB9o1L9NPoJ0IL6R9Xc-V4JQ91Kn-b47_2ravRJ6-qlZOVrqsuAz/w72-h72-c-rw-e365/openclaw.png) Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence](https://thehackernews.com/2026/05/four-openclaw-flaws-enable-data-theft.html)
[![Image 22: 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhCvxtNv7UYYMCITB2HLsBgkN83LdRXcw0wmP9gMAfXeNpmJoOJKNIaQb55b-GLDeQHx-dUBkASGDYgstnvYAE5eFuwyzMSxY804fn56OaTsGlESOab9y-kFHJ-iV5iUlWrc5j27WLduUDhW6nRSjkv5tFMKZjDbbmDdk7_NMZ3y7sipHKy7t4XuMQ9YfG/w72-h72-c-rw-e365/nn.gif) 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE](https://thehackernews.com/2026/05/18-year-old-nginx-rewrite-module-flaw.html)
[![Image 23: [Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhKoTt2TCJhCZC7cgKpISoFL1hoD6YqAXVIIIzKZEyYmvXusJXxb2WQ_cYnjRCYdKeOJj2756fnWj2had24_OCECDq5bDf7y98vuYhsKSbrbRH1WYIqpwCF47lLsvrgFGLPkhomycGiEHqDa50OjwuwIZmH6cAu1vOXoXOiTzU4Si8qq6YPfo2r4OsP4KI/w72-h72-c-rw-e365/wiz.png) [Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud](https://thehackernews.com/2026/05/webinar-why-your-appsec-tools-miss.html)
[![Image 24: Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI and More Packages](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXIhs2kZt0YGdDcd-Io67mq1GIN_iI_71LYhuin4qqmlgUgCuZ3fGUvglg_5nh5DK8kfPP8RHki86yMyqh4rTE27PGgPBh4RQjkh91-QGoB8cav5NUsYAwcV3ZJ7aEf-uEoH3pLGQ2eWuCh8lZSWAlTIa2U5I6eeB3HZmYMn4q-YoV7Ytmkpr1tN0lC2rG/w72-h72-c-rw-e365/mistral.jpg) Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI and More Packages](https://thehackernews.com/2026/05/mini-shai-hulud-worm-compromises.html)
[![Image 25: Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgXt7ooDl2PwJY4nazAKdW9rmILsmosve2FZaO9usxTk_rkksEEvsLgY-uc_MErXvjvusuWjN7PWRM9KaRXB1OkL75gio7tcqpMsPZxaFNE9XDpYmARH3Dw_gGgddwWXHSt5VUJ-lb56F9bCVzTYghEo7qELWVv8K_W8V1BrWgssgqWkzPJxW6I31i_GyYf/w72-h72-c-rw-e365/windowss.jpg) Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation](https://thehackernews.com/2026/05/windows-zero-days-expose-bitlocker.html)
[![Image 26: Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgF329-zAoI4gwIW3h3gRYiDJjcRSyWPM4DLHFQwNNGfLTVaROqIfQZ0QB1FwWGmvMGuyNAF9Q6QBYcwLsqMsCka5Lqu82CzUbrBULnUDQwtY_4z6KiOEKSETes6as77XfUCaJVBUOCovZz8jajp6vBp9AAjHiS7BEviANEH0FxmzZwdrTapD3R-gPQWKJ1/w72-h72-c-rw-e365/ai-hacker.jpg) Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation](https://thehackernews.com/2026/05/hackers-used-ai-to-develop-first-known.html)
[![Image 27: Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj92eUjjTTMJPizvUJGwq7Ych7nrXHwGRNt3hS9yjNGRJk5d3pdIKjeZhQDVuFp0DnKjP4qoieGWFjswm7nHDLBaxWC3DxFIfLfRjMSEXd0Ta04vcTrbCpS9PEXebUUbMBxBt0VOb-PKVk-7Cq0FjuMXl4VtKneb5a3ujCo872goPN22GBFFhReJtWsQJLK/w72-h72-c-rw-e365/oll.jpg) Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak](https://thehackernews.com/2026/05/ollama-out-of-bounds-read-vulnerability.html)
Load More ▼
⭐ Featured Resources
[![Image 28: Articles](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9jsZB0c_iNwfRZXf0vf1qU4cPU4jI7yxEHT6aupC6pecMnNLhg2Z5r2FhdsweHJVXyVx3GH3QQDvSOTqqyHF4pOgAn45j-IGE5cKSUrtz6T855Qav0sINF1sXgJsv14sYxo9E-lhRnhyphenhyphenDeEg4U06-jygX9NPbWQBEhni_09xXm6WZ16sh9iC1vdW0kHi7/s72-e365/webi.jpg) [Webinar] Learn How to Handle Critical SOC Alerts With AI Support](https://thehackernews.uk/cirosec-radiant-soc)
[![Image 29: Articles](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmw8x4SO834-BAPFGufRNc9LFa8q3LnvbbD0-PRi1nIfEHBZLxfznw73UFbHE5uvrFGp5FZ4NPOtZng10v0iOTb0VIiEG0mVIhypDTgJRhALVJ7GgoZ11fj-JxXPDYyB6plXTbWpikWqVkj5RF8twJRfpBJFSD_izzQ7EAqUEmEJ6vQNvZE8DKshlxm34Z/s72-e365/pbook.jpg) [eBook] Get the 3-Number SOC Diagnostic to Reduce Queue Risk](https://thehackernews.uk/prophet-queue-breach)
[![Image 30: Articles](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixhFqL7l7pMerWjpstFQ_PnSDkP6VSQL0OaOqUa_XOXPa7l9wWV2LF4i49RZhks5QP-5bcRSjxB0oX3LJSrIFQLDOVOmPzH6DZXes2rvEwFzk75u_sqR-hK5RwGH7dm6h0WnvAaCnUeCDQskkSakOvmsgceOguijcigeeOFML29877NFarp3MyRdYUFKQE/s72-e365/phishings.jpg) [Guide] Stop Email Fraud Before It Turns Into Ransomware Damage](https://thehackernews.uk/kaseya-phishing-ransomware)
[![Image 31: Articles](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhAKJ9s4P_DZr0GBTgogU4yFfinEDC3M2SaWc4DCXdhNiMZJgH9XdazL4vJrtCapE4hgmMWvMOs2EVFXPKPLHjMv0LQQujjskX05igHJwf8ItlhXv201XD3Nxg7Tz2rPsB2ZVH3eWu6P7sRTpBIixRia3NVddfLIkEm2cL09T-utNRfpl9tZOv8PinpVGOo/s72-e365/bitd.jpg) Identify Internal Attack Surfaces More Efficiently With a Free Assessment](https://thehackernews.uk/bitdefender-phasr-assessment)
## Cybersecurity Webinars
[With HD Moore (Creator of Metasploit) ### Learn How to Detect Threats Beyond Zero Day Attacks Learn practical strategies to detect and defend against cyber threats beyond zero-day vulnerabilities. Join the Session](https://thehacker.news/beyond-zero-day?source=below)[Tired of False Positives? ### Validate Automated Pentesting Results Before Acting Learn how to validate automated pentesting results for accurate security decisions. Join the Webinar](https://thehacker.news/validate-automated-pentesting?source=below)
⚡ Latest News
Cybersecurity Resources
[![Image 32: Cybersecurity](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0jdJCLIFDU5AH9vCemCw2tRpqRVpb5dAm9_fldXGGjoQRoQLuomTWJyozj5IyDuSpq-7hKsa0ev3G6N8ggoBb0y2hJPG2h9MSLVrmyB8UTyagQx9l6RbUmPtaCieLY52dNe1fguxpwO2v8zt5sl3Tdgoo-UBDJGfKe_VdUss3A_ZSY2XZXeia1C_sAsRP/s500-e100/orc-4.gif) Uncover Identity Dark Matter: SACR Research Brief Eliminate the blind spots undermining your security. Download the SACR brief.](https://thehackernews.uk/disrupt-tech-brief)[![Image 33: Cybersecurity](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUas4KOce8ComJG5TW2uigorerrcCPf4cjsao7P2In6sgYdLwVMmRFB7bqZ6v0LJXrWDN6LIdgvwvK-kpnISCL7wzLDsSYAVs-XXs-qgcP41i1lj-H3ZYgpXz9Utd_6aCQBoyLo9feismppmickqgr_jwBGQuBazVrSqYDc8pWyFU2x6hkbi7GD1m9NXYc/s728-e300/gg.png) Earn a Master's in Cybersecurity Risk Management Lead the future of cybersecurity risk management with an online Master’s from Georgetown.](https://thehackernews.uk/cyber-risk-program)[![Image 34: Cybersecurity](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5xgqKks0CPzyD6bHqgTYhh_d5HJlneRWMXCcczjkKRpGlWsno5rgAPkYtT8Essum3hhW57wq9Ww2wrW9ZwApaL1LMFd0JYKIj0ap5t5zlqUvVkdMPF1VQAPlsB4rULnH6o43hGVQ2FC6YgsOvCETUw6byw5ISxCIEFgVQlx5LateUUf66qQsSyJdi1-JZ/s728-e100/sans.jpg) AI Is Reshaping Every Attack Surface. Train for What's Next SANSFIRE 2026 in D.C. brings 50+ courses, AI-focused sessions, and NetWars. July 13–18. Save $500.](https://thehackernews.uk/sans-training-fire)[![Image 35: Cybersecurity](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCyK3mSumMJPUnI4kYAEcB0kS-ZSB7ZtBTA0xs3tlLhDSQ54FWotA2Ub_e7XLbtTCOqM9k1cAnk6t0Wu7-01W0seVE56jCVFacwmWMu2S5K8EN3MLqE4un8a8_0mWm7fXyXDQO3fSq28M40u2dSATlucFhuKxWUF56thZHx6hRXXVX7d73RzdD6Wc1kQlp/s728-e100/zz-2.jpg) Your VPN is Helping Attackers Move as Fast as AI AI collapsed human response window and turned remote access into fastest path to breach.](https://thehackernews.uk/zscaler-risk-vpn-2026)
Expert Insights [Articles](https://thehackernews.com/expert-insights/)[Videos](https://thehackernews.com/videos/)
[![Image 36: Expert Insights](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgx5aXA_dqrL_o6tE5Tyax4NyGOE4-U3wOmwdDIAbM52rMy20vPRAFMkb3A4clw95D8lUt6b-oATU2tzjxORLueW1eeK-tSVGxd39ocGk3GvhR295T2W2xLjharvIZgecXgJ3fSHvzYS7hycx5BfH5SYXrJLSU2IfSX6GVJR6Yg2ntL04HILj1jiGatQCcV/s728-e300/git-unit.jpg) ## Time-to-Revoke: The Metric CISOs Need in the AI Exploit Era __ May 18, 2026 Read ➝](https://thehackernews.com/expert-insights/2026/05/time-to-revoke-metric-cisos-need-in-ai.html)[![Image 37: Expert Insights](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7bzViRBZPcdhDfFEcbssWgmEICEFNQElLMsACP7RiG6pXiCKNElMNiZJPgqr8vGgN6uzWWfL1TKQiRB44MvCRGhTMlfYp4W3DXYdWDC9VuCbyI4N7yDluCjGS_8ouNGfaIVrr0CoUVHbt_VLURGpizFT1BZk1B3FwGuNC4-BPYLy1Eq6DM6Dtim6v9WoJ/s728-e300/checkpoint-unit.jpg) ## Agentic Attacks Arrived Over a Year Ago. Your Remediation Hasn't Caught Up. __ May 18, 2026 Read ➝](https://thehackernews.com/expert-insights/2026/05/agentic-attacks-arrived-over-year-ago.html)[![Image 38: Expert Insights](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTSEWgoYbM_x8ISJ4teHW00qEEPHYCfm-ZYm0ZhIROBvcK8ldF7uQwhGs5quuDtGd4NHhyQmEr4nbLZiyOloMf2XNYN77QEvQcYnJhacb-z7vtyULe-Xj0SQvLXBI2jMwgTBVdP68qMb9Y08obh78Tq1-DeYVn2QkXC6FHeycPK490sUyxwBGseAyOKU31/s728-e300/oneidentity-unit.jpg) ## The Non-Human Identity Crisis: Why Your Machine Identities Are Your Biggest Governance Gap __ May 18, 2026 Read ➝](https://thehackernews.com/expert-insights/2026/05/the-non-human-identity-crisis-why-your.html)[![Image 39: Expert Insights](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1AhWsjHriIk06MMcIvTv4WPtNL2sICBs9YQxb-D0fdjZ1EQ9fWW2BteIiyXHW-2W50Xx9wZSZJVaZ8gZDEtuux0SP4tKxN8mM3LIW9DWtz8K0w0F08cPNOShWNxfcTVAuuJAqfHM_unzRxtwqQ0ntJslXT7UXMQR7ydImKVIxIe1PL9iSMOte6DUgsMNM/s728-e300/ironscales-unit.jpg) ## 7 Signs Your Organization Is Vulnerable to Business Email Compromise __ May 18, 2026 Read ➝](https://thehackernews.com/expert-insights/2026/05/7-signs-your-organization-is-vulnerable.html)
Get the Latest News in Your Inbox
Get the latest news, expert insights, exclusive resources, and strategies from industry leaders, all for free.
- [x] - [x] 
Email 
Connect with us!
[__ 1,300,000 Followers](https://twitter.com/thehackersnews)
[__ 710,100 Followers](https://www.linkedin.com/company/thehackernews/)
[__ 25,500 Subscribers](https://www.youtube.com/c/thehackernews?sub_confirmation=1)
[__ 157,500 Followers](https://www.instagram.com/thehackernews/)
[__ 1,990,000 Followers](https://www.facebook.com/thehackernews)
[![Image 40: Google News Icon](blob:http://localhost/d9c712dcc9cf552b3323fda6e1fe7145) 55,500 Followers](https://news.google.com/publications/CAAqLQgKIidDQklTRndnTWFoTUtFWFJvWldoaFkydGxjbTVsZDNNdVkyOXRLQUFQAQ)
Company
*   [About THN](https://www.thehackernews.com/p/about-us.html)
*   [Advertise with us](https://www.thehackernews.com/p/advertising-with-hacker-news.html)
*   [Contact](https://www.thehackernews.com/p/submit-news.html)
Pages
*   [Webinars](https://www.thehackernews.com/p/upcoming-hacker-news-webinars.html)
*   [Awards](https://awards.thehackernews.com/)
*   [Privacy Policy](https://www.thehackernews.com/p/privacy-policy.html)
[__ RSS Feeds](https://feeds.feedburner.com/TheHackersNews)[__ Contact Us](https://www.thehackernews.com/p/submit-news.html)
© 2026 The Hacker News. All Rights Reserved.