![Cybersecurity News | Daily Recap [16 May 2026]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [16 May 2026]")
Daily Recap, Active exploitation activity focused on WordPress and e-commerce attacks, including Funnel Builder issues impacting WooCommerce checkout skimming and Avada Builder flaws that can steal site credentials, alongside a critical NGINX vulnerability with publicly available PoC code. On the defensive and risk side, CISA directed U.S. federal agencies to patch an actively exploited Cisco SD-WAN bug, while supply-chain threats continued with OpenAI warning macOS users to update after a TanStack npm incident and node-ipc being compromised to steal credentials, as researchers also advanced findings around Turla’s Kazuar and the OpenClaw vulnerability cluster. #FunnelBuilder #WooCommerce #AvadaBuilder #NGINX #CiscoSD-WAN #CISA #TanStack #node-ipc #Turla #Kazuar #OpenClaw #THORChain #MicrosoftExchange #Windows11 #TakeItDownAct #FTC #TinaPeters #JaredPolis
Active Exploits
- WordPress and e-commerce attacks are being actively exploited, with a Funnel Builder flaw used for WooCommerce checkout skimming and card theft, while Avada Builder bugs enable site credential theft. – Funnel Flaw, Avada Builder
- A critical NGINX vulnerability now has PoC code publicly available, raising the risk of rapid real-world exploitation. – NGINX PoC
- CISA ordered all U.S. federal agencies to patch an exploited Cisco SD-WAN bug by Sunday, underscoring urgent defensive action on an active issue. – Cisco Patch
Supply Chain
- OpenAI warned macOS users to update after a TanStack npm supply-chain attack, which also ties into broader JavaScript package trust concerns. – TanStack Alert
- The popular node-ipc npm package was compromised to steal credentials, adding another major open-source dependency incident to the week’s supply-chain risk. – node-ipc
Threat Actors
- Turla repurposed the Kazuar backdoor into a modular P2P botnet to improve persistence and maintain long-term access. – Turla Kazuar
- OpenClaw flaws can enable data theft, privilege escalation, and persistence, increasing the impact of compromise. – OpenClaw Flaws
Data Theft
- THORChain reported more than $10 million stolen from its crypto platform, highlighting continued pressure on digital asset services. – THORChain Theft
- Microsoft Exchange and Windows 11 were hacked on day two of Pwn2Own, where researchers demonstrated new enterprise-focused zero-days. – Pwn2Own Day 2
Privacy & Policy
- The FTC outlined how it plans to enforce the Take It Down Act against harmful deepfakes, signaling a more aggressive U.S. privacy and content-policy posture. – Take It Down
- Colorado Governor Jared Polis commuted the prison sentence of election denier Tina Peters, a notable U.S. political-security development. – Tina Peters
- SecurityWeek also highlighted debates over Canada‘s encryption bill, Cisco‘s free AI security spec, and Audi app flaws in its roundup. – SecurityWeek Roundup
Security Research
- Research on watching your own tools for 45 days shows how long-term telemetry can reveal a company’s real attack surface and hidden exposure. – Attack Surface
- Microsoft Edge is backpedaling on cleartext password handling and will stop loading passwords into memory on startup to reduce exposure. – Edge Passwords