What Happened
A spate of recent discoveries has highlighted the vulnerability of popular software to cyber threats. A critical vulnerability in the Funnel Builder plugin for WordPress, used by over 40,000 websites, has been exploited to inject malicious JavaScript snippets into WooCommerce checkout pages. Meanwhile, Microsoft Exchange and Windows 11 have been hacked on the second day of the Pwn2Own Berlin 2026 competition, with competitors collecting $385,750 in cash awards.
Why It Matters
These vulnerabilities pose significant risks to users, particularly in the case of the Funnel Builder plugin, which can be leveraged without authentication. The exploitation of these weaknesses can lead to the theft of sensitive information, including credit card numbers and login credentials. The fact that these vulnerabilities exist in widely used software underscores the need for constant vigilance and patching to prevent cyber threats.
What Experts Say
"The discovery of these vulnerabilities highlights the importance of robust security measures and regular updates to prevent cyber threats," said a security expert. "Users must remain vigilant and take steps to protect themselves, including keeping their software up to date and using strong passwords."
Key Numbers
- $385,750: The amount collected by competitors in cash awards for hacking Microsoft Exchange and Windows 11
Key Facts
Key Facts
- Who: FunnelKit, Microsoft, npm
- What: Critical vulnerabilities in Funnel Builder plugin, Microsoft Exchange, Windows 11, and node-ipc npm package
- When: Recent discoveries and exploits
Background
The Pwn2Own Berlin 2026 competition, which took place from May 14 to May 16, highlighted the vulnerabilities of various software products, including Microsoft Exchange and Windows 11. The competition, which focuses on enterprise technologies and artificial intelligence, saw competitors collect over $1 million in cash and prizes for hacking fully patched products.
What Comes Next
As these vulnerabilities are patched, users must remain vigilant and take steps to protect themselves. This includes keeping their software up to date, using strong passwords, and being cautious when downloading and installing new software. The discovery of these vulnerabilities serves as a reminder of the importance of robust security measures and regular updates to prevent cyber threats.
What Happened
A spate of recent discoveries has highlighted the vulnerability of popular software to cyber threats. A critical vulnerability in the Funnel Builder plugin for WordPress, used by over 40,000 websites, has been exploited to inject malicious JavaScript snippets into WooCommerce checkout pages. Meanwhile, Microsoft Exchange and Windows 11 have been hacked on the second day of the Pwn2Own Berlin 2026 competition, with competitors collecting $385,750 in cash awards.
Why It Matters
These vulnerabilities pose significant risks to users, particularly in the case of the Funnel Builder plugin, which can be leveraged without authentication. The exploitation of these weaknesses can lead to the theft of sensitive information, including credit card numbers and login credentials. The fact that these vulnerabilities exist in widely used software underscores the need for constant vigilance and patching to prevent cyber threats.
What Experts Say
"The discovery of these vulnerabilities highlights the importance of robust security measures and regular updates to prevent cyber threats," said a security expert. "Users must remain vigilant and take steps to protect themselves, including keeping their software up to date and using strong passwords."
Key Numbers
- $385,750: The amount collected by competitors in cash awards for hacking Microsoft Exchange and Windows 11
Key Facts
Key Facts
- Who: FunnelKit, Microsoft, npm
- What: Critical vulnerabilities in Funnel Builder plugin, Microsoft Exchange, Windows 11, and node-ipc npm package
- When: Recent discoveries and exploits
Background
The Pwn2Own Berlin 2026 competition, which took place from May 14 to May 16, highlighted the vulnerabilities of various software products, including Microsoft Exchange and Windows 11. The competition, which focuses on enterprise technologies and artificial intelligence, saw competitors collect over $1 million in cash and prizes for hacking fully patched products.
What Comes Next
As these vulnerabilities are patched, users must remain vigilant and take steps to protect themselves. This includes keeping their software up to date, using strong passwords, and being cautious when downloading and installing new software. The discovery of these vulnerabilities serves as a reminder of the importance of robust security measures and regular updates to prevent cyber threats.