Skip to article
Security Alert
Emergent Story mode

Now reading

Overview

1 / 14 3 min 5 sources Multi-Source
Sources

Story mode

Security AlertMulti-SourceSource gap: Single-outlet source gap8 sections

Cybersecurity Threats Mount as Vulnerabilities Exploited in Popular Software

Recent discoveries highlight weaknesses in WordPress plugins, Microsoft products, and npm packages

Read
3 min
Sources
5 sources
Domains
1
Sections
8

What Happened A spate of recent discoveries has highlighted the vulnerability of popular software to cyber threats. A critical vulnerability in the Funnel Builder plugin for WordPress, used by over 40,000 websites, has...

Story state
Deep multi-angle story
Evidence
What Happened
Coverage
8 reporting sections
Next focus
What Comes Next

Story step 1

Multi-SourceSource gap: Single-outlet source gap

What Happened

A spate of recent discoveries has highlighted the vulnerability of popular software to cyber threats. A critical vulnerability in the Funnel Builder...

Step
1 / 8

A spate of recent discoveries has highlighted the vulnerability of popular software to cyber threats. A critical vulnerability in the Funnel Builder plugin for WordPress, used by over 40,000 websites, has been exploited to inject malicious JavaScript snippets into WooCommerce checkout pages. Meanwhile, Microsoft Exchange and Windows 11 have been hacked on the second day of the Pwn2Own Berlin 2026 competition, with competitors collecting $385,750 in cash awards.

Continue in the field

Focused storyNearby context

Open the live map from this story.

Carry this article into the map as a focused origin point, then widen into nearby reporting.

Leave the article stream and continue in live map mode with this story pinned as your origin point.

  • Open the map already centered on this story.
  • See what nearby reporting is clustering around the same geography.
  • Jump back to the article whenever you want the original thread.
Open live map mode

Story step 2

Multi-SourceSource gap: Single-outlet source gap

Why It Matters

These vulnerabilities pose significant risks to users, particularly in the case of the Funnel Builder plugin, which can be leveraged without...

Step
2 / 8

These vulnerabilities pose significant risks to users, particularly in the case of the Funnel Builder plugin, which can be leveraged without authentication. The exploitation of these weaknesses can lead to the theft of sensitive information, including credit card numbers and login credentials. The fact that these vulnerabilities exist in widely used software underscores the need for constant vigilance and patching to prevent cyber threats.

Story step 3

Multi-SourceSource gap: Single-outlet source gap

What Experts Say

The discovery of these vulnerabilities highlights the importance of robust security measures and regular updates to prevent cyber threats," said a...

Step
3 / 8
"The discovery of these vulnerabilities highlights the importance of robust security measures and regular updates to prevent cyber threats," said a security expert. "Users must remain vigilant and take steps to protect themselves, including keeping their software up to date and using strong passwords."

Story step 4

Multi-SourceSource gap: Single-outlet source gap

Key Numbers

$385,750: The amount collected by competitors in cash awards for hacking Microsoft Exchange and Windows 11

Step
4 / 8
  • $385,750: The amount collected by competitors in cash awards for hacking Microsoft Exchange and Windows 11

Story step 5

Multi-SourceSource gap: Single-outlet source gap

Key Facts

Step
5 / 8

Story step 6

Multi-SourceSource gap: Single-outlet source gap

Key Facts

Who: FunnelKit, Microsoft, npm What: Critical vulnerabilities in Funnel Builder plugin, Microsoft Exchange, Windows 11, and node-ipc npm package...

Step
6 / 8
  • Who: FunnelKit, Microsoft, npm
  • What: Critical vulnerabilities in Funnel Builder plugin, Microsoft Exchange, Windows 11, and node-ipc npm package
  • When: Recent discoveries and exploits

Story step 7

Multi-SourceSource gap: Single-outlet source gap

Background

The Pwn2Own Berlin 2026 competition, which took place from May 14 to May 16, highlighted the vulnerabilities of various software products, including...

Step
7 / 8

The Pwn2Own Berlin 2026 competition, which took place from May 14 to May 16, highlighted the vulnerabilities of various software products, including Microsoft Exchange and Windows 11. The competition, which focuses on enterprise technologies and artificial intelligence, saw competitors collect over $1 million in cash and prizes for hacking fully patched products.

Story step 8

Multi-SourceSource gap: Single-outlet source gap

What Comes Next

As these vulnerabilities are patched, users must remain vigilant and take steps to protect themselves. This includes keeping their software up to...

Step
8 / 8

As these vulnerabilities are patched, users must remain vigilant and take steps to protect themselves. This includes keeping their software up to date, using strong passwords, and being cautious when downloading and installing new software. The discovery of these vulnerabilities serves as a reminder of the importance of robust security measures and regular updates to prevent cyber threats.

Cited sources

Source gap: Single-outlet source gap

Multi-Source

5 cited references across 1 linked domains.

References
5
Domains
1

5 cited references across 1 linked domain. Source gap watch: Single-outlet source gap.

  1. Source 1 · Fulqrum Sources

    Funnel Builder WordPress plugin bug exploited to steal credit cards

  2. Source 2 · Fulqrum Sources

    Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own

  3. Source 3 · Fulqrum Sources

    Popular node-ipc npm package compromised to steal credentials

  4. Source 4 · Fulqrum Sources

    Avada Builder WordPress plugin flaws allow site credential theft

Open source path

For sponsors

Security AlertSource gap watch

Reach readers following this story path.

Reach readers choosing Security Alert coverage with 5 cited references and a clear next-step path.

Evidence
5
Read
3 min

Package the article, desk, and newsletter path around readers already choosing this context.

Sponsor this context

Keep reporting

ContradictionsEvent arcNarrative drift

Open the deeper source boards.

Take the mobile reel into contradictions, event arcs, narrative drift, and the full source workspace.

  • Scan the cited sources and coverage list first.
  • Keep a source-gap watch on Single-outlet source gap.
  • Revisit the core evidence in What Happened.
Open source boards

Stay in the reporting trail

Open the source boards, cited outlets, and related analysis.

Jump from the app-style read into the deeper source path without losing your place in the story.

Open source pathBack to Security Alert
🔒 Security Alert

Cybersecurity Threats Mount as Vulnerabilities Exploited in Popular Software

Recent discoveries highlight weaknesses in WordPress plugins, Microsoft products, and npm packages

Sunday, July 12, 2026 • 3 min read • 5 source references

  • 3 min read
  • 5 source references

What Happened

A spate of recent discoveries has highlighted the vulnerability of popular software to cyber threats. A critical vulnerability in the Funnel Builder plugin for WordPress, used by over 40,000 websites, has been exploited to inject malicious JavaScript snippets into WooCommerce checkout pages. Meanwhile, Microsoft Exchange and Windows 11 have been hacked on the second day of the Pwn2Own Berlin 2026 competition, with competitors collecting $385,750 in cash awards.

Why It Matters

These vulnerabilities pose significant risks to users, particularly in the case of the Funnel Builder plugin, which can be leveraged without authentication. The exploitation of these weaknesses can lead to the theft of sensitive information, including credit card numbers and login credentials. The fact that these vulnerabilities exist in widely used software underscores the need for constant vigilance and patching to prevent cyber threats.

What Experts Say

"The discovery of these vulnerabilities highlights the importance of robust security measures and regular updates to prevent cyber threats," said a security expert. "Users must remain vigilant and take steps to protect themselves, including keeping their software up to date and using strong passwords."

Key Numbers

  • $385,750: The amount collected by competitors in cash awards for hacking Microsoft Exchange and Windows 11

Key Facts

Key Facts

  • Who: FunnelKit, Microsoft, npm
  • What: Critical vulnerabilities in Funnel Builder plugin, Microsoft Exchange, Windows 11, and node-ipc npm package
  • When: Recent discoveries and exploits

Background

The Pwn2Own Berlin 2026 competition, which took place from May 14 to May 16, highlighted the vulnerabilities of various software products, including Microsoft Exchange and Windows 11. The competition, which focuses on enterprise technologies and artificial intelligence, saw competitors collect over $1 million in cash and prizes for hacking fully patched products.

What Comes Next

As these vulnerabilities are patched, users must remain vigilant and take steps to protect themselves. This includes keeping their software up to date, using strong passwords, and being cautious when downloading and installing new software. The discovery of these vulnerabilities serves as a reminder of the importance of robust security measures and regular updates to prevent cyber threats.

Story pulse
Story state
Deep multi-angle story
Evidence
What Happened
Coverage
8 reporting sections
Next focus
What Comes Next

What Happened

A spate of recent discoveries has highlighted the vulnerability of popular software to cyber threats. A critical vulnerability in the Funnel Builder plugin for WordPress, used by over 40,000 websites, has been exploited to inject malicious JavaScript snippets into WooCommerce checkout pages. Meanwhile, Microsoft Exchange and Windows 11 have been hacked on the second day of the Pwn2Own Berlin 2026 competition, with competitors collecting $385,750 in cash awards.

Why It Matters

These vulnerabilities pose significant risks to users, particularly in the case of the Funnel Builder plugin, which can be leveraged without authentication. The exploitation of these weaknesses can lead to the theft of sensitive information, including credit card numbers and login credentials. The fact that these vulnerabilities exist in widely used software underscores the need for constant vigilance and patching to prevent cyber threats.

What Experts Say

"The discovery of these vulnerabilities highlights the importance of robust security measures and regular updates to prevent cyber threats," said a security expert. "Users must remain vigilant and take steps to protect themselves, including keeping their software up to date and using strong passwords."

Key Numbers

  • $385,750: The amount collected by competitors in cash awards for hacking Microsoft Exchange and Windows 11

Key Facts

Key Facts

  • Who: FunnelKit, Microsoft, npm
  • What: Critical vulnerabilities in Funnel Builder plugin, Microsoft Exchange, Windows 11, and node-ipc npm package
  • When: Recent discoveries and exploits

Background

The Pwn2Own Berlin 2026 competition, which took place from May 14 to May 16, highlighted the vulnerabilities of various software products, including Microsoft Exchange and Windows 11. The competition, which focuses on enterprise technologies and artificial intelligence, saw competitors collect over $1 million in cash and prizes for hacking fully patched products.

What Comes Next

As these vulnerabilities are patched, users must remain vigilant and take steps to protect themselves. This includes keeping their software up to date, using strong passwords, and being cautious when downloading and installing new software. The discovery of these vulnerabilities serves as a reminder of the importance of robust security measures and regular updates to prevent cyber threats.

Advertisement

Ad slot: in-article

Coverage tools

Sources, context, and related analysis

Source path

How this briefing, its cited outlets, and the next reporting move fit together

A compact source board that keeps the article legible while showing what supports the current read and what would most improve the coverage next.

Cited sources

0

Reading points

3

Source links

2

Next checks

1

Source map

From briefing to cited outlets to next reporting move

Source path ready

Story geography

Where this reporting sits on the map

Use the map-native view to understand what is happening near this story and what adjacent reporting is clustering around the same geography.

Geo context
0.00° N · 0.00° E Mapped story

This story is geotagged. Nearby related reporting is not ready yet, so the live map is the best next context check.

Continue in live map mode

Coverage at a Glance

5 sources

Compare coverage, inspect perspective spread, and open primary references side by side.

Linked Sources

5

Distinct Outlets

1

Viewpoint Center

Not enough mapped outlets

Outlet Diversity

Very Narrow
0 sources with viewpoint mapping 0 higher-credibility sources
Coverage is still narrow. Treat this as an early map and cross-check additional primary reporting.

Coverage Gaps to Watch

  • Single-outlet dependency

    Coverage currently traces back to one domain. Add independent outlets before drawing firm conclusions.

  • Thin mapped perspectives

    Most sources do not have mapped perspective data yet, so viewpoint spread is still uncertain.

  • No high-credibility anchors

    No source in this set reaches the high-credibility threshold. Cross-check with stronger primary reporting.

Read Across More Angles

Source-by-Source View

Search by outlet or domain, then filter by credibility, viewpoint mapping, or the most-cited lane.

Showing 5 of 5 cited sources with links.

Unmapped Perspective (5)

bleepingcomputer.com

Funnel Builder WordPress plugin bug exploited to steal credit cards

Open

bleepingcomputer.com

Unmapped bias Credibility unknown Dossier
bleepingcomputer.com

Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own

Open

bleepingcomputer.com

Unmapped bias Credibility unknown Dossier
bleepingcomputer.com

Popular node-ipc npm package compromised to steal credentials

Open

bleepingcomputer.com

Unmapped bias Credibility unknown Dossier
bleepingcomputer.com

Avada Builder WordPress plugin flaws allow site credential theft

Open

bleepingcomputer.com

Unmapped bias Credibility unknown Dossier
bleepingcomputer.com

Microsoft Edge to stop loading cleartext passwords in memory on startup

Open

bleepingcomputer.com

Unmapped bias Credibility unknown Dossier
Source-linked Fast briefing Contrast-aware

Emergent News uses automated assistance to gather, compare, and summarize coverage from 5 cited sources. Review the source list below before relying on the story.