CVE-2026-3718

• WordPress/Workerinferred

  Range: <=4.9.31

  Package: https://wordpress.org/plugins/worker

No patches discovered yet.

AI mechanics synthesis has not run for this CVE yet.

• plugins.trac.wordpress.org/changeset/3485733/workernvd
• www.wordfence.com/threat-intel/vulnerabilities/id/db6f08f9-4da3-450d-bf1e-5c9f0aab02a1nvd

• Russian hackers turn Kazuar backdoor into modular P2P botnet
  BleepingComputer · May 16, 2026
• PoC Code Published for Critical NGINX Vulnerability
  SecurityWeek · May 16, 2026
• Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access
  The Hacker News · May 15, 2026
• Inside the REMUS Infostealer: Session Theft, MaaS, and Rapid Evolution
  BleepingComputer · May 15, 2026
• ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories
  The Hacker News · May 14, 2026
• 18-year-old NGINX vulnerability allows DoS, potential RCE
  BleepingComputer · May 14, 2026
• 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
  The Hacker News · May 14, 2026
• Browser Run: now running on Cloudflare Containers, it’s faster and more scalable
  Cloudflare Blog · May 13, 2026
• State-sponsored actors, better known as the friends you don’t want
  Cisco Talos Intelligence · May 12, 2026
• The Good, the Bad and the Ugly in Cybersecurity – Week 19
  SentinelOne Labs · May 8, 2026
• Helping North Korean IT remote workers is becoming a fast track to prison
  Help Net Security · May 8, 2026
• Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking
  SecurityWeek · May 7, 2026
• PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage
  The Hacker News · May 7, 2026
• Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution
  Unit 42 · May 7, 2026
• Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE
  The Hacker News · May 5, 2026
• The npm Threat Landscape: Attack Surface and Mitigations (Updated May 1)
  Unit 42 · May 2, 2026
• Introducing Dynamic Workflows: durable execution that follows the tenant
  Cloudflare Blog · May 1, 2026
• That AI Extension Helping You Write Emails? It’s Reading Them First
  Unit 42 · Apr 30, 2026
• New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs
  The Hacker News · Apr 29, 2026
• VECT: Ransomware by design, Wiper by accident
  Check Point Research · Apr 28, 2026
• Parsing Agentic Offensive Security's Existential Threat
  Dark Reading · Apr 27, 2026
• Crime crew impersonates help desk, abuses Microsoft Teams to steal your data
  The Register Security · Apr 25, 2026
• Tropic Trooper APT Takes Aim at Home Routers, Japanese Targets
  Dark Reading · Apr 24, 2026
• Wordfence Intelligence Weekly WordPress Vulnerability Report (April 13, 2026 to April 19, 2026)
  Wordfence Blog · Apr 23, 2026
• Making Rust Workers reliable: panic and abort recovery in wasm‑bindgen
  Cloudflare Blog · Apr 22, 2026
• Orchestrating AI Code Review at scale
  Cloudflare Blog · Apr 20, 2026
• The AI engineering stack we built internally — on the platform we ship
  Cloudflare Blog · Apr 20, 2026
• Shared Dictionaries: compression that keeps up with the agentic web
  Cloudflare Blog · Apr 17, 2026
• The Good, the Bad and the Ugly in Cybersecurity – Week 16
  SentinelOne Labs · Apr 17, 2026
• Introducing Flagship: feature flags built for the age of AI
  Cloudflare Blog · Apr 17, 2026
• Agents that remember: introducing Agent Memory
  Cloudflare Blog · Apr 17, 2026
• US Nationals Jailed for Operating Fake Remote Worker Laptop Farms for North Korea
  Infosecurity Magazine · Apr 16, 2026
• Artifacts: versioned storage that speaks Git
  Cloudflare Blog · Apr 16, 2026
• How AI Assistants are Moving the Security Goalposts
  Krebs on Security · Mar 8, 2026
• Siemens SIMATIC
  CISA Alerts