Claw Chain Vulnerabilities in OpenClaw Could Lead to Data Theft and Privilege Escalation.

267/69 Monday, May 18, 2026 Researchers from Cyera disclosed four vulnerabilities in OpenClaw, collectively referred to as “Claw Chain.” These vulnerabilities affect all OpenClaw versions prior to the patch released on April 23, 2026. They could be chained together to steal data, plant backdoors, and gain high-level control over affected systems. The report stated that […]

chanapon

May 18, 2026

OpenAI Affected by Supply Chain Attack Involving Malicious TanStack Packages.

266/69 Monday, May 18, 2026 OpenAI disclosed that a supply chain attack involving malicious packages in the TanStack ecosystem resulted in the compromise of two employee devices. The incident also led to the exposure of some credentials from internal source code repositories. The attack has been linked to the threat group TeamPCP, which abused the […]

chanapon

May 18, 2026

Critical Vulnerability in WordPress Funnel Builder Plugin Exploited to Inject Credit Card Skimming Code into Online Stores.

265/69 Monday, May 18, 2026 E-commerce security company Sansec has detected a cyberattack targeting online stores running WooCommerce. Threat actors exploited a high-severity vulnerability in the WordPress Funnel Builder plugin to inject malicious JavaScript code into checkout pages. The vulnerability affects all plugin versions earlier than 3.15.0.3. At present, the plugin is actively used by […]

chanapon

May 18, 2026

F5 Releases Patches for More Than 50 Vulnerabilities Affecting BIG-IP, BIG-IQ, and NGINX

264/69 Friday, May 15, 2026 F5 has released security updates addressing more than 50 vulnerabilities across its BIG-IP, BIG-IQ, and NGINX products. The advisory includes 19 High-severity vulnerabilities and 32 Medium-severity issues. Several of the flaws could potentially be exploited to achieve privilege escalation, remote command execution, or denial-of-service (DoS) conditions if systems remain unpatched. […]

sittisak mintaboon

May 15, 2026

Critical Quest KACE SMA Vulnerability Impacts Multiple Organizations Through Unpatched Systems

263/69 Friday, May 15, 2026 A critical vulnerability identified as CVE-2025-32975 has been discovered in Quest KACE Systems Management Appliance (KACE SMA), an endpoint management platform used for software deployment, patch distribution, and device administration within organizations. The vulnerability carries a maximum CVSS score of 10.0 and is classified as an Authentication Bypass flaw, allowing […]

sittisak mintaboon

May 15, 2026

U.S. Congress Accelerates Review of “Mythos” AI Model to Advance Proactive Cyber Vulnerability Detection and Defense

262/69 Friday, May 15, 2026 The U.S. House Committee on Homeland Security recently held a closed-door briefing with representatives from Anthropic to examine the capabilities of a new artificial intelligence model called Mythos. The discussion focused on the model’s ability to automatically detect and analyze cybersecurity vulnerabilities, reflecting growing efforts by the U.S. government to […]

sittisak mintaboon

May 15, 2026

Google Enhances Android 17 Security With Scam Call Detection and Advanced Malicious App Protections

261/69 Thursday, May 14, 2026 Google has revealed that Android 17 will introduce several new security and privacy features focused on device theft prevention, threat detection, and protection against phone scams involving financial fraud. One of the most notable additions is a new capability allowing Android devices to work directly with banking applications to verify […]

sittisak mintaboon

May 14, 2026

ShinyHunters Claims Official Domain Was Suspended Following Canvas LMS Attacks

260/69 Thursday, May 14, 2026 The cybercriminal group ShinyHunters has announced that its public-facing domain, “shinyhunte.rs,” has been suspended following increased attention surrounding the group’s attacks and website defacements involving Canvas LMS platforms used by universities and educational institutions worldwide. The domain reportedly became inaccessible on May 11, 2026, sparking speculation across underground forums and […]

sittisak mintaboon

May 14, 2026

UK Data Protection Regulator Fines Water Utility Company $1.3 Million Following Major Data Breach

259/69 Thursday, May 14, 2026 The UK’s Information Commissioner’s Office (ICO) has imposed a fine of approximately $1.3 million on South Staffordshire Water Plc and its parent company following a cyberattack that resulted in the exposure and publication of personal data belonging to more than 663,000 customers and employees on the dark web. South Staffordshire […]

sittisak mintaboon

May 14, 2026

Operation “HookedWing” Phishing Campaign Targets 500 Organizations Worldwide Over Four Years

258/69 Tuesday, May 12, 2026 SOCRadar has disclosed details of a long-running phishing campaign known as “Operation HookedWing,” which has reportedly operated continuously for more than four years and impacted over 500 organizations worldwide. The campaign is believed to have stolen more than 2,000 sets of user credentials from victims across critical sectors including aviation, […]

sittisak mintaboon

May 12, 2026
1 9 10 11 100