Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, and pers...
Vulnerability Disclosure
20 articles
CISA orders all federal agencies to patch exploited bug in Cisco SD-WAN systems by Sunday
Cisco released a patch for the vulnerability on Thursday, writing in an advisory that it could “allow an unauthenticated, remote attacker to bypass authentic...
Google Project Zero Details Pixel 10 Zero-Click Exploit Chain
A powerful zero-click exploit chain for the Pixel 10 that can take an attacker from a remote Dolby decoding bug to full kernel control through a single vulne...
Hackers Exploit OAuth Device Flow to Steal Microsoft 365 Tokens
Hackers are rapidly weaponizing a little-known Microsoft authentication feature to hijack enterprise accounts, as device code phishing surges across the thre...
Cisco warns of an actively exploited SD-WAN flaw with max severity
Cisco has disclosed a max-severity authentication bypass vulnerability affecting its Catalyst SD-WAN Controller and Catalyst SD-WAN Manager platforms, warnin...
New Linux privilege escalation flaw ‘Fragnesia’ disclosed; PoC available
Fragnesia is at least the fourth privilege escalation flaw affecting Linux systems disclosed in the last three weeks.
Microsoft Warns HPE Operations Agent Abused in Malware-Free Attacks
Microsoft has revealed a stealthy intrusion campaign where attackers bypassed traditional malware and exploits, instead abusing trusted enterprise tools to s...
Rocky Linux launches opt-in security repository for urgent fixes
Rocky Linux has introduced a Security Repository that allows the distribution to ship urgent security fixes ahead of upstream Enterprise Linux when public ex...
TeamPCP Hackers Exploit CI/CD Pipelines to Steal Cloud Credentials
A financially motivated threat group known as TeamPCP is aggressively targeting modern software supply chains, abusing trusted CI/CD pipelines to steal sensi...
Hackers Exploit Scheduled Tasks for Persistence in FrostyNeighbor Attacks
Hackers linked to the long-running FrostyNeighbor cyber‑espionage group have intensified attacks against Ukrainian government organizations, deploying update...
[local] Remote Sunrise Helper for Windows 2026.14 - Remote Code Execution
Remote Sunrise Helper for Windows 2026.
Broadcom patches high-severity VMware Fusion flaw allowing local privilege escalation
The vulnerability is a time-of-check time-of-use (TOCTOU) flaw affecting operations performed by a SETUID binary.
Critical 'NGINX Rift' vulnerability discovered, present for 18 years
The vulnerability, with a CVSS v4 score of 9.2, resides in the ngx_http_rewrite_module and affects a significant portion of internet infrastructure due to NG...
Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin
Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain admin-level access to websites. [.
Meet Fragnesia, the third Linux kernel vulnerability in a month
Linux admins reeling from handling last month’s CopyFail and last week’s Dirty Frag kernel vulnerabilities have a new headache to deal with: Fragnesia. “This...
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 4, 2026 to May 10, 2026)
Last week, there were disclosed in and that have been added to the Wordfence Intelligence Vulnerability Database, and there were that contributed to WordPres...
ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories
Everything is still on fire. This week feels dumb in the worst way — bad links, weak checks, fake help desks, shady forum posts, and people turning supply ch...
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the Cisco Catalyst SD-WAN C...
Cisco Crosswork Network Controller and Cisco Network Services Orchestrator Advisory
Following the initial publication of the Security Advisory about a denial of service (DoS) condition in Cisco Crosswork Network Controller and Cisco Network ...
18-year-old NGINX vulnerability allows DoS, potential RCE
An 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for denial of service and, under ce...