Researchers have disclosed four chained vulnerabilities in OpenClaw, collectively dubbed Claw Chain, enabling attackers to steal data, escalate privileges, and establish persistence through the AI agent’s own runtime. All flaws have been patched in OpenClaw version 2026.4.22 and users are urged to update immediately.
SpaceX’s upgraded Starship launches first test flight May 19. New capabilities could reshape space infrastructure—and expand the attack surface cybersecurity pros must defend.
Hackers are weaponizing Microsoft’s OAuth device flow to steal M365 credentials at scale. This little-known attack vector has exploded since late 2024.
Critical CVE-2026-20182 hits Cisco SD-WAN with CVSS 10.0 rating. Unauthenticated attackers can gain full admin access remotely. Active exploitation confirmed.
Critical Exchange Server spoofing flaw under active attack. CVE-2026-42897 affects on-premise versions with CVSS 8.1. Patch immediately if you’re running 2016/2019.
JDownloader’s website was hacked and installer downloads were replaced with malware for days. Millions of users potentially at risk from this supply chain attack.
Ghostwriter APT group strikes again: New campaign targeting Ukrainian government organizations uncovered by ESET researchers. FrostyNeighbor continues its attacks.
Gremlin stealer just leveled up. New variant uses resource file obfuscation, crypto clipping and session hijacking to fly under the radar. Your data’s at risk.
Hackers now hijacking M365 accounts through Outlook calendar invites. The EvilTokens kit lets attackers steal session tokens and bypass MFA entirely.
Microsoft reveals Exchange Server zero-day being actively exploited. Attackers use XSS to execute arbitrary code targeting Outlook on the web. Patch now.