⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
Ravie LakshmananMay 18, 2026Cybersecurity / Hacking Monday opens with a trust problem. A mail server flaw is under active use....
Ravie
Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
Ravie LakshmananMay 18, 2026Vulnerability / Software Security Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities...
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems
Ravie LakshmananMay 18, 2026Zero Day / Vulnerability Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and...
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
Ravie LakshmananMay 18, 2026Supply Chain Attack / Botnet Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one...
NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
Ravie LakshmananMay 17, 2026Server Security / Vulnerability A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come...
Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
Ravie LakshmananMay 17, 2026Data Breach / Cybercrime Grafana has disclosed that an "unauthorized party" obtained a token that granted them...
Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming
Ravie LakshmananMay 16, 2026Vulnerability / Website Security A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come...
Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access
Ravie LakshmananMay 15, 2026Botnet / Threat Intelligence The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor...
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
Ravie LakshmananMay 15, 2026Vulnerability / AI Security Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that...
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email
Ravie LakshmananMay 15, 2026Microsoft / Vulnerability Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that...
CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
Ravie LakshmananMay 15, 2026Vulnerability / Credential Theft The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed...
Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access
Ravie LakshmananMay 14, 2026Vulnerability / Network Security Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst...
ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories
Ravie LakshmananMay 14, 2026Hacking News / Cybersecurity News Everything is still on fire. This week feels dumb in the worst...
PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure
Ravie LakshmananMay 14, 2026Vulnerability / API Security Threat actors have been observed attempting to exploit a recently disclosed security vulnerability...
New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption
Ravie LakshmananMay 14, 2026Vulnerability / Linux Details have emerged about a new variant of the recent Dirty Frag Linux local...
