Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
Ravie LakshmananMay 15, 2026Vulnerability / AI Security Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that...
have
PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure
Ravie LakshmananMay 14, 2026Vulnerability / API Security Threat actors have been observed attempting to exploit a recently disclosed security vulnerability...
New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption
Ravie LakshmananMay 14, 2026Vulnerability / Linux Details have emerged about a new variant of the recent Dirty Frag Linux local...
18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
Ravie LakshmananMay 14, 2026Vulnerability / Web Server Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open,...
Inside Department 4: Russia’s secret school for hackers
Most universities have a careers fair. At Bauman Moscow State Technical University, however, an elite group of students appear to...
Sri Lanka makes 37 arrests as it raids another scam centre
Sri Lankan police have arrested 37 people suspected of running a scam centre in a suburb of the capital city...
Canvas Breach Hackers Reach Deal After Claiming 275M Records Stolen
Hackers behind the Canvas breach have reached a deal with Instructure after claiming they stole data tied to nearly 9,000...
Most Remediation Programs Never Confirm the Fix Actually Worked
The Hacker NewsMay 13, 2026Cloud Security / Automation Security teams have never had better visibility into their environments and never...
Over 1 Million Baby Monitors, Security Cameras Exposed Through Meari Flaws
More than 1 million internet-connected baby monitors and security cameras may have exposed private household activity, including images from inside...
New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots
Ravie LakshmananMay 12, 2026Malware / Mobile Security Cybersecurity researchers have flagged a new version of the TrickMo Android banking trojan...
Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak
Cybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker...
TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms
Threat hunters have flagged a previously undocumented Brazilian banking trojan dubbed TCLBANKER that's capable of targeting 59 banking, fintech, and...
Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads
Ravie LakshmananMay 08, 2026Android / Mobile Security Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for...
Iran-linked Handala hackers leak US Marines data, send chilling WhatsApp threats
US Marines stationed around the Persian Gulf have been receiving WhatsApp messages from strangers suggesting they call home and make...
One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk
The dark secret of enterprise security operations is that defenders have quietly institutionalized the practice of not looking. This is...
