Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access
Ravie LakshmananMay 15, 2026Botnet / Threat Intelligence The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor...
LakshmananMay
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
Ravie LakshmananMay 15, 2026Vulnerability / AI Security Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that...
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email
Ravie LakshmananMay 15, 2026Microsoft / Vulnerability Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that...
CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
Ravie LakshmananMay 15, 2026Vulnerability / Credential Theft The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed...
Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access
Ravie LakshmananMay 14, 2026Vulnerability / Network Security Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst...
ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories
Ravie LakshmananMay 14, 2026Hacking News / Cybersecurity News Everything is still on fire. This week feels dumb in the worst...
PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure
Ravie LakshmananMay 14, 2026Vulnerability / API Security Threat actors have been observed attempting to exploit a recently disclosed security vulnerability...
New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption
Ravie LakshmananMay 14, 2026Vulnerability / Linux Details have emerged about a new variant of the recent Dirty Frag Linux local...
18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
Ravie LakshmananMay 14, 2026Vulnerability / Web Server Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open,...
Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
Ravie LakshmananMay 13, 2026Vulnerability / Artificial Intelligence Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to...
Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation
Ravie LakshmananMay 13, 2026Cyber Espionage / Malware A threat actor with affiliations to China has been linked to a "multi-wave...
New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution
Ravie LakshmananMay 12, 2026Vulnerability / Email Security Exim has released security updates to address a severe security issue affecting certain...
RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded
Ravie LakshmananMay 12, 2026Supply Chain Attack / Software Security RubyGems, the standard package manager for the Ruby programming language, has...
New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots
Ravie LakshmananMay 12, 2026Malware / Mobile Security Cybersecurity researchers have flagged a new version of the TrickMo Android banking trojan...
Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak
Ravie LakshmananMay 12, 2026Vulnerability / Network Security American educational technology company Instructure, the parent company of Canvas, said it reached...