TECHZONE™

Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence https://thehackernews.com/2026/05/four-openclaw-flaws-enable-data-theft.html Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, and persistence. The vulnerabilities, collectively dubbed Claw Chain by Cyera, can permit an attacker to establish a foothold, expose sensitive data, and plant backdoors. A brief description of the flaws is below -

What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface https://thehackernews.com/2026/05/what-45-days-of-watching-your-own-tools.html In Your Biggest Security Risk Isn't Malware — It's What You Already Trust, we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks like administration. PowerShell, WMIC, netsh, Certutil, MSBuild — the same trusted utilities your IT team uses every day are also the preferred toolkit of modern threat actors. Bitdefender's analysis

TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates https://thehackernews.com/2026/05/tanstack-supply-chain-attack-hits-two.html OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but noted that no user data, production systems, or intellectual property were compromised or modified in an unauthorized manner. "Upon identification of the malicious activity, we worked quickly to investigate, contain, and take steps to

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email https://thehackernews.com/2026/05/on-prem-microsoft-exchange-server-cve.html Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a cross-site scripting flaw. An anonymous researcher has been credited with discovering and reporting the issue. "

FrostyNeighbor: Fresh mischief and digital shenanigans https://www.welivesecurity.com/en/eset-research/frostyneighbor-fresh-mischief-digital-shenanigans/ ESET researchers uncovered new activities attributed to FrostyNeighbor, updating its compromise chain to support the group’s continual cyberespionage operations

CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits https://thehackernews.com/2026/05/cisa-adds-cisco-sd-wan-cve-2026-20182.html The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the issue by May 17, 2026. The vulnerability is a critical authentication bypass tracked as CVE-2026-20182. It's

Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access https://thehackernews.com/2026/05/cisco-catalyst-sd-wan-controller-auth.html Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been exploited in limited attacks. The vulnerability, tracked as CVE-2026-20182, carries a CVSS score of 10.0. "A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly

Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets https://thehackernews.com/2026/05/stealer-backdoor-found-in-3-node-ipc.html Cybersecurity researchers are sounding the alarm about what has been described as "malicious activity" in newly published versions of node-ipc. According to Socket and StepSecurity, three different versions of the npm package have been confirmed as malicious - node-ipc@9.1.6 node-ipc@9.2.3 node-ipc@12.0.1 "Early analysis indicates that node-ipc@9.1.6, node-ipc@9.2.3, and node-ipc@12.0.1

ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories https://thehackernews.com/2026/05/threatsday-bulletin-pan-os-rce-mythos.html Everything is still on fire. This week feels dumb in the worst way — bad links, weak checks, fake help desks, shady forum posts, and people turning supply chain attacks into some cursed little game for clout and cash. Half of it feels new. Half of it feels like crap we should have fixed years ago. The mess keeps getting louder: users get tricked, boxes get popped, tools meant for normal work

Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike https://thehackernews.com/2026/05/ghostwriter-targets-ukrainian.html The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine. Active since at least 2016, Ghostwriter has been linked to both cyber espionage and influence operations targeting neighboring countries, particularly Ukraine. It's also tracked under the monikers FrostyNeighbor, PUSHCHA, Storm-0257, TA445, UAC‑0057

PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure https://thehackernews.com/2026/05/praisonai-cve-2026-44338-auth-bypass.html Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an open-source multi-agent orchestration framework, within four hours of public disclosure. The vulnerability in question is CVE-2026-44338 (CVSS score: 7.3), a case of missing authentication that exposes sensitive endpoints to anyone, potentially allowing an attacker to invoke the

How AI Hallucinations Are Creating Real Security Risks https://thehackernews.com/2026/05/how-ai-hallucinations-are-creating-real.html AI hallucinations are introducing serious security risks into critical infrastructure decision-making by exploiting human trust through highly confident yet incorrect outputs. When an AI model lacks certainty, it doesn’t have a mechanism to recognize that. Instead, it generates the most probable response based on patterns in its training data, even if that response is inaccurate. These outputs

Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation https://thehackernews.com/2026/05/windows-zero-days-expose-bitlocker.html An anonymous cybersecurity researcher who disclosed three Microsoft Defender vulnerabilities has returned with two more zero-days involving a BitLocker bypass and a privilege escalation impacting Windows Collaborative Translation Framework (CTFMON). The security defects have been codenamed YellowKey and GreenPlasma, respectively, by the researcher, who goes by the online aliases Chaotic Eclipse

New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption https://thehackernews.com/2026/05/new-fragnesia-linux-kernel-lpe-grants.html Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation (LPE) vulnerability that allows local attackers to gain root access, making it the third such bug to be identified in the kernel within a span of two weeks. Codenamed Fragnesia, the security vulnerability is tracked as CVE-2026-46300 (CVSS score: 7.8) and is rooted in the Linux kernel's XFRM

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE https://thehackernews.com/2026/05/18-year-old-nginx-rewrite-module-flaw.html Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years. The vulnerability, discovered by depthfirst, is a heap buffer overflow issue impacting ngx_http_rewrite_module (CVE-2026-42945, CVSS v4 score: 9.2) that could allow an attacker to achieve remote code execution or cause a

Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday https://thehackernews.com/2026/05/microsofts-mdash-ai-system-finds-16.html Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it's being tested by some customers as part of a limited private preview. MDASH, short for multi-model agentic scanning harness, is designed as a model-agnostic system that uses bespoke AI agents for different vulnerability

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation https://thehackernews.com/2026/05/azerbaijani-energy-firm-hit-by-repeated.html A threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an expansion of its targeting. The activity has been attributed by Bitdefender with moderate-to-high confidence to a hacking group known as FamousSparrow (aka UAT-9244), which shares some level of

[Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud https://thehackernews.com/2026/05/webinar-why-your-appsec-tools-miss.html TL;DR: Stop chasing thousands of "toast" alerts. Join experts from Wiz to learn how hackers connect tiny flaws to build a "Lethal Chain" to your data—and how to break it. Register for the Strategic Briefing Here. Most security tools work like a smoke alarm that goes off every time you burn a piece of toast. You get so many alerts that you eventually start to ignore them. The real danger? While

Most Remediation Programs Never Confirm the Fix Actually Worked https://thehackernews.com/2026/05/most-remediation-programs-never-confirm.html Security teams have never had better visibility into their environments and never been worse at confirming what they fix stays fixed. Mandiant's M-Trends 2026 report puts the mean time to exploit at an estimated negative seven days. The Verizon 2025 DBIR puts median time to remediate edge device vulnerabilities at 32 days. These numbers have understandably driven the industry toward a clear

Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws https://thehackernews.com/2026/05/microsoft-patches-138-vulnerabilities.html Microsoft on Tuesday released patches for 138 security vulnerabilities spanning its product portfolio, although none of them have been listed as publicly known or under active attack. Of the 138 flaws, 30 are rated Critical, 104 are rated Important, three are rated Moderate, and one is rated Low in severity. As many as 61 vulnerabilities are classified as privilege escalation bugs, followed by