The Hacker News

Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence

Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence

The Hacker News May 15, 2026

Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to...

Read More Read more about Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence

What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface

What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface

The Hacker News May 15, 2026

In Your Biggest Security Risk Isn't Malware — It's What You Already Trust, we made a simple...

Read More Read more about What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface

TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates

TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates

The Hacker News May 15, 2026

OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the...

Read More Read more about TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

The Hacker News May 15, 2026

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has...

Read More Read more about On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits

CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits

The Hacker News May 14, 2026

The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst...

Read More Read more about CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits

Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access

Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access

The Hacker News May 14, 2026

Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it...

Read More Read more about Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access

Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets

Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets

The Hacker News May 14, 2026

Cybersecurity researchers are sounding the alarm about what has been described as "malicious activity" in newly published...

Read More Read more about Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets

ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories

ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories

The Hacker News May 14, 2026

Everything is still on fire. This week feels dumb in the worst way — bad links, weak checks,...

Read More Read more about ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories

Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike

Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike

The Hacker News May 14, 2026

The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting...

Read More Read more about Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike

PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

The Hacker News May 14, 2026

Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an open-source...

Read More Read more about PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure