CNCERT warns OpenClaw AI agent has weak defaults enabling prompt injection and data leaks, prompting China to restrict use on government systems.

Google patches two Chrome zero-days exploited in the wild, urging updates to version 146.0.7680.75/76 to prevent attacks.

Meta will end Instagram E2EE chats May 8, 2026, reversing a 2021 privacy test and reigniting debate over encrypted messaging ...

GlassWorm campaign used 72 malicious Open VSX extensions and infected 151 GitHub repositories, enabling stealth supply-chain attacks on developers.

China-linked CL-STA-1087 targets Southeast Asian militaries since 2020 using AppleChris and MemFun for espionage and ...

New ClickFix variant maps WebDAV drive to run trojanized WorkFlowy app, enabling stealth C2 beacon and payload delivery.

Microsoft patches 84 vulnerabilities, including two public zero-days, strengthening defenses against privilege escalation and ...

Veeam fixes 7 Backup & Replication flaws, including CVSS 9.9 RCE bugs, warning attackers may exploit unpatched systems.

Nine CrackArmor flaws in Linux AppArmor since 2017 enable root escalation and container bypass, putting 12.6M systems at risk.

Your weekly cybersecurity roundup covering the latest threats, exploits, vulnerabilities, and security news you need to know.

KadNap botnet infects 14,000+ routers using DHT-based P2P control while ClipXDaemon hijacks crypto wallets on Linux X11.

Modified AuraInspector scans misconfigured Salesforce Experience Cloud sites, extracting CRM data and enabling targeted ...