One in Eight UK Workers Has Sold Their Company Passwords, and Bosses Think it's Fine www.fortra.com/blog/one-eig...

Pro-Ukraine BO Team and Head Mare hackers appear to team up in attacks against  Russia therecord.media/ukraine-bo-t...

Meta U-turns on encryption push for Instagram as DMs go plaintext www.theregister.com/security/202...

Meta U-turns on encryption push for Instagram as DMs go plaintext www.theregister.com/security/202...

Trellix source code breach claimed by RansomHouse hackers www.bleepingcomputer.com/news/securit...

support.cpanel.net/hc/en-us/art... support.cpanel.net/hc/en-us/art... support.cpanel.net/hc/en-us/art...

Exploits and vulnerabilities in Q1 2026 securelist.com/vulnerabilit...

Real estate giant confirms vishing incident as ShinyHunters and Qilin both come knocking www.theregister.com/security/202...

New PCPJack worm steals credentials, cleans TeamPCP infections www.bleepingcomputer.com/news/securit...

Hackers steal students’ data during breach at education tech giant Instructure techcrunch.com/2026/05/05/h...

60% of MD5 password hashes are crackable in under an hour www.theregister.com/security/202...

World Password Day 2026: Why “Strong Passwords” Can’t Save You from AI, Infostealers, and the Telegram Underground blog.checkpoint.com/security/wor...

'TrustFall' Convention Exposes Claude Code Execution Risk www.darkreading.com/application-...

Critical vulnerability in Google Chrome prior to 148.0.7778.96 URL: nvd.nist.gov/vuln/detail/... Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.6

ExifTool stdin argument injection via metadata value newlines (bypass of key sanitization fix in v8.30.1) URL: github.com/gotenberg/go... Classification: Critical, Solution: Official Fix, Exploit Maturity: Proof-of-Concept, CVSSv3.1: 10.0

Apache Wicket: possible session fixation using AuthenticatedWebSession URL: nvd.nist.gov/vuln/detail/... Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.1

Insecure Permissions vulnerability in grokability URL: nvd.nist.gov/vuln/detail/... Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.8

Multiple critical vulnerabilities in OpenClaw URL: nvd.nist.gov/vuln/detail/... Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.8

May 2026 Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (Multiple CVEs) URL: hub.ivanti.com/s/article/Ma... Classification: Critical, Solution: Official Fix, Exploit Maturity: Functional, CVSSv3.1: 8.9

Ivanti has released updates for Ivanti Endpoint Manager Mobile (EPMM) which addresses five high severity vulnerabilities. hub.ivanti.com/s/article/Ma...

New CISA initiative aims for critical infrastructure to operate offline during cyberattacks therecord.media/cisa-initiat...

Kochava Will Stop Selling 'Sensitive Location' Info www.databreachtoday.com/kochava-will...

Google's Android Apps Get Public Verification to Stop Supply Chain Attacks thehackernews.com/2026/05/andr...

Websites with an undefined trust level: avoiding the trap securelist.com/suspicious-w...

Critical vm2 sandbox bug lets attackers execute code on hosts www.bleepingcomputer.com/news/securit...

MuddyWater hackers use Chaos ransomware as a decoy in attacks www.bleepingcomputer.com/news/securit...

New stealthy Quasar Linux malware targets software developers www.bleepingcomputer.com/news/securit...

Middle East Cyber Battle Field Broadens — Especially in UAE www.darkreading.com/cyberattacks...

Multiple vulnerabilities in Apache HTTP Server can lead to Remote Code Execution URL: nvd.nist.gov/vuln/detail/... Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.8

Vulnerability in Sandboxie-Plus privilege escalation via INI CRLF injection bypassing EditAdminOnly URL: nvd.nist.gov/vuln/detail/... Classification: Critical, Solution: Official Fix, Exploit Maturity: Proof-of-Concept, CVSSv3.1: 9.3

PhpSpreadsheet SSRF and RCE via PHP stream wrappers in IOFactory::load URL: nvd.nist.gov/vuln/detail/... Classification: Critical, Solution: Official Fix, Exploit Maturity: Proof-of-Concept, CVSSv3.1: 9.2

Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal URL: security.paloaltonetworks.com/CVE-2026-0300 Classification: Critical, Solution: Workaround, Exploit Maturity: Functional, CVSSv3.1: 9.3

CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs www.bleepingcomputer.com/news/securit...

Romance scammers turn sweet talk into £102M payday www.theregister.com/2026/05/05/r...

Vimeo data breach exposes personal information of 119,000 people www.bleepingcomputer.com/news/securit...

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows thehackernews.com/2026/05/scar...

Malicious OpenClaw Skill Distributes Remcos RAT and GhostLoader www.zscaler.com/blogs/securi...

Hacking Embodied AI www.recordedfuture.com/research/hac...

UAT-8302 and its box full of malware blog.talosintelligence.com/uat-8302/

OpenCTI privilege escalation and unauthenticated access via default admin account URL: nvd.nist.gov/vuln/detail/... Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.8

Critical vulnerabilities in n8n allow contamination of prototypes and RCE URL: nvd.nist.gov/vuln/detail/... Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.4

OpenClaw 2026.4.7 < 2026.4.14 - Privilege Escalation via Untrusted Webhook Wake Events URL: nvd.nist.gov/vuln/detail/... Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.1

OpenClaw < 2026.4.10 - Unsanitized External Input in Agent Hook Events URL: nvd.nist.gov/vuln/detail/... Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 9.1

Multiple Critical Vulnerabilities in Eclipse BaSyx V2 URL: nvd.nist.gov/vuln/detail/... Classification: Critical, Solution: Official Fix, Exploit Maturity: Proof-of-Concept, CVSSv3.1: 10.0

Critical vulnerabilities in VM2 Sandbox URL: nvd.nist.gov/vuln/detail/... Classification: Critical, Solution: Official Fix, Exploit Maturity: Proof-of-Concept, CVSSv3.1: 9.8