Category: Cyber Security News

Cyera disclosed four flaws in OpenClaw, collectively named Claw Chain, that can be chained to steal data, escalate privileges, and maintain persistence. The issues affect OpenShell and OpenClaw’s access control model, and were fixed in OpenClaw version 2026.4.22. #ClawChain #OpenClaw #OpenShell #CVE-2026-44112 #CVE-2026-44113 #CVE-2026-44115 #CVE-2026-44118…

Turla has evolved its Kazuar backdoor into a modular P2P botnet designed for stealth, persistence, and long-term access on compromised systems. Microsoft says the new architecture uses Kernel, Bridge, and Worker modules to coordinate tasks, collect data, and exfiltrate information while reducing its visible footprint. #Turla #Kazuar #SecretBlizzard #FSB…

This weekly roundup covers major cybersecurity developments, including a data breach affecting Nvidia’s GeForce NOW users through GFN.am, new AI and encryption policy debates, and fresh attack campaigns targeting developers and organizations worldwide. It also highlights notable vulnerabilities and security updates from Google, Audi, Cisco, and the FBI’s warning after ShinyHunters’…

Microsoft is updating Edge so saved passwords will no longer be loaded into process memory in clear text at startup, reversing a behavior that a researcher had shown could expose credentials. The change follows disclosure by Tom Jøran Sønstebyseter Rønning and will roll out to all supported Edge channels as a defense-in-depth improvement. #Microsoft #Edge #TomJøranSønstebyseterRønning

Two vulnerabilities in the Avada Builder WordPress plugin can let attackers read arbitrary files or extract sensitive database data, including credentials and password hashes. Wordfence says both flaws were fixed in version 3.15.3, and site owners should update immediately to protect installations of the widely used plugin. #AvadaBuilder #CVE-2026-4782 #CVE-2026-4798 #Wordfence #WooCommerce

Attackers exploited a critical authentication bypass in Cisco Catalyst SD-WAN Controller and Manager, tracked as CVE-2026-20182, which Cisco and Rapid7 say can grant the highest level of administrative access. Cisco attributed the activity to UAT-8616 and warned that a single compromised controller could let attackers reroute traffic, intercept communications, and disrupt entire networks. #Cisco #CVE-2026-20182 #UAT-8616

Microsoft is introducing Cloud-Initiated Driver Recovery, a Windows Update feature that lets it remotely roll back problematic drivers without requiring hardware partners or users to intervene. The move is part of Microsoft’s broader Driver Quality Initiative and will begin rolling back drivers rejected during flighting or gradual rollout starting September 2026. #Microsoft #WindowsUpdate #CloudInitiatedDriverRecovery #WinHEC2026 #DriverQualityInitiative

OpenAI disclosed that the TanStack supply chain attack led to credential material being exfiltrated from internal source code repositories after two employee devices were infected. The company said it rotated credentials, revoked sessions, and re-signed applications after compromising code-signing certificates for its products. #OpenAI #TanStack #TeamPCP #ShaiHulud…

American Lending Center disclosed that a ransomware attack detected in July 2025 may have exposed personal data for more than 123,000 people, including names, dates of birth, and SSNs. The company says its investigation found no evidence of misuse, and no ransomware group has publicly claimed responsibility for the breach. #AmericanLendingCenter…

Microsoft has disclosed CVE-2026-42897, a zero-day affecting Exchange Server Subscription Edition, 2016, and 2019, after it was observed in attacks. The flaw impacts Outlook Web Access and may allow spoofing and arbitrary JavaScript execution if a targeted user opens a specially crafted email, while Microsoft has released mitigation guidance pending a…

Microsoft disclosed mitigations for CVE-2026-42897, a high-severity Exchange Server spoofing flaw that can be exploited through specially crafted emails to execute arbitrary JavaScript in Outlook on the web. The company recommends enabling Exchange Emergency Mitigation Service or using the Exchange On-Premises Mitigation Tool until permanent patches arrive for Exchange Server 2016, 2019, and Subscription Edition. #Microsoft #ExchangeServer #CVE-2026-42897 #EEMS #EOMT

SecurityScorecard has acquired Driftnet to strengthen its third-party risk management platform with real-time Internet scanning and deeper threat intelligence. The move is meant to improve proactive breach detection as organizations face growing third-party exposure, AI-driven risk, and increasingly complex supply chains. #SecurityScorecard #Driftnet #TITANAI #HyperComply

TeamPCP has released the source code for its Shai-Hulud worm on GitHub, making it easier for other threat actors to launch copycat supply chain attacks. Researchers say the open-sourcing effort, along with a BreachForums challenge, is likely to trigger more variants and a sustained spike in attacks against developer and cloud…

A highly sophisticated threat actor, tracked as UAT-8616, is exploiting CVE-2026-20182, an authentication bypass flaw in Cisco Catalyst SD-WAN Controllers that can lead to administrative access and root compromise. Rapid7 and Cisco Talos warn that the bug has already been used in the wild, with attackers adding SSH keys, changing NETCONF settings, and targeting high-value organizations and critical infrastructure sectors. #CVE-2026-20182 #CiscoCatalyst #UAT-8616 #CiscoTalos #Rapid7

Researchers found malicious code in node-ipc versions 9.1.6, 9.2.3, and 12.0.1 that steals developer and cloud credentials, fingerprints the host, and exfiltrates data to a command-and-control domain. The campaign uses obfuscated payloads, DNS-based evasion, and background child processes to quietly continue stealing secrets from affected systems. #nodeipc #sazurestaticprovidernet #Socket #StepSecurity…