Colorado governor commutes prison sentence for election denier Tina Peters
Colorado Governor Jared Polis has commuted the prison sentence of Tina Peters, the former Mesa County election clerk who was sentenced last year to serve…
Month: May 2026
Expired domain leads to supply chain attack on node-ipc npm package
Node-ipc is a Node.js module that implements support for local and remote Inter-Process Communication over various types of socket across all major platforms. One use…
NCC Group warns ransomware attacks on OT-heavy industrial environments are intensifying amid IT/OT convergence
Operational Technology (OT), which has widespread deployment across sectors, is increasingly coming under attack as the trend of IT/OT convergence continues. IT/OT convergence is the…
April 2026 CVE Landscape
In April 2026, Insikt Group® identified 37 high-impact vulnerabilities that should be prioritized for remediation, 35 of which had a Very Critical Recorded Future Risk…
Threat Actors Weaponize Tiflux RMMs in Malspam Attacks
Acknowledgements: Huntress wishes to recognize the contributions of SOC analysts Tanner Filip, Jose Oregon, and Priscilla Ibarra, and Lindsey O’Donnell-Welch for help hunting telemetry for…
Funnel Builder WordPress plugin bug exploited to steal credit cards
A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into WooCommerce checkout pages. The flaw…
OpenClaw Chain Vulnerabilities Expose 245,000 Public AI Agent Servers to Attack
A chain of four critical vulnerabilities discovered in OpenClaw, one of the fastest-growing open-source platforms for autonomous AI agents, has left an estimated 245,000 publicly…
Shai-Hulud Worm Steals Dev Secrets Across npm, GitHub, AWS & Kubernetes
Shai-Hulud is a major cybersecurity threat targeting the open-source software supply chain. Security researchers are raising alarms over “Shai-Hulud,” a self-propagating npm worm designed to…
The Next Cybersecurity Challenge May Be Verifying AI Agents
For the past two decades, cybersecurity has largely been a story about protecting humans from machines blocking malware, filtering phishing emails, companies mitigating DDoS attacks,…
Thieves unlock stolen iPhones using cheap tools sold on Telegram
Helping a friend recover a stolen phone, Infoblox researchers uncovered a thriving Telegram-based underground marketplace selling unlocking tools and phishing infrastructure used to monetize stolen…
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
Ravie LakshmananMay 15, 2026Vulnerability / AI Security Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve…
Interview: AI optimism and upskilling for a shifting job market
The mention of artificial intelligence (AI) can instil both fear and excitement in the hearts of tech executives and jobseekers alike, as the latest wave…