Vulnerabilities

A series of four security flaws found in OpenClaw, a rapidly growing open-source platform for self-operating AI agents, has put about 245,000 public server instances at risk of being hacked, having credentials stolen, and being installed with secret backdoors. Originally started as “Clawdbot” in late 2025, OpenClaw links big language …

A critical flaw in Palo Alto Networks PAN-OS is putting business firewalls at risk. It lets unverified attackers run any code they want with full control. Tracked as CVE-2026-0300 is a buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software which …

Ivanti has put out its May 2026 Patch Tuesday security updates. They found flaws in four products. They also said that AI tools are helping their engineers find mistakes that regular scanners miss. They warned that AI finding issues will probably lead to more flaws being reported in the future. …

Microsoft’s May 2026 Patch Tuesday brings many updates for businesses. It fixes 120 security flaws in Windows, Office, Azure, developer tools, and Microsoft 365 apps. Among these, 29 critical flaws let attackers run code from far away. Microsoft says there are no zero-days used in attacks or announced before this …

A new set of flaws in Zoom’s software can let hackers take control of systems. Zoom has launched security updates to fix three different flaws in its Windows and iOS apps. The most serious of these flaws lets authorized attackers gain higher system powers, changing a regular user account into …

cPanel has put out updates to fix three security issues in cPanel and Web Host Manager (WHM). These issues could allow someone to gain higher access, run code, or cause a service outage. The list of vulnerabilities is as follows: CVE-2026-29201 (CVSS score: 4.3): An insufficient input validation of the …

Palo Alto Networks is fixing a serious PAN-OS zero-day flaw that was used to hack some of its firewall. Tracked as CVE-2026-0300, this issue is a buffer overflow that affects the User-ID Authentication Portal (Captive Portal) service of PAN-OS software. “Limited exploitation has been observed targeting Palo Alto Networks User-ID …

Meta-owned WhatsApp has released two new security warnings about flaws fixed earlier this year in the well-known messaging app. One issue is CVE-2026-23863, a medium-risk attachment spoofing problem that affects WhatsApp for Windows before version 2.3000.1032164386.258709. An attacker could use the flaw to make a harmful document with NUL bytes …

Google has released the May 2026 Android Security Bulletin, warning everyone about a critical remote code execution (RCE) flaw. Tracked as CVE-2026-0073, this serious flaw is found in the core part of the Android System. It lets a bad actor to get remote shell access without needing the device owner …

The Apache Software Foundation launched an important security update for Apache HTTP Server. This update fixes five security issues, including a serious double-free problem that could allow Remote Code Execution (RCE) in version 2.4.67, which came out on May 4, 2026. All users with version 2.4.66 or older should upgrade …