Security & IT News

Stolen browser sessions and authentication tokens are becoming more valuable than stolen passwords. Flare explains how the REMUS infostealer evolved around session theft and operational scalability. [...]

Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, and persistence. The vulnerabilities, collectively dubbed Claw Chain by Cyera, can permit an attacker to establish a foothold, expose sensitive data, and plant backdoors. A brief description of the flaws is below -

The zero-day vulnerability affects on-premises installations for all versions of Exchange Server 2016, 2019 and Subscription Edition

Microsoft is introducing a new capability that will allow it to remotely roll back problematic Windows drivers delivered through Windows Update. [...]

p CISA has added one new vulnerability to its a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog" Known Exploited Vulnerabilities (KEV) Catalog /a , based on evidence of active exploitation. /p ul li a href="https://www.cve.org/CVERecord?id=CVE-2026-42897" target="_blank" CVE-2026-42897 /a Microsoft Exchange Server Cross-Site Scripting Vulnerability /li /ul p This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. /p p a href="https://www.cisa.gov/binding-operational-directive-22-01" Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities /a established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the a href="https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf" BOD 22-01 Fact Sheet /a for more information. /p p Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog" KEV Catalog vulnerabilities /a as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the a href="https://www.cisa.gov/known-exploited-vulnerabilities" data-entity-type="node" data-entity-uuid="f2adba9a-0404-494c-a90c-4363a4a5c934" data-entity-substitution="canonical" title="Reducing the Significant Risk of Known Exploited Vulnerabilities" specified criteria /a . nbsp; /p

Some AI-based video age-verification checks can be fooled with a fake mustache .

In Your Biggest Security Risk Isn't Malware — It's What You Already Trust, we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks like administration. PowerShell, WMIC, netsh, Certutil, MSBuild — the same trusted utilities your IT team uses every day are also the preferred toolkit of modern threat actors. Bitdefender's analysis

OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but noted that no user data, production systems, or intellectual property were compromised or modified in an unauthorized manner. "Upon identification of the malicious activity, we worked quickly to investigate, contain, and take steps to

Hackers are exploiting Outlook calendar invites and device code phishing to steal M365 session tokens, bypass MFA and breach enterprise accounts.

On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow threat actors to execute arbitrary code via cross-site scripting (XSS) while targeting Outlook on the web users. [...]

A suspected China-linked threat actor targeted the Indian branch of a global manufacturer leveraging an open source offensive toolkit

:root { --isc-maroon: #7a1f1f; --isc-maroon-dark: #5e1717; --isc-link: #0066cc; --isc-text: #1a1a1a; --isc-muted: #555; --isc-rule: #d0d0d0; --isc-code-bg: #f4f4f4; --isc-code-text: #c0392b; --isc-block-bg: #1e1e1e; --isc-block-text: #e6e6e6; --isc-callout-bg: #fafafa; --isc-table-header: #ececec; } * { box-sizing: border-box; } html, body { margin: 0; padding: 0; background: #ffffff; color: var(--isc-text); font-family: "Open Sans", "Source Sans Pro", -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif; font-size: 15px; line-height: 1.6; } .isc-header { background: var(--isc-maroon); color: #ffffff; padding: 14px 24px; border-bottom: 4px solid var(--isc-maroon-dark); } .isc-header .brand { font-family: Arial, Helvetica, sans-serif; font-size: 22px; font-weight: bold; letter-spacing: 0.3px; } .isc-header .brand a { color: #ffffff; text-decoration: none; } .isc-header .tagline { font-family: Arial, Helvetica, sans-serif; font-size: 12px; color: #f3d6d6; margin-top: 2px; } main { max-width: 920px; margin: 0 auto; padding: 28px 32px 48px; } h1.diary-title { font-family: Arial, Helvetica, sans-serif; font-size: 26px; line-height: 1.25; color: var(--isc-maroon); margin: 8px 0 10px 0; border-bottom: 1px solid var(--isc-rule); padding-bottom: 12px; } .meta { font-family: Arial, Helvetica, sans-serif; font-size: 13px; color: var(--isc-muted); margin-bottom: 24px; } .meta strong { color: var(--isc-text); } .meta a { color: var(--isc-link); text-decoration: none; } .meta a:hover { text-decoration: underline; } h2 { font-family: Arial, Helvetica, sans-serif; font-size: 19px; color: var(--isc-maroon); margin-top: 32px; margin-bottom: 10px; padding-bottom: 4px; border-bottom: 1px solid var(--isc-rule); } h3 { font-family: Arial, Helvetica, sans-serif; font-size: 16px; color: var(--isc-text); margin-top: 22px; margin-bottom: 8px; } p { margin: 10px 0; } a { color: var(--isc-link); } a:hover { text-decoration: underline; } code, .inline-code { font-family: "SFMono-Regular", Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13px; background: var(--isc-code-bg); color: var(--isc-code-text); padding: 1px 5px; border-radius: 3px; word-break: break-all; } .callout { background: var(--isc-callout-bg); border-left: 3px solid var(--isc-maroon); padding: 10px 16px; margin: 14px 0; font-family: "SFMono-Regular", Consolas, "Liberation Mono", Menlo, Courier, monospace; font-size: 13px; color: var(--isc-text); } figure { margin: 22px 0; text-align: center; } figure img { max-width: 100%; height: auto; border: 1px solid #cccccc; display: block; margin: 0 auto; } figcaption { font-family: Arial, Helvetica, sans-serif; font-size: 13px; color: var(--isc-muted); margin-top: 8px; font-style: italic; } figcaption strong { color: var(--isc-text); font-style: normal; } table.diary-table { border-collapse: collapse; width: 100%; margin: 16px 0; font-family: Arial, Helvetica, sans-serif; font-size: 13.5px; } table.diary-table th, table.

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a cross-site scripting flaw. An anonymous researcher has been credited with discovering and reporting the issue. "

The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the issue by May 17, 2026. The vulnerability is a critical authentication bypass tracked as CVE-2026-20182. It's

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The TeamPCP hacker group is threatening to leak source code from the Mistral AI project unless a buyer is found for the data. [...]

Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain admin-level access to websites. [...]

Cisco is warning that a critical Catalyst SD-WAN Controller authentication bypass flaw, tracked as CVE-2026-20182, was actively exploited in zero-day attacks that allowed attackers to gain administrative privileges on compromised devices. [...]

Overview On May 13, 2026, Palo Alto Networks published a security advisory for CVE-2026-0265 , a signature verification vulnerability that facilitates authentication bypass on PAN-OS , the operating system that most Palo Alto Networks firewalls run. This vulnerability allows a remote unauthenticated attacker with network access to bypass authentication when Cloud Authentication Service (CAS) is enabled and attached to a login interface; the vulnerable configuration is non-default but common. CVE-2026-0265 affects PAN-OS on PA-Series and VM-Series firewalls, as well as Panorama (virtual and M-Series) appliances. Cloud NGFW and Prisma Access are not affected. Palo Alto Networks assigned CVE-2026-0265 a “High” 7.2 CVSS score. The advisory states that the vulnerability’s severity scoring depends on interface exposure; according to the vendor, risk is highest for unrestricted management interfaces equipped with CAS, while other login portals, such as GlobalProtect gateways, are lower risk. However, the researcher who reported the vulnerability, Harsh Jaiswal of HacktronAI , publicly disputed the vendor’s severity rating . Jaiswal stated on social media that the vulnerability advisory misrepresents the criticality of the bug and the affected components; according to the HacktronAI research team, they successfully exploited CVE-2026-0265 to bypass authentication controls on multiple corporations’ GlobalProtect portals and establish VPN access. Jaiswal stated that internet-facing components are affected , and HacktronAI plans to disclose full technical details the week of May 18. As of May 14, Palo Alto Networks has not confirmed exploitation in-the-wild of CVE-2026-0265, and there is no public proof-of-concept exploit available. However, given the researcher's statements about the practical exploitability of this vulnerability and the pending disclosure of technical details, this will likely evolve. PAN-OS software has been a frequent target for threat actors; on May 6, 2026, the PAN-OS vulnerability CVE-2026-0300 was added to CISA's Known Exploited Vulnerabilities (KEV) catalog. Patches for many affected version streams were published on May 13, and the remaining patches are expected on May 28, 2026. Mitigation guidance Organizations running PA-Series or VM-Series firewalls, or Panorama (virtual and M-Series) appliances, with Cloud Authentication Service (CAS) enabled should upgrade to a fixed version on an emergency basis. Patches are partially available, with many version stream fixes published on May 13 and additional version stream coverage expected on May 28. The following table outlines the affected and fixed versions: PAN-OS version Affected Fixed 12.1 12.1.4-h5 12.1.7 = 12.1.4-h5 = 12.1.7 (ETA: 05/28) 11.2 11.2.4-h17 11.2.7-h13 11.2.10-h6 11.2.12 = 11.2.4-h17 (ETA: 05/28) = 11.2.7-h13 = 11.2.10-h6 = 11.2.12 (ETA: 05/28) 11.1 11.1.4-h33 11.1.6-h32 11.1.7-h6 11.1.10-h25 11.1.13-h5 11.1.15 = 11.1.4-h33 = 11.1.6-h32 = 11.1.7-h6 (ETA: 05/28) = 11.1.

OpenAI says two employees' devices were breached in the recent TanStack supply chain attack that impacted hundreds of npm and PyPI packages, causing the company to rotate code-signing certificates for its applications as a precaution. [...]