21+ min ago  (590+ words) Four vulnerabilities in Open Claw can be chained together to steal credentials, escape the sandbox, and plant persistent backdoors. Four vulnerabilities in the Open Claw AI assistant can be chained together to plant backdoors on the underlying host, cybersecurity firm…...

1+ hour, 10+ min ago  (500+ words) The hackers claimed to have stolen more than 600, 000 Salesforce records, including personal information and corporate data." 7-Eleven, the world's largest convenience store chain, has confirmed suffering a data breach after the notorious Shiny Hunters hacker group claimed to have stolen…...

1+ hour, 58+ min ago  (550+ words) The researcher dropped the Mini Plasma exploit that uses the original proof-of-concept (Po C) code targeting the bug. A security researcher has released an exploit targeting a Windows vulnerability disclosed in 2020, warning that it might have never been patched." The flaw,…...

2+ hour, 51+ min ago  (612+ words) At least one threat actor has adopted the recently released malware source code in attacks against NPM developers. The first Shai-Hulud worm clones emerged only days after Team PCP released the malware's source code on Git Hub, Ox Security reports....

4+ hour ago  (556+ words) Grafana appears to have been targeted by Coinbase Cartel, a cybercrime group linked to Shiny Hunters, Scattered Spider, and Lapsus$. Grafana confirmed suffering a data breach on Sunday, two days after a cybercrime group listed the company on its leak…...

5+ hour, 7+ min ago  (584+ words) The flaw leads to denial-of-service on default configurations and to remote code execution if ASLR is disabled. The first in-the-wild attacks exploiting a critical-severity NGINX vulnerability patched last week have occurred over the weekend, Vuln Check warns. Tracked as CVE…...

8+ hour, 26+ min ago  (573+ words) Participants demonstrated exploits for Windows, Linux, VMware, Nvidia, and AI products. Pwn2 Own Berlin 2026 has come to an end, and participants earned a total of nearly $1. 3 millon for exploits targeting Windows, Linux, VMware, Nvidia, and AI products." According to Trend AI's…...

3+ day, 2+ hour ago  (527+ words) Introduced in 2008, the critical-severity security defect was patched this week in NGINX Plus and NGINX open source. Technical details and proof-of-concept (Po C) exploit code targeting a newly patched critical-severity vulnerability in NGINX are now available. Tracked as CVE-2026-42945 (CVSS score…...

2+ day, 21+ hour ago  (497+ words) Other noteworthy stories that might have slipped under the radar: Nvidia cloud gaming data breach, Android 17 security upgrades, FBI warning after Shiny Hunters hacks Canvas. Here are this week's highlights: Nvidia cloud gaming partner suffers data breach FCC buys time…...

3+ day, 27+ min ago  (546+ words) Microsoft has shared mitigations for CVE-2026-42897 until a permanent patch can be released for affected Exchange Server versions. Microsoft Exchange Server users are urged to immediately mitigate a newly disclosed zero-day vulnerability that has been exploited in attacks. The Exchange…...