Four OpenClaw vulnerabilities dubbed Claw Chain can be chained to steal sensitive data, escalate privileges, and establish persistence.

All four flaws are fixed in OpenClaw 2026.4.22.

On-prem Microsoft Exchange Server CVE-2026-42897 is under active exploitation.

The CVSS 8.1 spoofing flaw stems from XSS and can allow arbitrary JavaScript execution when crafted emails are opened in Outlook Web Access under certain conditions.

CISA added CVE-2026-20182, a CVSS 10.0 authentication bypass in Cisco Catalyst SD-WAN Controller, to its KEV catalog amid active exploitation.

Google ties full 15GB free cloud storage to mobile number verification for new accounts.

Microsoft patches 120 vulnerabilities in May 2026 update including 17 critical flaws across Windows and Office.

Google says hackers used AI to discover a zero day vulnerability for the first time.

Critical Next.js vulnerability exposes servers to unauthorized requests and potential data leaks.

The hacker group "ShinyHunters" in a new wave of cyberattacks has gained access to data from large companies such as Google, Sony, AMD, and Rockstar.

A new version of the "Kazuar" malware; a tool attributed to Russian hackers designed for covert infiltration, espionage, and information gathering.

The 4th Linux kernel flaw this month can lead to stolen SSH host keys.

NorthC data center outside Amsterdam suffers fire.

ESET details new Ghostwriter activity targeting Ukrainian government.

Loopscale Breach Twist: Hacker Offers to Return Funds for 20%.

Australians among 560 million users around the world caught in Ticketmaster hack.

Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt.

Russian hackers turn Kazuar backdoor into modular P2P botnet.