OpenClaw has patched six new vulnerabilities in its popular agentic AI assistant, covering server-side request forgery (SSRF), missing authentication and path traversal bugs, according to Endor Labs. The vulnerabilities, some of which do not have CVE IDs, range from moderate… Read More "Researchers Reveal Six New OpenClaw Vulnerabilities"
Google has announced the rollout of new session cookie protections in Chrome to prevent account compromise via stolen authentication cookies. The feature, called Device Bound Session Credentials (DBSC), was announced in April 2024 and has become available in Chrome 146… Read More "Google Rolls Out Cookie Theft Protections in Chrome"
Ravie LakshmananApr 10, 2026Malware / Website Security Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider 3 Pro version… Read More "Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers"
Researchers at OX Security have detected four vulnerabilities in three of the most popular integrated development environments (IDEs) that could lead to cyber-attacks. In a report published on February 17, OX Security shared details about the four new flaws, including… Read More "Flaws in Popular IDE Extensions Allow Data Exfiltration"
A newly uncovered phishing kit allows cybercriminals to steal usernames and passwords with a toolkit which spoofs live login pages and bypasses multi-factor authentication (MFA) protections, cybersecurity analysts have warned. Dubbed Starkiller, the phishing platform has been detailed by researchers… Read More "Starkiller: New ‘Commercial-Grade’ Phishing Kit Bypasses MFA"
The number of industrial control system (ICS) security advisories published in 2025 topped 500 for the first time since records began, with the severity of vulnerabilities also increasing, according to Forescout. The security vendor revealed the findings in its new report,… Read More "Industrial Control System Vulnerabilities Hit Record Highs"
Das ist die Essenz dessen, was ich als “Moschusochsenstrategie” bezeichne. Der Hintergrund: Werden Moschusochsen von Wölfen angegriffen, bildet die Herde einen Kreis, in dessen Mitte sich die schwächeren Mitglieder befinden. Die Hörner der “Frontline”-Tiere sind dabei nach außen positioniert. Für… Read More "Was CISOs von Moschusochsen lernen können"
A new Online Crime Centre is set to take the fight to cyber-crime as part of the UK government’s expanded anti-fraud strategy In a joint announcement, the UK Home Office and the National Crime Agency said that the new unit… Read More "UK Launches New Crackdown Unit to Tackle Cyber-Fraud at the Source"
A new national cyber strategy aimed at strengthening US digital defenses, countering foreign adversaries and accelerating innovation has been released by the Trump Administration. The document, published on March 6, 2026, outlines a broad framework for addressing cyber threats through… Read More "Trump Administration Unveils New Cyber Strategy For America"
A campaign exploiting multiple software vulnerabilities to steal system data and store it in a cloud-based security platform has been uncovered by cybersecurity researchers. Investigators found that a threat actor used a free-trial instance of Elastic Cloud’s security information and… Read More "Threat Actor Exploits Flaws and Uses Elastic Cloud SIEM to Manage Stol"
