Ravie LakshmananMay 18, 2026Vulnerability / Software Security Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code. Topping the list is a critical… Read More "Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws"
The ability of AI models to perform end-to-end, multi-stage penetration tests that match the capabilities of humans undertaking the same tasks has improved dramatically in recent months, according to new benchmarks published by the UK government’s AI Security Institute (AISI).… Read More "AI cyberattackers are getting better faster"
The UK’s financial services firms must take active steps to manage the cybersecurity risks stemming from frontier AI, the UK government, the UK’s Financial Conduct Authority (FCA) and Bank of England have said. A missive from the trio on May 15 was… Read More "Bank of England, FCA and Treasury Raise Alarm Over Frontier AI"
A security researcher has released an exploit targeting a Windows vulnerability disclosed in 2020, warning that it might have never been patched. The flaw, tracked as CVE-2020-17103 (CVSS score of 7.0), is described as a privilege escalation issue in the… Read More "Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE"
Ravie LakshmananMay 18, 2026Cybersecurity / Hacking Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer. Then came the… Read More "Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More"
International law enforcement agency Interpol has coordinated a first-of-its-kind cybercrime crackdown across the Middle East and North Africa (MENA) that led to 201 arrests. The effort, dubbed Operation Ramz, ran from October 2025 to February 2026 across 13 countries in… Read More "Interpol Launches Sweeping Cybercrime Crackdown in MENA Region"
Four vulnerabilities in the OpenClaw AI assistant can be chained together to plant backdoors on the underlying host, cybersecurity firm Cyera warns. The bugs, collectively known as Claw Chain, allow an attacker with code execution privileges inside the sandbox to… Read More "‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery"
What happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business after one click? That is the gap many SOCs still struggle with: the attacks that leave teams unsure what was… Read More "How to Reduce Phishing Exposure Before It Turns into Business Disruption"
“CrossMPI can steer the model’s interpretation of both textual and visual inputs via image-only prompt injection,” the researchers wrote in the paper. Unlike traditional prompt injection attacks, which typically rely on malicious text instructions embedded in prompts or webpages, the… Read More "New image-based prompt injection attack targets multimodal AI models"
At Infosecurity Europe 2026, five cybersecurity startups are set to take part in a competition offering them the opportunity to showcase emerging technologies, share their bold ideas and connect directly with potential customers, partners and investors. New for 2026, the… Read More "The Infosecurity Europe Cyber Startup Competition: Meet the Finalists"
