Latest Cybersecurity News & Insights
28 February 2026
OpenClaw has fixed a high-severity security issue that, if successfully exploited, could have allowed a malicious website to connect to a locally running artificial intelligence (AI) agent and take over control.
"Our vulnerability lives in the core system itself – no plugins, no marketplace, no user-installed extensions – just the bare OpenClaw gateway, running exactly as documented," Oasis
28 February 2026
In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to assemble Kimwolf, the world's largest and most disruptive botnet. Since then, the person in control of Kimwolf -- who goes by the handle "Dort" -- has coordinated a barrage of distributed denial-of-service (DDoS), doxing and email flooding attacks against the researcher and this author, and more recently caused a SWAT team to be sent to the researcher's home. This post examines what is knowable about Dort based on public information.
27 February 2026
The Shadowserver Foundation has revealed that over 900 Sangoma FreePBX instances still remain infected with web shells as part of attacks that exploited a command injection vulnerability starting in December 2025.
Of these, 401 instances are located in the U.S., followed by 51 in Brazil, 43 in Canada, 40 in Germany, and 36 in France.
The non-profit entity said the compromises are likely
27 February 2026
The attacks exploited a post-authentication command injection vulnerability in the endpoint manager’s interface.
The post 900 Sangoma FreePBX Instances Infected With Web Shells appeared first on SecurityWeek.
27 February 2026
An out-of-band security update for Junos OS Evolved patches the remote code execution vulnerability CVE-2026-21902.
The post Juniper Networks PTX Routers Affected by Critical Vulnerability appeared first on SecurityWeek.
26 February 2026
The issue impacts the UPnP function of multiple device models and could be exploited for remote code execution.
The post Zyxel Patches Critical Vulnerability in Many Device Models appeared first on SecurityWeek.
26 February 2026
The broker acquired eight zero-day exploits from a US defense contractor executive jailed for his actions.
The post US Sanctions Russian Exploit Broker Operation Zero appeared first on SecurityWeek.
26 February 2026
Already added to CISA’s KEV catalog, the flaw allows attackers to bypass authentication and gain administrative privileges.
The post Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated Hackers appeared first on SecurityWeek.
26 February 2026
A newly disclosed maximum-severity security flaw in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager (formerly vManage) has come under active exploitation in the wild as part of malicious activity that dates back to 2023.
The vulnerability, tracked as CVE-2026-20127 (CVSS score: 10.0), allows an unauthenticated remote attacker to bypass authentication and obtain
25 February 2026
The stocks of major cybersecurity companies have fallen sharply over fears that AI is disrupting the industry.
The post Claude’s New AI Vulnerability Scanner Sends Cybersecurity Shares Plunging appeared first on SecurityWeek.
25 February 2026
A 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over seven years in prison for selling eight zero-day exploits to Russian exploit broker Operation Zero in exchange for millions of dollars.
Peter Williams pleaded guilty to two counts of theft of trade secrets in October 2025. In addition to the jail term, Williams
25 February 2026
SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution.
The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below -
CVE-2025-40538 - A broken access control vulnerability that allows an attacker to create a system admin user and execute arbitrary
25 February 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed vulnerability in FileZen to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability, tracked as CVE-2026-25108 (CVSS v4 score: 8.7), is a case of operating system (OS) command injection that could allow an authenticated user to execute
24 February 2026
A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue.
The artificial intelligence (AI)-driven vulnerability has been codenamed RoguePilot by Orca Security. It has since been patched by Microsoft following responsible disclosure.
"Attackers can craft hidden instructions inside a
24 February 2026
Broadcom has patched several vulnerabilities in VMware Aria Operations, including high-severity flaws.
The post VMware Aria Operations Vulnerability Could Allow Remote Code Execution appeared first on SecurityWeek.
24 February 2026
The vulnerability in TeamT5 ThreatSonar Anti-Ransomware was recently added to CISA’s KEV catalog.
The post Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTs appeared first on SecurityWeek.
23 February 2026
Patched in December 2025, the exploited flaw leads to XSS attacks via the animate tags in SVG documents.
The post Recent RoundCube Webmail Vulnerability Exploited in Attacks appeared first on SecurityWeek.
23 February 2026
PayPal blamed an application error for the exposure of customer personal information for nearly 6 months.
The post PayPal Data Breach Led to Fraudulent Transactions appeared first on SecurityWeek.
21 February 2026
The flaw tracked as CVE-2026-2329 can be exploited without authentication for remote code execution with root privileges.
The post Critical Grandstream Phone Vulnerability Exposes Calls to Interception appeared first on SecurityWeek.
21 February 2026
Artificial intelligence (AI) company Anthropic has begun to roll out a new security feature for Claude Code that can scan a user's software codebase for vulnerabilities and suggest patches.
The capability, called Claude Code Security, is currently available in a limited research preview to Enterprise and Team customers.
"It scans codebases for security vulnerabilities and suggests targeted