Microsoft has confirmed that a known issue preventing some Windows 11 devices from shutting down also affects Windows 10 systems with Virtual Secure Mode (VSM) enabled. […]
OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link
A high-severity security flaw has been disclosed in OpenClaw (formerly referred to as Clawdbot and Moltbot) that could allow remote code execution (RCE) through a crafted malicious link.
The issue, which is tracked as CVE-2026-25253 (CVSS score: 8.8), has been addressed in version 2026.1.29 released on January 30, 2026. It has been described as a token exfiltration vulnerability that leads to
The issue, which is tracked as CVE-2026-25253 (CVSS score: 8.8), has been addressed in version 2026.1.29 released on January 30, 2026. It has been described as a token exfiltration vulnerability that leads to
Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos
Microsoft has announced a three-phase approach to phase out New Technology LAN Manager (NTLM) as part of its efforts to shift Windows environments toward stronger, Kerberos-based options.
The development comes more than two years after the tech giant revealed its plans to deprecate the legacy technology, citing its susceptibility to weaknesses that could facilitate relay attacks and allow bad
The development comes more than two years after the tech giant revealed its plans to deprecate the legacy technology, citing its susceptibility to weaknesses that could facilitate relay attacks and allow bad
CTM360 Report Warns of Global Surge in Fake High-Yield Investment Scams
Fake high-yield investment platforms are surging worldwide, promising “guaranteed” returns that mask classic Ponzi schemes.CTM360 explains how HYIP scams scale through social media, recycled templates, and referral abuse. […]
ShinyHunters-Branded Extortion Activity Expands, Escalates
Hackers rely on evolved vishing and login harvesting to compromise SSO credentials for unauthorized MFA enrollment.
The post ShinyHunters-Branded Extortion Activity Expands, Escalates appeared first on SecurityWeek.
Notepad++ update feature hijacked by Chinese state hackers for months
Chinese state-sponsored threat actors were likely behind the hijacking of Notepad++ update traffic last year that lasted for almost half a year, the developer states in an official announcement today. […]
Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack
A hacker published malicious versions of four established VS Code extensions to distribute a GlassWorm malware loader.
The post Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack appeared first on SecurityWeek.
Default ICS Credentials Exploited in Destructive Attack on Polish Energy Facilities
Poland’s CERT has published a report on the recent attack, providing new details on targeted ICS and attribution.
The post Default ICS Credentials Exploited in Destructive Attack on Polish Energy Facilities appeared first on SecurityWeek.
Panera Bread breach impacts 5.1 million accounts, not 14 million customers
The data breach notification service Have I Been Pwned says that a data breach at the U.S. food chain Panera Bread affected 5.1 million accounts, not 14 million customers as previously reported. […]
Cyber Insights 2026: Malware and Cyberattacks in the Age of AI
Security leaders share how artificial intelligence is changing malware, ransomware, and identity-led intrusions, and how defenses must evolve.
The post Cyber Insights 2026: Malware and Cyberattacks in the Age of AI appeared first on SecurityWeek.