Cybersecurity

OpenClaw Critical Vulnerabilities - Remote Code Execution Risk

CERT-Bund issued advisory WID-SEC-2026-1005 warning of critical vulnerabilities in OpenClaw personal AI assistant software. Multiple security flaws with CVSS Base Score 9.8 (critical) enable remote attackers to execute arbitrary code, escalate privileges, bypass security controls, and access or manipulate data. Affected products include Open Source OpenClaw versions prior to 2026.4.8 running on Linux and UNIX systems.

IBM App Connect Enterprise Critical Vulnerabilities, CVSS 9.1

CERT-Bund published a critical security advisory (WID-SEC-2026-1007) warning of multiple severe vulnerabilities in IBM App Connect Enterprise with a CVSS Base Score of 9.1. The vulnerabilities allow remote attackers to bypass security controls, execute arbitrary code, perform SQL injection and XSS attacks, conduct denial of service, and disclose sensitive information. Organizations running affected versions on Linux, UNIX, Windows, or other platforms must apply mitigations immediately.

Critical Golang Go Vulnerabilities, CVSS 9.8, Remote Code Execution

CERT-Bund issued a critical security advisory (WID-SEC-2026-1006) regarding multiple vulnerabilities in Golang Go versions prior to 1.26.2 and 1.25.9. The vulnerabilities carry a CVSS Base Score of 9.8 (critical) and enable attackers to execute arbitrary code remotely, cause memory corruption, bypass security controls, or trigger denial-of-service conditions. Organizations using affected Go versions must apply available mitigations or update immediately.

Bitcoin Depot 8-K cybersecurity incident disclosure

Bitcoin Depot Inc. filed Form 8-K Item 1.05 disclosing a material cybersecurity incident discovered on March 23, 2026. An unauthorized party accessed company IT systems and transferred approximately 50.903 Bitcoin (valued at $3.665 million) from company-controlled wallets without authorization. The company engaged cybersecurity experts and law enforcement, contained the incident to its corporate environment, and has not identified evidence of customer PII exfiltration. Investigation and remediation efforts remain ongoing.

Bitcoin Depot Cybersecurity Incident Disclosure (Form 8-K Item 1.05)

Bitcoin Depot filed a Form 8-K Item 1.05 disclosure with the SEC reporting a material cybersecurity incident. The filing describes the nature of the incident, the date of discovery, and its scope. As a publicly traded company, Bitcoin Depot is subject to SEC cybersecurity disclosure rules requiring prompt reporting of material cyber events.

CVE-2026-1340 Ivanti EPMM Code Injection Vulnerability Added to KEV Catalog

CISA added CVE-2026-1340, an Ivanti Endpoint Manager Mobile (EPMM) code injection vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation. The vulnerability poses significant risk as a frequent attack vector for malicious cyber actors targeting federal enterprises. Federal Civilian Executive Branch agencies are required to remediate vulnerabilities identified in the KEV Catalog pursuant to BOD 22-01.

CBP Arrests Five Fugitives in Five Days at Southern Border

U.S. Customs and Border Protection officers in the Laredo Field Office arrested five individuals with active felony warrants between March 27 and March 31, 2026. The arrests occurred at ports of entry including the Colombia-Solidarity Bridge in Laredo and the Gateway Bridge in Brownsville, Texas. Charges among the five fugitives included indecency with a child, homicide and abuse of office, aggravated assault with a deadly weapon, and burglary of a habitation.

Windows privilege escalation, NT AUTHORITYSYSTEM access, unpatched

Windows privilege escalation, NT AUTHORITYSYSTEM access, unpatched

Apache Cassandra Multiple Vulnerabilities - Privilege Escalation, Information Disclosure, DoS

CERT-Bund issued a security advisory warning of multiple vulnerabilities in Apache Cassandra database systems with a CVSS Base Score of 8.8. The flaws affect versions prior to 4.1.11, 5.0.7, and 4.0.20 across Linux, Windows, and UNIX platforms. Attackers can exploit these vulnerabilities to achieve privilege escalation, disclose information, and execute denial-of-service attacks.

Multiples vulnérabilités dans OpenSSL - Avis CERT-FR 2026-AVI-0403

CERT-FR issued an advisory alerting organizations to multiple critical vulnerabilities in OpenSSL affecting versions 1.0.2 through 3.6.x. Seven CVEs were identified including CVE-2026-28386 through CVE-2026-28390 and CVE-2026-31789-CVE-2026-31790. The vulnerabilities enable remote code execution, denial of service, and data confidentiality breaches. Organizations running affected OpenSSL versions must apply vendor patches immediately.