NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

May 17, 2026 at 05:27PM A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in…

Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt

May 17, 2026 at 12:43PM Grafana has disclosed that an "unauthorized party" obtained a token that granted them the abili…

Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming

May 16, 2026 at 08:50PM A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under ac…

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

May 15, 2026 at 11:49AM Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server tha…

CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits

May 15, 2026 at 10:58AM The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulne…

Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets

May 14, 2026 at 10:52PM Cybersecurity researchers are sounding the alarm about what has been described as "malicious activit…

How AI Hallucinations Are Creating Real Security Risks

May 14, 2026 at 05:00PM AI hallucinations are introducing serious security risks into critical infrastructure decision-making by …

Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation

May 14, 2026 at 02:55PM An anonymous cybersecurity researcher who disclosed three Microsoft Defender vulnerabilities has returned…

New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption

May 14, 2026 at 12:36PM Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation (LPE) …

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

May 14, 2026 at 11:30AM Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX…

Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws

May 13, 2026 at 04:06PM Microsoft on Tuesday released patches for 138 security vulnerabilities spanning its product portfolio, al…

GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data

May 13, 2026 at 01:38PM Cybersecurity researchers are calling attention to a new campaign dubbed GemStuffer that has targeted the…