A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days ...

Grafana disclosed an unauthorized party accessed its GitHub environment and downloaded its codebase via a token.

Mini Shai-Hulud hit 2 OpenAI devices via TanStack, exposing limited credentials and forcing macOS certificate updates by June ...

CISA added CVE-2026-20182, a CVSS 10.0 Cisco Catalyst SD-WAN Controller authentication bypass flaw, to its KEV catalog.

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come ...

An anonymous cybersecurity researcher who disclosed three Microsoft Defender vulnerabilities has returned with two more ...

Turla turns Kazuar into a 3-module P2P botnet, enabling stealthy C2, resilient tasking, and persistent access.

NGINX Rift CVE-2026-42945 scores 9.2 after 18 years, enabling unauthenticated RCE or DoS via crafted HTTP requests.

Microsoft’s new MDASH AI system found 16 Windows vulnerabilities fixed in this month’s Patch Tuesday, including 2 RCE flaws ...

Trusted-tool abuse hit 84% of 700,000 incidents, driving 45-day assessments that reduce attack surface by 30%+.

Ghostwriter’s March 2026 Ukraine attacks use PDF lures and geofencing to deploy Cobalt Strike on government targets.

Cybersecurity researchers are sounding the alarm about what has been described as "malicious activity" in newly published ...