Depthfirst has published technical details and proof-of-concept (PoC) exploit code targeting a critical NGINX vulnerability.

Other noteworthy stories that might have slipped under the radar: Nvidia cloud gaming data breach, Android 17 security upgrades, FBI warning after ShinyHunters hacks Canvas. SecurityWeek’s weekly ...

Microsoft is working to patch CVE-2026-42897, an Exchange Server zero-day vulnerability that has been exploited in attacks.

Cisco has patched yet another critical SD-WAN zero-day vulnerability, the sixth SD-WAN flaw whose exploitation came to light ...

Google has released a Chrome 148 update that resolves 79 vulnerabilities, including 14 critical-severity security defects.

OpenAI has rotated code-signing certificates after code repositories containing them were compromised in the TanStack supply ...

Linux distributions are affected by Fragnesia, a new kernel vulnerability tracked as CVE-2026-46300 that can be exploited for ...

Data centers have always been among the most challenging environments to secure. Physical servers host hypervisors.

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...

A disgruntled security researcher this week publicly disclosed two zero-day vulnerabilities in Windows that enable BitLocker ...

A ransomware attack forced West Pharmaceutical Services to take systems offline globally, disrupting operations.

ClaudeBleed, a vulnerability in Claude in Chrome, allows malicious extensions to hijack the AI agent for nefarious purposes.