Depthfirst has published technical details and proof-of-concept (PoC) exploit code targeting a critical NGINX vulnerability.

Other noteworthy stories that might have slipped under the radar: Nvidia cloud gaming data breach, Android 17 security upgrades, FBI warning after ShinyHunters hacks Canvas. SecurityWeek’s weekly ...

Microsoft is working to patch CVE-2026-42897, an Exchange Server zero-day vulnerability that has been exploited in attacks.

Cisco has patched yet another critical SD-WAN zero-day vulnerability, the sixth SD-WAN flaw whose exploitation came to light ...

Google has released a Chrome 148 update that resolves 79 vulnerabilities, including 14 critical-severity security defects.

OpenAI has rotated code-signing certificates after code repositories containing them were compromised in the TanStack supply ...

Linux distributions are affected by Fragnesia, a new kernel vulnerability tracked as CVE-2026-46300 that can be exploited for ...

Data centers have always been among the most challenging environments to secure. Physical servers host hypervisors.

A ransomware attack forced West Pharmaceutical Services to take systems offline globally, disrupting operations.

A disgruntled security researcher this week publicly disclosed two zero-day vulnerabilities in Windows that enable BitLocker ...

Mythos outperformed rival models in vulnerability discovery, particularly in live-plus-source testing, but showed limitations ...

China-linked Salt Typhoon and Twill Typhoon were seen expanding their target list and updating their arsenal in recent ...