Depthfirst has published technical details and proof-of-concept (PoC) exploit code targeting a critical NGINX vulnerability.

Other noteworthy stories that might have slipped under the radar: Nvidia cloud gaming data breach, Android 17 security upgrades, FBI warning after ShinyHunters hacks Canvas. SecurityWeek’s weekly ...

Microsoft is working to patch CVE-2026-42897, an Exchange Server zero-day vulnerability that has been exploited in attacks.

American Lending Center this week revealed that a data breach discovered last year has impacted more than 123,000 individuals ...

OpenAI has rotated code-signing certificates after code repositories containing them were compromised in the TanStack supply ...

Google has released a Chrome 148 update that resolves 79 vulnerabilities, including 14 critical-severity security defects.

Cisco has patched yet another critical SD-WAN zero-day vulnerability, the sixth SD-WAN flaw whose exploitation came to light ...

The hacking group is encouraging miscreants to use the code in supply chain attacks, promising monetary rewards. The infamous TeamPCP hacking group that besieged the open source software ecosystem ...

Data centers have always been among the most challenging environments to secure. Physical servers host hypervisors.

Linux distributions are affected by Fragnesia, a new kernel vulnerability tracked as CVE-2026-46300 that can be exploited for ...

Mythos outperformed rival models in vulnerability discovery, particularly in live-plus-source testing, but showed limitations ...

China-linked Salt Typhoon and Twill Typhoon were seen expanding their target list and updating their arsenal in recent ...