A new privilege escalation vulnerability dubbed PinTheft affects Arch Linux’s sudo implementation, allowing attackers to bypass PIN authentication and gain root access. Public exploit code is now available, and administrators must update immediately or implement specific workarounds to prevent unaut
TeamPCP supply chain attack escalates: Jenkins plugin compromised, new worm spreads across npm and PyPI. The loudest activity since March’s Trivy disclosure.
BREAKING: Hackers already exploiting critical NGINX RCE flaw CVE-2026-42945. Real-world attacks detected days after disclosure. Patch immediately.
Grafana Labs confirms source code stolen after attackers compromised GitHub environment with stolen access token. Another reminder that token security is critical.
Microsoft Edge finally stops storing passwords in plaintext memory after security researcher flags the risk. A long-overdue fix for a dangerous practice.
Four malicious npm packages are stealing SSH keys, cloud credentials, and crypto wallets while turning infected machines into DDoS botnets. Typosquatting strikes again.
CRITICAL: 200,000+ WordPress sites exposed to full account takeover via Burst Statistics plugin flaw. Authentication bypass vulnerability now being exploited in the wild.
Gremlin stealer just leveled up. New variant uses resource file obfuscation, crypto clipping and session hijacking to fly under the radar. Your data’s at risk.
CISA adds Cisco SD-WAN authentication bypass to KEV catalog. Critical flaw CVE-2026-20182 exploited for admin access. Federal agencies have until May 2026.
CRITICAL: Cisco Catalyst SD-WAN flaw with perfect 10.0 severity score exploited in the wild. Attackers gaining admin access through auth bypass. Patch now.