NGINX CVE-2026-42945 Actively Exploited in the Wild
Critical NGINX vulnerability CVE-2026-42945 now under active attack. Heap buffer overflow affects versions 0.6.27-1.30.0. CVSS 9.2. Patch immediately.
Read More
Grafana Labs Confirms GitHub Account Breach
Grafana Labs confirms GitHub account breach — full codebase accessed. No customer data stolen, operations unaffected, and zero ransom paid.
CIFSwitch: 19-Year-Old Linux Root Bug Found By AI
A critical privilege escalation vulnerability in the Linux kernel’s CIFS (Common Internet File System) implementation has been discovered after hiding in plain sight for 19 years. Dubbed “CIFSwitch,” the flaw allows unprivileged users to gain root access through a race condition in filesystem switch
Microsoft Named Leader In Gartner Endpoint Protection
Microsoft has been recognized as a Leader in the 2026 Gartner Magic Quadrant for Endpoint Protection Platforms, reinforcing its position in the enterprise security market. The recognition highlights Microsoft Defender for Endpoint’s comprehensive threat protection capabilities, integration ecosystem
Palo Alto PAN-OS Zero Day Grants Root Access to Attackers
Critical 0-day in Palo Alto PAN-OS lets attackers execute code with root privileges on enterprise firewalls. CVE-2026-0300 actively exploited in the wild.
OpenAI Hit By Malicious npm Package Supply Chain Attack
OPENAI EMPLOYEE DEVICES COMPROMISED Malware in poisoned TanStack npm packages hit OpenAI staff machines Internal credentials stolen in supply chain attack Severity: High Target: OpenAI employees
KnowledgeDeliver LMS Zero-Day Deploys BLUEBEAM Shell
A critical zero-day vulnerability in KnowledgeDeliver Learning Management System (LMS) is being actively exploited in the wild to deploy BLUEBEAM web shells. Attackers are leveraging an unrestricted file upload flaw to gain persistent access to compromised systems, affecting educational institutions
Microsoft Dismantles Fox Tempest Malware Signing Network
Microsoft just took down Fox Tempest, a criminal network that helped hackers sign malware with fake certificates to bypass security. Trust nothing.
Windows 11 And Edge Hacked At Pwn2Own Berlin 2026
Windows 11 and Microsoft Edge fall to hackers at Pwn2Own Berlin. Day one: $523K paid out for 24 zero-day exploits. The bugs are real and they’re spectacular.
Ghost CMS Exploited In Massive ClickFix Campaign
A critical SQL injection vulnerability in Ghost CMS is being actively exploited in a widespread ClickFix social engineering campaign. Attackers are compromising Ghost-powered websites to inject malicious scripts that display fake error messages, tricking users into executing PowerShell commands that