18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
Ravie LakshmananMay 14, 2026Vulnerability / Web Server Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open,...
Ravie
Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
Ravie LakshmananMay 13, 2026Vulnerability / Artificial Intelligence Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to...
Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation
Ravie LakshmananMay 13, 2026Cyber Espionage / Malware A threat actor with affiliations to China has been linked to a "multi-wave...
New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution
Ravie LakshmananMay 12, 2026Vulnerability / Email Security Exim has released security updates to address a severe security issue affecting certain...
RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded
Ravie LakshmananMay 12, 2026Supply Chain Attack / Software Security RubyGems, the standard package manager for the Ruby programming language, has...
New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots
Ravie LakshmananMay 12, 2026Malware / Mobile Security Cybersecurity researchers have flagged a new version of the TrickMo Android banking trojan...
Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak
Ravie LakshmananMay 12, 2026Vulnerability / Network Security American educational technology company Instructure, the parent company of Canvas, said it reached...
OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation
Ravie LakshmananMay 12, 2026Vulnerability / AI Security OpenAI has launched Daybreak, a new cybersecurity initiative that brings together frontier artificial...
iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android
Ravie LakshmananMay 12, 2026Encryption / Mobile Security Apple on Monday officially released iOS 26.5 with support for end-to-end encryption (E2EE)...
TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack
Ravie LakshmananMay 11, 2026Supply Chain Attack / DevSecOps Checkmarx has confirmed that a modified version of the Jenkins AST plugin...
cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor
Ravie LakshmananMay 11, 2026Vulnerability / Ransomware A threat actor named Mr_Rot13 has been attributed to the exploitation of a recently...
⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
Ravie LakshmananMay 11, 2026Cybersecurity / Hacking Rough Monday. Somebody poisoned a trusted download again, somebody else turned cloud servers into...
Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads
Ravie LakshmananMay 11, 2026Supply Chain Attack / Threat Intelligence A malicious Hugging Face repository managed to take a spot in...
cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now
Ravie LakshmananMay 09, 2026Vulnerability / Web Hosting cPanel has released updates to address three vulnerabilities in cPanel and Web Host...
Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads
Ravie LakshmananMay 08, 2026Android / Mobile Security Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for...
