CoinbaseCartel extorts Grafana following codebase extraction via compromised GitHub token
An unauthorized party has extracted internal engineering repository components from a major data analytics platform vendor following a secret token […]
Honeypots detect active weaponization of NGINX Rift heap overflow flaw CVE-2026-42945
Threat intelligence networks have confirmed active exploitation attempts targeting an 18-year-old memory management flaw inside web ingress controllers. Attackers are
Honeypots detect active weaponization of NGINX Rift heap overflow flaw CVE-2026-42945 Read More »
MiniPlasma Windows zero-day exploit bypasses May patches to yield local SYSTEM shells
An unpatched local privilege escalation vulnerability has been verified as operational on fully updated endpoint workstations, bypassing modern platform isolation
MiniPlasma Windows zero-day exploit bypasses May patches to yield local SYSTEM shells Read More »
Pwn2Own Berlin 2026 surfaces 39 zero-day vulnerabilities targeting enterprise cloud and AI infrastructure
A prominent international security competition has concluded with offensive researchers demonstrating numerous previously unknown vulnerabilities across enterprise operating systems, web
Critical 18-Year-Old NGINX rewrite module flaw enables unauthenticated heap overflow
A critical security flaw impacting a core request-routing component of both commercial and open-source web servers has been disclosed after
Critical 18-Year-Old NGINX rewrite module flaw enables unauthenticated heap overflow Read More »
CISA adds Microsoft Exchange Server OWA cross-site scripting flaw to KEV catalog
An active exploitation campaign targeting on-premises corporate mail systems has prompted federal authorities to include a persistent scripting vulnerability in
CISA adds Microsoft Exchange Server OWA cross-site scripting flaw to KEV catalog Read More »
Cisco warns of zero-day exploitation targeting Catalyst SD-WAN peering authentication
A critical authentication bypass vulnerability in software-defined network architecture is under active zero-day exploitation, allowing remote unauthenticated threat groups to
Cisco warns of zero-day exploitation targeting Catalyst SD-WAN peering authentication Read More »
CISA adds on-premises Microsoft Exchange Server spoofing vulnerability to KEV catalog
A cross-site scripting vulnerability present within legacy corporate mail services has been officially added to the federal inventory of actively
CISA adds on-premises Microsoft Exchange Server spoofing vulnerability to KEV catalog Read More »
OpenAI forces certificate rotation following developer compromise via TanStack attack
A prominent artificial intelligence research organization has initiated an emergency rotation of code-signing mechanisms after discovering an active developer environment
OpenAI forces certificate rotation following developer compromise via TanStack attack Read More »
CISA mandates immediate remediation for Cisco Catalyst SD-WAN admin bypass
A critical authentication bypass vulnerability in software-defined networking controllers has been added to the federal list of known exploited threats
CISA mandates immediate remediation for Cisco Catalyst SD-WAN admin bypass Read More »
