18-year-old NGINX vulnerability allows DoS, potential RCE

An 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for ...

New critical Exim mailer flaw allows remote code execution

A critical vulnerability affecting certain configurations of the Exim open-source mail transfer agent could be exploited by ...
Microsoft

Undermining the trust boundary: Investigating a stealthy intrusion through third-party compromise

Microsoft Incident Response investigated an attack operated through legitimate and trusted administrative mechanisms to blend ...
Windows Report

Hackers Used AI to Develop First Known Zero-Day 2FA Bypass, Google Researchers Say

Hackers allegedly used AI to build a zero-day tool that bypasses 2FA, raising fresh concerns about automated cyber threats ...

Linux bitten by second severe vulnerability in as many weeks

Linux users have been bitten by yet another vulnerability that gives containers and untrusted users the ability to gain root ...

Apple needs to fix admin authentication in ABM

What this means in practice is that when admins engage with the authentication process, they need to do so using ...
The Hacker News

⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More

Weekly cybersecurity recap covering zero-days, malware, phishing, supply chain attacks, cloud threats, AI security risks, and ...

Celebrities’ and influencers’ private communications exposed in stalkerware data breach

Cybersecurity Researcher Jeremiah Fowler uncovered a data leak involving what appears to be stalkerware or spyware used to ...
Morning Overview on MSN

An Apache HTTP server flaw lets attackers crash — or take over — millions of web servers with a single HTTP/2 request

A single malformed web request is all it takes. On May 4, 2026, the Apache Software Foundation quietly filed a vulnerability ...
Hosted on MSN

Apple and Microsoft flaws exploited as unpatched systems persist

Apple's urgent iPhone fix: A multi‑stage WebKit exploit chain can compromise iPhones simply by loading a malicious page, leading Apple to push an immediate update. SharePoint patch gap: Internet scans ...
Hackaday

This Week In Security: Another Linux Exploit, Ubuntu Knocked Offline, Finals Interrupted, And Backdoored Tools

After the CopyFail vulnerability gave root access from any user on almost all distributions last week, this week we’ve got DirtyFrag. This chains the vulnerability in CopyFail (xfrm-ESP) and ...