18-year-old NGINX vulnerability allows DoS, potential RCE

An 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for ...
Microsoft

Undermining the trust boundary: Investigating a stealthy intrusion through third-party compromise

Microsoft Incident Response investigated an attack operated through legitimate and trusted administrative mechanisms to blend ...
Windows Report

Hackers Used AI to Develop First Known Zero-Day 2FA Bypass, Google Researchers Say

Hackers allegedly used AI to build a zero-day tool that bypasses 2FA, raising fresh concerns about automated cyber threats ...

Linux bitten by second severe vulnerability in as many weeks

Linux users have been bitten by yet another vulnerability that gives containers and untrusted users the ability to gain root ...

Apple needs to fix admin authentication in ABM

What this means in practice is that when admins engage with the authentication process, they need to do so using ...
The Hacker News

⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More

Weekly cybersecurity recap covering zero-days, malware, phishing, supply chain attacks, cloud threats, AI security risks, and ...

Celebrities’ and influencers’ private communications exposed in stalkerware data breach

Cybersecurity Researcher Jeremiah Fowler uncovered a data leak involving what appears to be stalkerware or spyware used to ...
Morning Overview on MSN

An Apache HTTP server flaw lets attackers crash — or take over — millions of web servers with a single HTTP/2 request

A single malformed web request is all it takes. On May 4, 2026, the Apache Software Foundation quietly filed a vulnerability ...
Hackaday

This Week In Security: Another Linux Exploit, Ubuntu Knocked Offline, Finals Interrupted, And Backdoored Tools

After the CopyFail vulnerability gave root access from any user on almost all distributions last week, this week we’ve got DirtyFrag. This chains the vulnerability in CopyFail (xfrm-ESP) and ...
Graham Cluley

Smashing Security podcast #466: Meta sees everything, Copy Fail, and a deepfake gets hired

Meta’s smart glasses promise privacy “designed for you” – but everything they record was being beamed off to workers in ...
FinanceFeeds

KuCoin Launches Second Anti-Phishing Month, Blocks 5,000 Daily

KuCoin opened the second edition of its Anti-Phishing Month with a Learn-to-Earn campaign, citing 5,000+ daily blocked ...
Blockonomi

Kelp DAO Points Finger at LayerZero After $292M Bridge Exploit, Switches to Chainlink

Kelp DAO switches to Chainlink after $292M LayerZero hack. Protocol and bridge provider dispute who approved the ...