17+ hour, 39+ min ago  (430+ words) A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to Vuln Check. The vulnerability, tracked as CVE-2026-42945 (CVSS score: 9. 2), is a heap buffer overflow…...

22+ hour, 13+ min ago  (471+ words) Grafana has disclosed that an "unauthorized party" obtained a token that granted them the ability to access the company's Git Hub environment and download its codebase. "Our investigation has determined that no customer data or personal information was accessed during…...

1+ day, 13+ hour ago  (485+ words) A critical security vulnerability impacting the Funnel Builder plugin for Word Press has come under active exploitation in the wild to inject malicious Java Script code into Woo Commerce checkout pages with the goal of stealing payment data. Details of…...

2+ day, 16+ hour ago  (16+ words) Claw Chain flaws in Open Claw 2026. 4. 22 enable data theft, privilege escalation, and persistence when chained....

2+ day, 13+ hour ago  (434+ words) The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2 P) botnet that's engineered for stealth and persistent access to compromised hosts. Turla, per the U. S. Cybersecurity and Infrastructure Security Agency (CISA), is assessed…...

2+ day, 18+ hour ago  (351+ words) The reaction we heard most was a fair one: We know. So what do we actually do about it? That's what Bitdefender's complimentary Internal Attack Surface Assessment'is built to answer. It's a 45-day, low-effort engagement available to organizations with 250 or…...

2+ day, 18+ hour ago  (919+ words) Open AI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on Tan Stack, but noted that no user data, production systems, or intellectual property were compromised or…...

3+ day, 3+ hour ago  (89+ words) The Hacker News Praison AI | Breaking Cybersecurity News | The Hacker News Praison AI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure Mythos is Coming: What the Next Six Months Require Your Biggest Security Risk Isn't Malware " It's What You Already…...

2+ day, 23+ hour ago  (405+ words) Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8. 1), has been described as a spoofing bug stemming from…...

3+ day, 36+ min ago  (349+ words) The U. S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the issue by May 17, 2026. The…...