18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

/in

Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years.
The vulnerability, discovered by depthfirst, is a heap buffer overflow issue impacting ngx_http_rewrite_module (CVE-2026-42945, CVSS v4 score: 9.2) that could allow an attacker to achieve remote code execution or cause a

The Hacker News – ​Read More

New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption

/in

Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation (LPE) vulnerability that allows local attackers to gain root access, making it the third such bug to be identified in the kernel within a span of two weeks.
Codenamed Fragnesia, the security vulnerability is tracked as CVE-2026-46300 (CVSS score: 7.8) and is rooted in the Linux kernel’s XFRM

The Hacker News – ​Read More

Researcher Drops YellowKey, GreenPlasma Windows Zero-Days

/in

YellowKey is a BitLocker bypass that requires physical access. GreenPlasma enables elevation of privileges to System.

The post Researcher Drops YellowKey, GreenPlasma Windows Zero-Days appeared first on SecurityWeek.

SecurityWeek – ​Read More

TeamPCP Claims Sale of Mistral AI Repositories Amid Mini Shai-Hulud Attack

/in

TeamPCP claims to be selling alleged Mistral AI repositories on a hacker forum after the Mini Shai-Hulud attack targeted npm and PyPI ecosystems.

Hackread – Cybersecurity News, Data Breaches, AI and More – ​Read More

You may qualify for Amazon Prime at 50% off without even knowing – here’s how

/in

There are a couple of lesser-known ways to get Amazon Prime at a discount right now. I break down the details.

Latest news – ​Read More

I’m following the 60-60 rule for headphone listening, and my future self will thank me for it

/in

Wearing headphones every day has a greater effect on your ears than you might think. But your devices likely have features to help.

Latest news – ​Read More

Tables Turn on ‘The Gentlemen’ RaaS Gang With Data Leak

/in

An OPSEC failure provides a window into what helped the ransomware group rise: a generous affiliate model, opportunistic TTPs, and an effective organizational structure.

darkreading – ​Read More

Adobe Express vs Canva: Which design tool is better?

/in

I tested Adobe Express and Canva to compare value and workflow fit so you can choose the right design tool for your needs.

Latest news – ​Read More

Instructure Reaches Deal with ShinyHunters to Prevent Canvas Data Leak

/in

Instructure has reached an agreement with the ShinyHunters group to return and destroy stolen Canvas data, protecting millions of student records from a public leak.

Hackread – Cybersecurity News, Data Breaches, AI and More – ​Read More

Attackers Weaponize RubyGems for Data Dead Drops

/in

Threat actors are publishing RubyGems packages that include scrapers targeting public-facing UK government servers, but with no clear objective.

darkreading – ​Read More