A months-long breach at NYC Health + Hospitals has compromised the data of 1.8 million people, exposing everything from medical histories to biometric identifiers.
Forget malware. A sophisticated actor named Storm-2949 just proved that compromising a single cloud identity can unlock the entire kingdom. Microsoft's latest report lays bare a meticulously orchestrated breach that went from a stolen password to a full-blown cloud infrastructure takedown.
A potent zero-day exploit is currently tearing through Microsoft Exchange servers, leaving businesses exposed. This isn't just an IT problem; it's a direct threat to your sensitive communications.
The recent Pwn2Own Berlin event wasn't just about bragging rights; it was a stark reminder of the vulnerabilities lurking in the enterprise AI stack. Almost $1.3 million was awarded for uncovering 47 zero-day flaws.
The digital equivalent of finding a skeleton key for your Linux server just dropped. DirtyDecrypt, a kernel flaw, has been weaponized, allowing attackers to snatch root privileges.
Your Windows system is about to get interesting. A new zero-day, dubbed MiniPlasma, hands over SYSTEM access. And guess what? The proof-of-concept is already out.
The internet's foundational web server, NGINX, is under fire. A critical flaw is already being weaponized in the wild, with implications ranging from service disruption to full system compromise.
Forget secure enclaves and complex mitigations. A new 0-click exploit chain for the Pixel 10 has emerged, demonstrating a profound vulnerability in how the device handles video decoding, allowing for complete kernel takeover.
A significant data breach at Instructure, the company behind Canvas, highlights ongoing cybersecurity risks. Meanwhile, new AI vulnerabilities expose users to data exfiltration and command injection.
Active Directory Certificate Services, a bedrock of enterprise security, is quietly becoming a favorite attack vector. Forget zero-days; attackers are leveraging misconfigurations to seize control.
The malware game is stale. Or so you thought. This aging botnet, a relic from 2018, just dropped a new flavor of its attack.
Grafana's source code was downloaded by attackers who then demanded a ransom. The incident highlights a growing trend in data extortion, impacting software development pipelines.
Metasploit just dropped a persistent threat: a Vim plugin exploit. But that's not all – this wrap-up dives into new vulnerabilities and crucial fixes.
A serious security flaw is actively being exploited in on-premise Microsoft Exchange Server installations. CVE-2026-42897 allows attackers to execute JavaScript through specially crafted emails.
The digital scaffolding holding modern networks together is cracking. Cisco Catalyst SD-WAN systems are under siege, with critical authentication bypass vulnerabilities like CVE-2026-20182 being actively exploited by sophisticated threat actors.
JDownloader users, beware. A quick two-day window saw legitimate installer downloads swapped for malware. This wasn't a phishing scam; it was a direct assault on the download servers.
The digital storefront is under siege again, and this time it's a popular WordPress plugin bleeding customer payment data. Active exploitation means the threat isn't hypothetical; it's happening now.
A critical NGINX vulnerability, dubbed 'NGINX Rift,' has been disclosed, and it's already sending ripples through the internet infrastructure. Millions of websites could be exposed.
Forget phishing scams and zero-day exploits for a moment. What if the next big security threat is lurking in the crushing depths of the ocean, and it swims? We're diving into the bewildering world of the bigfin squid and what it might just reveal about our own data vulnerabilities.
The digital gladiators of Pwn2Own Berlin 2026 descended once more, and this time, the venerable titans of enterprise software felt the sting. By the close of day two, not even fully patched systems for Microsoft Exchange and Windows 11 were safe from the relentless ingenuity of zero-day exploitation.