Collaborate Disseminate
AI-assisted vulnerability research has exploded, unleashing a firehose of low-quality reports on overworked software maintainers who are wasting hours sifting through noise instead of fixing real problems. Linus Torvalds, the Linux kernel’s creat… Continue reading AI is drowning software maintainers in junk security reports
A critical NGINX vulnerability (CVE-2026-42945) disclosed last week is being exploited by attackers, VulnCheck security researcher Patrick Garrity revealed on Saturday. The vulnerability, dubbed NGINX Rift, can be reliably exploited to trigger a denial… Continue reading Attackers are exploiting critical NGINX vulnerability (CVE-2026-42945)
A threat actor has managed to access Grafana Labs’ GitHub environment and download the company’s codebase, the open-source observability and data visualization firm announced on Sunday. The breach is significant given Grafana Labs’ wi… Continue reading Attackers accessed, downloaded code from Grafana Labs’ GitHub
Progress Software has fixed a critical authentication bypass (CVE-2026-4670) and a privilege escalation (CVE-2026-5174) vulnerability in MOVEit Automation, exploitation of which “may lead to unauthorized access, administrative control, and data e… Continue reading Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670)
The situation around the critical cPanel authentication bypass vulnerability (CVE-2026-41940) has deteriorated significantly since our initial coverage. Exploratory probing has evolved into multi-actor exploitation, leading to disrupted websites, ranso… Continue reading Multiple threat actors actively exploit cPanel vulnerability (CVE-2026-41940)
A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel, a popular web-based control panel for managing web hosting accounts, is being exploited by attackers in the wild. What’s more, attackers didn’t have to wait for watc… Continue reading cPanel zero-day exploited for months before patch release (CVE-2026-41940)
Security researchers at Theori have disclosed a high-severity local privilege escalation (LPE) vulnerability (CVE-2026-31431) in the Linux kernel. The flaw, nicknamed “Copy Fail”, has affected virtually every major Linux distribution shippe… Continue reading Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431)
Apple has rolled out security updates for iPhones and iPads that fix CVE-2026-28950, a logging issue in Notification Services that made devices unexpectedly retain notifications marked for deletion. The vulnerability was patched following a recent repo… Continue reading Apple fixes iPhone bug that let FBI retrieve deleted Signal messages(CVE-2026-28950)
Hidden inside newly discovered botnet malware is an unusual message from its creator: “AI.NEEDS.TO.DIE”. Dubbed “tuxnokill” by researchers at Akamai, the malware is one of two fresh Mirai botnet variants documented this month by… Continue reading New Mirai variants target routers and DVRs in parallel campaigns
Progress Software has fixed a slew of high-severity vulnerabilities in MOVEit WAF and LoadMaster, including a flaw (CVE-2026-21876) that may allow attackers to bypass firewall detection. MOVEit WAF (web application firewall) is designed to protect Prog… Continue reading Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876)