OpenAI said the TanStack supply chain attack compromised two employee devices and exposed credentials from code repositories. OpenAI confirmed that the recent TanStack supply chain attack compromised two employee... Read more »
Day two of Pwn2Own Berlin 2026 saw $385,750 earned for 15 zero-days, bringing the total to $908,750 and 39 vulnerabilities over two days. During the second day of Pwn2Own... Read more »
Microsoft warned that attackers are exploiting a new Exchange Server zero-day vulnerability, tracked as CVE-2026-42897, in the wild. Microsoft warned that threat actors are actively exploiting a new Exchange... Read more »
ESET uncovered new Ghostwriter (aka FrostyNeighbor) activity targeting Ukrainian government organizations in a campaign active since March 2026. ESET researchers published a new report documenting fresh activity attributed to... Read more »
Researchers disclosed two new Windows zero-days named YellowKey and GreenPlasma affecting BitLocker and the CTFMON framework. A security researcher known as Chaotic Eclipse, also called Nightmare-Eclipse, disclosed two new... Read more »
Pwn2Own Berlin 2026 day one saw 22 entries and 24 zero-days across major software, with researchers earning $523,000 in total rewards. Day one of Pwn2Own Berlin 2026 featured 22... Read more »
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Cisco Catalyst SD-WAN to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a... Read more »
Fragnesia, a new Linux kernel flaw tracked as CVE-2026-46300, could let local attackers gain root access through page cache corruption. Researchers disclosed a new Linux kernel privilege escalation vulnerability... Read more »
Broadcom patched a high-severity VMware Fusion flaw, CVE-2026-41702, that could let local attackers gain root privileges. Broadcom released a security update for VMware Fusion to address a high-severity vulnerability,... Read more »
Researchers found a critical 18-year-old buffer overflow flaw in NGINX, tracked as CVE-2026-42945 and named NGINX Rift. If you run NGINX, and statistically speaking, there is a very good... Read more »
