Pierluigi Paganini
May 14, 2026
Broadcom patched a high-severity VMware Fusion flaw, CVE-2026-41702, that could let local attackers gain root privileges. Broadcom released a security update for VMware Fusion to address a high-severity vulnerability, tracked as CVE-2026-41702, that could allow local attackers to escalate privileges to root on affected systems. The flaw is a time-of-check time-of-use (TOCTOU) vulnerability affecting operations […]
Pierluigi Paganini
May 14, 2026
Researchers found a critical 18-year-old buffer overflow flaw in NGINX, tracked as CVE-2026-42945 and named NGINX Rift. If you run NGINX, and statistically speaking, there is a very good chance you do, this week brought news worth stopping for. Security researchers at depthfirst disclosed a critical heap buffer overflow vulnerability in both NGINX Plus and […]
Pierluigi Paganini
May 14, 2026
Chinese-linked FamousSparrow repeatedly targeted an Azerbaijani oil and gas company, reusing the same entry point in three intrusions from Dec 2025 to Feb 2026. Chinese-linked threat actor FamousSparrow has conducted a sustained intrusion campaign against an Azerbaijani oil and gas company, returning to the same compromised entry point three separate times between late December 2025 […]
Pierluigi Paganini
May 14, 2026
Foxconn confirmed a cyberattack on some North American factories. The Nitrogen ransomware group claims it stole 8TB of data from the firm. Foxconn confirmed that several of its North American factories were affected by a cyberattack. The manufacturer confirmed it was targeted by threat actors after the Nitrogen ransomware group listed it on its Tor […]
Pierluigi Paganini
May 13, 2026
CVE-2025-32975 is a critical flaw in Quest KACE SMA used for endpoint management. If exploited, it could impact all managed systems across organizations. CVE-2025-32975 is a critical flaw in Quest KACE SMA used for endpoint management. If exploited, it could impact all managed systems across organizations. Quest KACE SMA is an on-premises endpoint management platform […]
Pierluigi Paganini
May 13, 2026
Educational tech firm Instructure reached a deal with hackers after a major Canvas breach exposed data stolen from schools and universities. Educational tech firm Instructure says it reached an agreement with the cybercrime group behind a major Canvas data theft, after attackers broke into its systems and threatened to publish stolen information from schools and […]
Pierluigi Paganini
May 13, 2026
Fortinet patched critical flaws in FortiSandbox and FortiAuthenticator that could let attackers remotely execute code on unpatched systems. Fortinet addressed two critical vulnerabilities affecting FortiSandbox and FortiAuthenticator. The flaws could allow attackers to execute arbitrary commands or code on unpatched systems. The first vulnerability, tracked as CVE-2026-44277, is an improper access control issue in FortiAuthenticator. […]
Pierluigi Paganini
May 12, 2026
BWH Hotels says hackers accessed guest reservation data, including names and contacts, for over six months across multiple hotel brands. BWH Hotels disclosed a data breach, with threat actors having had access to guest reservation data for more than six months. The incident exposed names and contact details of an undisclosed number of guests. BWH […]
Pierluigi Paganini
May 12, 2026
Anthropic’s AI found five vulnerabilities in curl, but only one low-severity issue proved to be a real vulnerability. In April, Anthropic made considerable noise announcing Mythos, a new artificial intelligence model described as so effective at identifying vulnerabilities in code as to be, in the company’s own words, “dangerously good.” So good, in fact, that […]
Pierluigi Paganini
May 12, 2026
Attackers are exploiting cPanel flaw CVE-2026-41940 to install the Filemanager backdoor and gain unauthorized admin access. Cybercriminals are actively exploiting the critical cPanel vulnerability CVE-2026-41940 (CVSS score of 9.3) to deploy a backdoor called Filemanager on compromised servers. cPanel is a widely used web hosting control panel that lets users manage websites and servers through a […]
