A threat actor started using the Shai-Hulud worm in attacks only days after the malware’s source code was released.

Grafana confirmed suffering a data breach, two days after a cybercrime group listed the company on its leak website.

Depthfirst has published technical details and proof-of-concept (PoC) exploit code targeting a critical NGINX vulnerability.

Microsoft is working to patch CVE-2026-42897, an Exchange Server zero-day vulnerability that has been exploited in attacks.

Other noteworthy stories that might have slipped under the radar: Nvidia cloud gaming data breach, Android 17 security upgrades, FBI warning after ShinyHunters hacks Canvas. SecurityWeek’s weekly ...

Apple on Monday published 11 new security advisories to inform customers about dozens of vulnerabilities patched in its ...

OpenAI has rotated code-signing certificates after code repositories containing them were compromised in the TanStack supply ...

Microsoft patches a critical Outlook vulnerability tracked as CVE-2026-40361 that can be exploited for remote code execution.

Over 170 TanStack, Mistral AI, OpenSearch, UiPath, and other packages were affected in a new Mini Shai-Hulud supply chain ...

A disgruntled security researcher this week publicly disclosed two zero-day vulnerabilities in Windows that enable BitLocker ...

Cisco has patched yet another critical SD-WAN zero-day vulnerability, the sixth SD-WAN flaw whose exploitation came to light ...

Broadcom announced on Thursday that it has released a VMware Fusion update to patch a high-severity vulnerability.