Introduced in 2008, the critical-severity security defect was patched this week in NGINX Plus and NGINX open source. Because the internal engine state changes between the two passes, if a rewrite ...

Other noteworthy stories that might have slipped under the radar: Nvidia cloud gaming data breach, Android 17 security upgrades, FBI warning after ShinyHunters hacks Canvas. SecurityWeek’s weekly ...

Microsoft is working to patch CVE-2026-42897, an Exchange Server zero-day vulnerability that has been exploited in attacks.

American Lending Center this week revealed that a data breach discovered last year has impacted more than 123,000 individuals ...

OpenAI has rotated code-signing certificates after code repositories containing them were compromised in the TanStack supply ...

Google has released a Chrome 148 update that resolves 79 vulnerabilities, including 14 critical-severity security defects.

Cisco has patched yet another critical SD-WAN zero-day vulnerability, the sixth SD-WAN flaw whose exploitation came to light ...

The hacking group is encouraging miscreants to use the code in supply chain attacks, promising monetary rewards. The infamous TeamPCP hacking group that besieged the open source software ecosystem ...

Data centers have always been among the most challenging environments to secure. Physical servers host hypervisors.

Mythos outperformed rival models in vulnerability discovery, particularly in live-plus-source testing, but showed limitations ...

China-linked Salt Typhoon and Twill Typhoon were seen expanding their target list and updating their arsenal in recent ...

Government agencies from G7 countries this week published joint guidance to help organizations create an SBOM for AI.