Cybersecurity

Drupal will release a critical security fix for its CMS on May 20, 2026, warning that exploits could appear "within hours or days."Patches will...

Four malicious npm packages discovered distributing information-stealing malware and a DDoS botnet.One package contains a clone of the open-source Shai-Hulud worm leaked by TeamPCP.Attackers...

A critical heap buffer overflow vulnerability (CVE-2026-42945) in NGINX is being actively exploited in the wild, allowing for denial-of-service or potential remote code execution.Exploitation...

Grafana disclosed a data breach where an unauthorized party accessed its GitHub and downloaded its codebase.The cybercrime group CoinbaseCartel has claimed responsibility for the...

The Russian state-sponsored group Turla (aka Secret Blizzard) has evolved its Kazuar malware into a modular, peer-to-peer botnet.This new architecture features three specialized modules—Kernel,...

Microsoft disclosed an actively exploited spoofing vulnerability tracked as CVE-2026-42897 in on-premise Exchange Server versions.The flaw allows attackers to execute arbitrary JavaScript by sending...

Cisco patched a critical vulnerability (CVE-2026-20182) in its Catalyst SD-WAN software that has been exploited in limited attacks.The flaw, with a maximum CVSS score...

Attackers targeted the PraisonAI vulnerability within 3 hours and 44 minutes of its public disclosure on May 11, 2026.The flaw, CVE-2026-44338, is a missing...