soc

CVE-2026-42945: NGINX Rewrite Heap Overflow Enables Remote DoS & Potential RCE CVE-2026-Adresse geschuetzt ngx_http_rewrite_module (the rewrite module). The bug is remotely reachable over HTTP and can be triggered without authentication when specific rewrite-rule patterns are present, which makes it relevant for internet-facing NGINX reverse proxies. Many […]

Top 5 Hacker Forums on the Surface Web Security teams often associate cybercrime forums exclusively with the Dark Web and Tor. However, several of the most active underground communities now operate openly on the surface web, accessible via standard browsers and indexed infrastructure. These forums facilitate the trade of stolen credentials, corporate access, ransomware tools, […]

The first exploitation attempts were observed less than four hours after the authentication bypass was publicly disclosed. The post Hackers Targeted PraisonAI Vulnerability Hours After Disclosure appeared first on SecurityWeek.

The patch was announced as Broadcom is attending the Pwn2Own hacking competition in Berlin this week. The post High-Severity Vulnerability Patched in VMware Fusion appeared first on SecurityWeek.

BreachForums & TeamPCP Promote Supply Chain Competition as Cybercrime Gets Gamified Underground cybercrime communities are increasingly borrowing ideas from legitimate tech ecosystems: branding, public challenges, shared tools, reputation building, and even prize-based competitions. Recently BreachForums and TeamPCP promoted what they describe as a “supply chain competition,” encouraging threat actors to conduct the “biggest supply chain […]

YellowKey is a BitLocker bypass that requires physical access. GreenPlasma enables elevation of privileges to System. The post Researcher Drops YellowKey, GreenPlasma Windows Zero-Days appeared first on SecurityWeek.