Security Week

Cybersecurity News, Insights & Analysis

  1. PoC Code Published for Critical NGINX Vulnerability

    Introduced in 2008, the critical-severity security defect was patched this week in NGINX Plus and NGINX open source.

    The post PoC Code Published for Critical NGINX Vulnerability appeared first on SecurityWeek.

  2. In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws

    Other noteworthy stories that might have slipped under the radar: Nvidia cloud gaming data breach, Android 17 security upgrades, FBI warning after ShinyHunters hacks Canvas.

    The post In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws appeared first on SecurityWeek.

  3. Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild

    Microsoft has shared mitigations for CVE-2026-42897 until a permanent patch can be released for affected Exchange Server versions.

    The post Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild appeared first on SecurityWeek.

  4. American Lending Center Data Breach Affects 123,000 Individuals

    The non-bank lender discovered a ransomware attack nearly one year ago, but only recently completed its investigation.

    The post American Lending Center Data Breach Affects 123,000 Individuals appeared first on SecurityWeek.

  5. OpenAI Hit by TanStack Supply Chain Attack

    Two employee devices were compromised in the attack, and credential material was stolen from OpenAI code repositories.

    The post OpenAI Hit by TanStack Supply Chain Attack appeared first on SecurityWeek.

  6. TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code

    The hacking group is encouraging miscreants to use the code in supply chain attacks, promising monetary rewards.

    The post TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code appeared first on SecurityWeek.

  7. Chrome 148 Update Patches Critical Vulnerabilities

    The refresh resolves critical-severity use-after-free and other types of bugs in various browser components.

    The post Chrome 148 Update Patches Critical Vulnerabilities appeared first on SecurityWeek.

  8. Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026

    The zero-day, tracked as CVE-2026-20182, has been exploited in targeted attacks by a sophisticated threat actor identified as UAT-8616.

    The post Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026 appeared first on SecurityWeek.

  9. Enhancing Data Center Security Without Sacrificing Performance

    For AI data centers, where the stakes are the highest and performance constraints are the tightest, security and performance are no longer a zero-sum game.

    The post Enhancing Data Center Security Without Sacrificing Performance appeared first on SecurityWeek.

  10. New Linux Kernel Vulnerability Fragnesia Allows Root Privilege Escalation

    The vulnerability, tracked as CVE-2026-46300, is similar to the recently disclosed exploits named Dirty Frag and Copy Fail.

    The post New Linux Kernel Vulnerability Fragnesia Allows Root Privilege Escalation appeared first on SecurityWeek.