The critical NGINX flaws now have a clearer technical path.

CVE-2026-42530 comes down to an HTTP/3 lifetime mismatch that can leave a freed stream pointer treated as valid.

CVE-2026-42055 lets oversized HPACK data write past its buffer, causing unauthenticated worker crashes.

New macOS ClickFix attack silently mounts DMGs to push infostealer.

Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents.

Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices to Kernel Attacks.

2 Scattered Spider-Linked Hackers Plead Guilty Over £39M TfL Cyberattack.

GIGABYTE confirms UEFI password bypass possible, calls it a design issue.

This is what a real hacker looks like.

This is what a hacker looks like in movies.

Anyone can be a hacker, not just skinny white dudes in hoodies.

@HackersQuote

Japanese telco exposes 14.2 million managed email credentials.

Petro alleges U.S.–Israeli cyber units interfered in elections after right-wing candidate narrowly wins Colombian presidency.

China overtakes US with world's fastest supercomputer

China's LineShine supercomputer has surpassed the US-based El Capitan to become the world's fastest supercomputer, reaching a processing capacity of 2.198 exaflops, according to the latest TOP500 rankings.

Cisco Unified CM admins should check WebDialer now.

CVE-2026-20230 is being exploited, and vulnerable WebDialer-enabled systems can be abused by unauthenticated attackers to write files.

Exploiting vulnerabilities in Johnson & Johnson web apps.

New GhostShell Hacking Group Targets Ukraine’s Drone Defense Sector.

Mozilla proposes privacy-preserving alternative to CAPTCHAs.

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks.

FortiBleed campaign steals 110M credentials from FortiGate targets.

Japan’s army used USB drives with Chinese malware for a year.

New Mistic Backdoor Linked to KongTuke in ClickFix and ModeloRAT Campaigns.