News related to computer security, privacy and data protection
A newly reported zero-day vulnerability on NGINX Plus and NGINX Open, identified as CVE-2026-42945, is being actively exploited in the real environment just days after its publica…
Grafana has confirmed that an unauthorized actor obtained a token that allowed him to access his environment in GitHub and download part of the company's source code. According to…
A security researcher claims that Microsoft silently solved a critical vulnerability in Azure Backup for AKS after rejecting its report and blocking the issuance of a CVE, leaving…
A critical bug in the Funnel Builder (FunnelKit) plugin for WordPress is being exploited in real environments to inject malicious JavaScript into WooCommerce's payment pages and s…
The transformation of the backdoor known as Kazuar into a modular botnet peer-to-peer by the Russian group known as Secret Blizzard changes the rules of the game for the defenses …
A critical bug in the Funnel Builder (FunnelKit) plugin for WordPress, used to customize WooCommerce payment pages, is being exploited freely to insert malicious JavaScript fragme…
The recent adaptation of Kazuar by the Russian group Turla shows a deliberate evolution towards a model of modular and peer-to-peer botnet designed for resilience and stealth with…
The second day of Pwn2Own Berlin 2026 made it clear that business security and artificial intelligence are at the centre of modern risk: 15 unpublished vulnerabilities awarded wit…
Two critical failures reported this month in the visual builder Avada Builder for WordPress put at risk about a million sites: one allows the arbitrary reading of files on the ser…
