The Hacker News

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

NGINX Rift CVE-2026-42945 scores 9.2 after 18 years, enabling unauthenticated RCE or DoS via crafted HTTP requests.
Morning Overview on MSN

An 18-year-old heap buffer overflow in NGINX gives attackers remote code execution — billions of devices run the affected module

A single rewrite rule, the kind pasted into NGINX configurations thousands of times a day, can hand an unauthenticated ...
Microsoft

Kazuar: Anatomy of a nation-state botnet

Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues to evolve in support of espionage-focused ...
Microsoft

Undermining the trust boundary: Investigating a stealthy intrusion through third-party compromise

Microsoft Incident Response investigated an attack operated through legitimate and trusted administrative mechanisms to blend ...
The Roanoke Times

CASEY: Salem woman avoids getting taken by Xfinity-Target ‘discount’ scam

Unfortunately you've used all of your gifts this month. Your counter will reset on the first day of next month.