Information

Technical details and proof-of-concept (PoC) exploit code targeting a newly patched critical-severity vulnerability in NGINX are now available. Tracked as CVE-2026-42945 (CVSS score of 9.2), the issue was patched in the widely used web server this week as part of F5’s latest quarterly patch release, 16 years after it was introduced. The bug is described as a heap buffer overflow in the ngx_http_rewrite_module component that could be exploited to trigger a restart, creating a denial-of-service…

SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: Nvidia cloud gaming partner suffers data breach Nvidia has confirmed that…

OpenAI has disclosed the impact of the recent TanStack supply chain attack, warning that credential material was exfiltrated from internal source code repositories. The open source web application development stack TanStack was hit on May 11, when the TeamPCP hacking group exploited security weaknesses in the package publishing process to release 84 malicious artifacts across 42 packages. Over 170 packages across several high-profile NPM and PyPI namespaces were compromised on the same day as part…

F5 on Wednesday announced fixes for over 19 high-severity and 32 medium-severity vulnerabilities impacting BIG-IP, BIG-IQ, and NGINX. Based on the CVSS score, the most severe of the resolved issues is CVE-2026-42945 (CVSS v4.0 score of 9.2), a denial-of-service (DoS) condition in NGINX’s ngx_http_rewrite_module module. The bug allows an unauthenticated attacker to send crafted HTTP requests that, combined with certain conditions beyond the attacker’s control, could trigger a heap buffer overflow and a restart. If…

Fortinet and Ivanti on Tuesday announced patches for 18 vulnerabilities across their product portfolios, including three critical-severity bugs. Fortinet published 11 advisories describing as many bugs, including two dealing with critical-severity code execution security defects. Tracked as CVE-2026-44277 (CVSS score of 9.1), the first of them is an improper access control issue in FortiAuthenticator that could be exploited remotely, without authentication, via crafted requests. “FortiAuthenticator Cloud is not impacted by the issue, and hence customers…

Frame Security emerged from stealth mode on Monday with $50 million in funding raised for its AI-powered cybersecurity awareness and training platform. The investment came from Team8, Index Ventures, Picture Capital, Elad Gil, Cerca Partners, and Tesonet. US- and Israel-based Frame Security was founded by Tal Shlomo, who serves as the company’s CEO, and Sharon Shmueli, who serves as CTO. Shlomo was one of the earliest employees of cloud security giant Wiz, while Shmueli until…