OpenAI says two employees’ devices were breached in the recent TanStack supply chain attack that impacted hundreds of npm and PyPI packages, causing the company to rotate code-signing certificates for its applications as a precaution. In a security advisory published today, the company said the incident did not impact customer data, production systems, intellectual property, […]
On the first day of Pwn2Own Berlin 2026, security researchers collected $523,000 in cash awards after exploiting 24 unique zero-days. Today’s highlight was Orange Tsai’s attempt, who was awarded $175,000 in rewards after chaining 4 logic bugs to achieve a sandbox escape on Microsoft Edge. Windows 11 was also hacked three times by Angelboy and TwinkleStar03 (working with the DEVCORE Internship Program), Marcin Wiązowski, […]
An 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for denial of service and, under certain conditions, remote code execution. The vulnerability is tracked as CVE-2026-42945 and received a critical severity rating of 9.2, based on the latest version of the Common Vulnerability Scoring System (CVSS). […]
Initial access broker KongTuke has moved to Microsoft Teams for social engineering attacks, taking as little as five minutes to gain persistent access to corporate networks. The threat actor tricks users into pasting a PowerShell command that ultimately delivers the ModeloRAT, which has been previously seen in ClickFix attacks [1, 2]. Initial access brokers (IAB) like […]
Microsoft has fixed a Windows Autopatch bug that caused driver updates restricted by administrative policies to be deployed on some Autopatch-managed Windows devices in the European Union. According to a service alert first spotted by Microsoft MVP Susan Bradley, the issue affected only a limited number of devices running client Windows platforms (i.e., Windows 11 […]
Foxconn, the world’s largest electronics manufacturer, says some of its North American factories are now working to resume normal operations after a cyberattack. The electronics giant has over 900,000 employees across over 240 campuses in 24 countries and reported revenues of over $260 billion in 2025. The company is ranked 28th in Fortune Global 500 […]
Microsoft says some customers are experiencing issues downloading and installing Office on their Windows 365 devices. Windows 365 is a cloud-based service that runs on Azure Virtual Desktop and allows enterprise customers with Windows 365 Enterprise or Windows 365 Business subscriptions to stream Windows Cloud PCs to end users. According to a service alert seen […]
The U.S. House Committee on Homeland Security is calling on Instructure executives to testify about two cyberattacks by the ShinyHunters extortion group that targeted the company’s Canvas platform, allowing threat actors to steal student data and disrupt schools during final exams. In a letter sent Monday afternoon to Instructure CEO Steve Daly, Homeland Security Committee […]
Instructure, the edtech giant behind the widely popular Canvas learning management system (LMS), has reached an “agreement” with the ShinyHunters extortion group to prevent the data stolen in a recent breach from being leaked online. The company says over 30 million educators and students use its Canvas platform across more than 8,000 schools and universities […]
Dell confirmed that its SupportAssist software is causing blue-screen crashes on some Windows systems following a wave of user reports about random reboots affecting Dell devices since Friday. SupportAssist is a software suite developed by Dell that comes pre-installed on most new Dell computers running Windows 10 or Windows 11. A Dell representative told customers […]
