11 Jul, 2026

New critical Exim mailer flaw allows remote code execution

A critical vulnerability affecting certain configurations of the Exim open-source mail transfer agent could be exploited by an unauthenticated remote attacker to execute arbitrary code. Identified as CVE-2026-45185, the security issue impacts some Exim versions before 4.99.3 that use the default GNU Transport Layer Security (GnuTLS) library for secure communication. It is a user-after-free (UAF) flaw triggered during the TLS […]

3 mins read

Windows BitLocker zero-day gives access to protected drives, PoC released

A cybersecurity researcher has published proof-of-concept (PoC) exploits for two unpatched Microsoft Windows vulnerabilities named YellowKey and GreenPlasma, which are a BitLocker bypass and a privilege-escalation flaw. Known as Chaotic Eclipse or Nightmare Eclipse, the researcher describes the BitLocker bypass issue as functioning like a backdoor because the vulnerable component is present only in the […]

6 mins read

Microsoft fixes BitLocker recovery issue only for Windows 11 users

Microsoft has addressed a known issue causing some Windows 11 systems to boot into BitLocker recovery after installing the April 2026 Windows security updates. BitLocker is a Windows security feature that encrypts storage drives to protect against data theft. It also often activates recovery mode after hardware changes or TPM (Trusted Platform Module) updates, blocking […]

2 mins read

OpenAI confirms security breach in TanStack supply chain attack

OpenAI says two employees’ devices were breached in the recent TanStack supply chain attack that impacted hundreds of npm and PyPI packages, causing the company to rotate code-signing certificates for its applications as a precaution. In a security advisory published today, the company said the incident did not impact customer data, production systems, intellectual property, […]

4 mins read

Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026

On the first day of Pwn2Own Berlin 2026, security researchers collected $523,000 in cash awards after exploiting 24 unique zero-days. Today’s highlight was Orange Tsai’s attempt, who was awarded $175,000 in rewards after chaining 4 logic bugs to achieve a sandbox escape on Microsoft Edge. Windows 11 was also hacked three times by Angelboy and TwinkleStar03 (working with the DEVCORE Internship Program), Marcin Wiązowski, […]

2 mins read

18-year-old NGINX vulnerability allows DoS, potential RCE

An 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for denial of service and, under certain conditions, remote code execution. The vulnerability is tracked as CVE-2026-42945 and received a critical severity rating of 9.2, based on the latest version of the Common Vulnerability Scoring System (CVSS). […]

5 mins read

KongTuke hackers now use Microsoft Teams for corporate breaches

Initial access broker KongTuke has moved to Microsoft Teams for social engineering attacks, taking as little as five minutes to gain persistent access to corporate networks. The threat actor tricks users into pasting a PowerShell command that ultimately delivers the ModeloRAT, which has been previously seen in ClickFix attacks [1, 2]. Initial access brokers (IAB) like […]

3 mins read

Microsoft fixes Windows Autopatch bug installing restricted drivers

Microsoft has fixed a Windows Autopatch bug that caused driver updates restricted by administrative policies to be deployed on some Autopatch-managed Windows devices in the European Union. According to a service alert first spotted by Microsoft MVP Susan Bradley, the issue affected only a limited number of devices running client Windows platforms (i.e., Windows 11 […]

1 min read

Foxconn confirms cyberattack claimed by Nitrogen ransomware gang

Foxconn, the world’s largest electronics manufacturer, says some of its North American factories are now working to resume normal operations after a cyberattack. The electronics giant has over 900,000 employees across over 240 campuses in 24 countries and reported revenues of over $260 billion in 2025. The company is ranked 28th in Fortune Global 500 […]

2 mins read

Microsoft says some users can’t install Office on Windows 365 devices

Microsoft says some customers are experiencing issues downloading and installing Office on their Windows 365 devices. Windows 365 is a cloud-based service that runs on Azure Virtual Desktop and allows enterprise customers with Windows 365 Enterprise or Windows 365 Business subscriptions to stream Windows Cloud PCs to end users. According to a service alert seen […]

1 min read