Morning Overview on MSN

An 18-year-old heap buffer overflow in NGINX gives attackers remote code execution ...

A single rewrite rule, the kind pasted into NGINX configurations thousands of times a day, can hand an unauthenticated ...

18-year-old NGINX vulnerability allows DoS, potential RCE

An 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for ...
The Hacker News

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

NGINX Rift CVE-2026-42945 scores 9.2 after 18 years, enabling unauthenticated RCE or DoS via crafted HTTP requests.

Microsoft’s Patch Tuesday Update Targets 120 Security Flaws

Microsoft’s May Patch Tuesday fixes 120 flaws, including 31 remote code execution bugs, with no zero-days reported at release ...
Morning Overview on MSN

An 18-year-old flaw in NGINX just gave attackers remote code execution on millions of web ...

For roughly 18 years, a chunk of code inside one of the internet’s most popular web servers quietly carried a critical ...
The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...

Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator

Fortinet has released security patches for two critical vulnerabilities in FortiSandbox and FortiAuthenticator that could ...
SecurityWeek

Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises

Microsoft patches a critical Outlook vulnerability tracked as CVE-2026-40361 that can be exploited for remote code execution.
SecurityWeek

Critical Remote Code Execution Vulnerability Patched in Android

Google announced on Monday the release of an Android update patching a critical vulnerability that can be exploited for ...