Search

blog.cloudflare.com

How Cloudflare responded to the “Copy Fail” Linux vulnerability

…Hunting for exploitation While our engineering team moved to a more targeted mitigation, our security investigation had been running since disclosure. This is our standard procedure for any critical vulnerability. Our security…

May 7, 2026 · Chris J Arges

Top stories

phoronix.com

X.Org Server Starts June With Nine New Security Vulnerabilities Discovered Via AI

6d ago

tweaktown.com

Microsoft threatened a security researcher with criminal charges, and the cybersecurity community isn't having it

1w ago

notebookcheck.net

Microsoft faces security community backlash over Nightmare Eclipse

1w ago

techcrunch.com

Microsoft under fire for threatening security researcher with criminal investigation | TechCrunch

1w ago

neowin.net › news

Is this the end? NHS is apparently shutting down most of its open source repos. Here's why

The NHS is (according to UK-based technologist and open-source advocate, Terence Eden) working on shutting down nearly all of its public source code repositories over security fears related to AI…

May 5, 2026 · David Uzondu

club386.com

PSA: Nvidia urges users to update GPU drivers due to security vulnerabilities | Club386

…Nvidia urges users to update GPU drivers due to security vulnerabilities Fixes for these vulnerabilities are available for both Windows and Linux users, and are already deployed within the latest GeForce Game…

May 20, 2026 · Fahd Temsamani

cnet.com › tech

Opera Adds Browser Connector Feature to Integrate AI Chatbots Into Browsers

…The protocol, known as MCP, is an open standard developed by Anthropic that enables a secure two-way connection between AI models, external data sources and tools such as search engines. (Disclosure…

Apr 16, 2026 · See full bio

Discussions and forums

r/cybersecurity · u/sunychoudhary · 3d ago

Researcher Drops a New VS Code Zero-Day After Losing Trust in Microsoft’s Disclosure Process

https://securityaffairs.com/193128/security/researcher-drops-a-new-vs-code-zero-day-after-losing-trust-in-microsofts-disclosure-process.html

r/cybersecurity · u/Aureliand · 1w ago

Microsoft vs Chaotic Eclipse: three zero-days now actively exploited

This one has been building for a month and it came to a head this week. A researcher going by Chaotic Eclipse has released six Windows zero-days publicly over the past several weeks, covering Defender, BitLocker, and Win…

r/netsec · u/unknownhad · 4w ago

The compression of the exploit timeline: Why n-day gaps and 90-day embargoes are failing in practice.

The traditional vulnerability disclosure timeline relies on a fundamental assumption: exploit development and vulnerability discovery take time. Over the last 12 months the integration of LLMs into offensive tooling has …

r/devops · u/pando85 · 3w ago

NGINX CVE-2026-42945 (ngx_http_rewrite_module) — patched boundary is 1.30.1 / 1.31.0

Disclosure: I work on Forkline, which maintains a fork of the retired Kubernetes ingress-nginx controller. NGINX published a security advisory for ngx_http_rewrite_module. The affected versions are NGINX Open Source belo…

r/kubernetes · u/pando85 · 3w ago

NGINX CVE-2026-42945 (rewrite module) — check your version if you are below 1.30.1 or 1.31.0

TL;DR: If you are running NGINX Open Source below 1.30.1 or 1.31.0, you are affected by the current ngx_http_rewrite_module CVE batch. For Kubernetes ingress-nginx users this is especially relevant — the retired controll…

windowscentral.com › microsoft

Microsoft bans security researcher's GitHub account after backdoor into Windows 11's BitLocker is intentional

Earlier this month, security sleuth and researcher "Chaotic Eclipse" (also known as Nightmare-Eclipse) published a zero-day exploit known as YellowKey , which allowed them to access BitLocker-protected drives on Windows…

May 28, 2026 · Kevin Okemwa

theregister.com › security › 2026 › …

Claude Desktop changes software permissions without consent

…But Hanff claims he never installed any Anthropic browser extensions due to privacy and security concerns. Claude Desktop did so for him, without disclosure or permission. Browser extensions magnify security and privacy…

Apr 20, 2026 · Thomas Claburn

bleepingcomputer.com › news › security

CISA orders feds to patch actively exploited Drupal vulnerability

…The security flaw can be exploited without authentication, allowing attackers to trigger arbitrary SQL injection on PostgreSQL-powered sites via specially crafted requests. Successful exploitation can potentially lead to information disclosure, privilege…

May 26, 2026 · Sergiu Gatlan

xda-developers.com

OpenClaw promised a self-hosted AI assistant I could actually leave running, but Hermes Agent is the one that delivers it

…The repo has a SECURITY.md with a 90-day coordinated disclosure window, a private security inbox, and an explicit list of what is in and out of scope. Hermes moves fast…

May 19, 2026 · Adam Conway

apple.com › newsroom › 2024 › …

Apple announces changes to iOS, Safari, and the App Store in the European Union

…That’s why Apple is introducing protections — including Notarization for iOS apps, an authorization for marketplace developers, and disclosures on alternative payments — to reduce risks and deliver the best, most secure experience…

Jan 25, 2024

theverge.com › policy › 935299 › …

Meta and Google get data from the app your boss uses to track you

…They urge state and federal law enforcers to consider whether certain worker data collection and disclosure might violate existing state privacy laws or unfair practices laws when it’s used in ways…

May 21, 2026 · Lauren Feiner