F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution

Blog

Byadmblake June 18, 2026

F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to achieve code execution on affected systems. The vulnerabilities are listed below – CVE-2026-42530 (CVSS v4 score: 9.2) – A use-after-free vulnerability in the ngx_http_v3_module that could be triggered by a remote unauthenticated attacker when NGINX…

F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to achieve code execution on affected systems.

The vulnerabilities are listed below –

CVE-2026-42530 (CVSS v4 score: 9.2) – A use-after-free vulnerability in the ngx_http_v3_module that could be triggered by a remote unauthenticated attacker when NGINX Open Source is

Blog

Sophos supports Objective-See Foundation to advance macOS security and inclusive cybersecurity education

Dedicated to building a stronger, more inclusive Apple security community through open-source security tools Sophos is proud to be a gold friend of the Objective-See Foundation, supporting its mission to expand access to cybersecurity education and foster innovative community-driven macOS security research. As macOS becomes a bigger target for cybercriminals, organizations like Objective-See are critical…

Read More Sophos supports Objective-See Foundation to advance macOS security and inclusive cybersecurity education
Blog

CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting N-able N-central to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. N-able N-central is a Remote Monitoring and Management (RMM) platform designed for Managed Service Providers (MSPs), allowing customers to efficiently manage and secure

Read More CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog
Blog

Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability

Google on Monday released security updates for its Chrome browser to address two security flaws, including one that has come under active exploitation in the wild. The vulnerability in question is CVE-2025-13223 (CVSS score: 8.8), a type confusion vulnerability in the V8 JavaScript and WebAssembly engine that could be exploited to achieve arbitrary code execution…

Read More Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability
Blog

First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials

Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add-in detected in the wild. In this unusual supply chain attack detailed by Koi Security, an unknown attacker claimed the domain associated with a now-abandoned legitimate add-in to serve a fake Microsoft login page, stealing over 4,000 credentials in the process….

Read More First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials
Blog

Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-cloud-services packages to steal credentials and secrets from developer machines and deliver a self-propagating worm. “This is effectively a Mini Shai-Hulud campaign: it uses the same core tactics of install-time execution, credential harvesting, CI/CD targeting, encrypted exfiltration, and potential

Read More Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
Blog

Hackers Weaponize Remote Tools to Hijack Cargo Freight

Researchers uncovered a new threat campaign in which attackers use RMM tools to steal physical cargo out of the supply chain.

Read More Hackers Weaponize Remote Tools to Hijack Cargo Freight

Related