A recently patched local privilege escalation vulnerability in the Linux kernel’s rxgk module now has a proof-of-concept exploit that allows attackers to gain root access on some Linux systems. […]
Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations
A new analysis of the Lua-based fast16 malware has confirmed that it was a cyber sabotage tool designed to tamper with nuclear weapons testing simulations.
According to Broadcom-owned Symantec and Carbon Black teams, the pre-Stuxnet tool was engineered to corrupt uranium-compression simulations that are central to nuclear weapon design.
“Fast16’s hook engine is selectively interested in
According to Broadcom-owned Symantec and Carbon Black teams, the pre-Stuxnet tool was engineered to corrupt uranium-compression simulations that are central to nuclear weapon design.
“Fast16’s hook engine is selectively interested in
Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026
The Pwn2Own Berlin 2026 hacking contest has concluded, with security researchers collecting $1,298,250 in rewards after exploiting 47 zero-day flaws. […]
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems
Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on fully patched Windows systems.
Codenamed MiniPlasma, the vulnerability impacts “cldflt.sys,” which refers to the Windows Cloud Files Mini Filter Driver,
Codenamed MiniPlasma, the vulnerability impacts “cldflt.sys,” which refers to the Windows Cloud Files Mini Filter Driver,
Hackers Earn $1.3 Million at Pwn2Own Berlin 2026
Participants demonstrated exploits for Windows, Linux, VMware, Nvidia, and AI products.
The post Hackers Earn $1.3 Million at Pwn2Own Berlin 2026 appeared first on SecurityWeek.
New Windows ‘MiniPlasma’ zero-day exploit gives SYSTEM access, PoC released
A cybersecurity researcher has released a proof-of-concept exploit for a Windows privilege escalation zero-day dubbed “MiniPlasma” that lets attackers gain SYSTEM privileges on fully patched Windows systems. […]
Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing
The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack Microsoft 365 accounts. […]
NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck.
The vulnerability, tracked as CVE-2026-42945 (CVSS score: 9.2), is a heap buffer overflow in ngx_http_rewrite_module affecting NGINX versions 0.6.27 through 1.30.0. According to AI-native security company depthfirst, the
The vulnerability, tracked as CVE-2026-42945 (CVSS score: 9.2), is a heap buffer overflow in ngx_http_rewrite_module affecting NGINX versions 0.6.27 through 1.30.0. According to AI-native security company depthfirst, the
Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
Grafana has disclosed that an “unauthorized party” obtained a token that granted them the ability to access the company’s GitHub environment and download its codebase.
“Our investigation has determined that no customer data or personal information was accessed during this incident, and we have found no evidence of impact to customer systems or operations,” Grafana
said
in a series of
Microsoft rejects critical Azure vulnerability report, no CVE issued
A security researcher claims Microsoft quietly fixed an Azure Backup for AKS vulnerability after rejecting his report, and without issuing a CVE. Microsoft disputes the claim, telling BleepingComputer the behavior was expected and that “no product changes were made,” despite the researcher documenting a silent fix. […]