News
Microsoft Exchange Zero-Day Exploited in the Wild " and Pwn2 Own Researchers Just Made It Worse
1+ hour, 7+ min ago (477+ words) Follow Cyber Kendra on Google News! | Whats App | Telegram Microsoft Exchange Server is having a very bad week. While threat actors are already exploiting a critical cross-site scripting vulnerability in the wild, elite researchers at Pwn2 Own Berlin 2026 independently demonstrated full…...
Linux Kernel Strikes Again: "Fragnesia" Is the Third Root-Level Flaw in Two Weeks
2+ day, 10+ hour ago (16+ words) cyberkendra. com...
NGINX Rift: An 18-Year-Old Bug Lets Hackers Hijack One-Third of the Internet's Web Servers
2+ day, 9+ hour ago (392+ words) Follow Cyber Kendra on Google News! | Whats App | Telegram A memory corruption flaw in NGINX's source code, hidden since 2008, now has a working exploit. An unauthenticated attacker anywhere on the internet can send a single crafted HTTP request to crash…...
Composer Bug Silently Dumped Git Hub Tokens Into CI Logs " Patch Now
2+ day, 11+ hour ago (479+ words) Follow Cyber Kendra on Google News! | Whats App | Telegram Millions of PHP developers who rely on Composer for dependency management were silently exposed to a token-leaking vulnerability this week " one that required no misconfiguration, no attacker interaction, and no unusual…...
Hackers Used AI to Build a Real Zero-Day Exploit " And Almost Deployed It at Scale
3+ day, 11+ hour ago (335+ words) Follow Cyber Kendra on Google News! | Whats App | Telegram For the first time, researchers have confirmed that a criminal threat actor used artificial intelligence to discover and weaponize a zero-day vulnerability " and nearly launched a mass exploitation campaign before being…...
Tan Stack Packages Hit by Sophisticated Supply Chain Attack
4+ day, 1+ hour ago (404+ words) Follow Cyber Kendra on Google News! | Whats App | Telegram A self-propagating worm has torn through the Tan Stack Java Script ecosystem, publishing 84 malicious versions across 42 widely used npm packages in a six-minute window " and the attack was so well engineered…...
React and Next. js Hit With 12 Security Flaws " Three Let Attackers Bypass Auth, Hijack Servers
1+ week, 1+ day ago (409+ words) Follow Cyber Kendra on Google News! | Whats App | Telegram Cloudflare disclosed the situation on its WAF changelog on May 7, noting that the vulnerabilities were shared with minimal advance notice, leaving investigators still working out which flaws can even be blocked…...
JDownloader Website Hacked " Malicious Installers Served to Windows and Linux Users
1+ week, 1+ day ago (227+ words) Follow Cyber Kendra on Google News! | Whats App | Telegram JDownloader, one of the most widely used free download managers with millions of users across Windows, mac OS, and Linux, had its official website compromised by attackers who quietly swapped legitimate…...
Dirty Frag " No Patch, No Warning " Root Access on Every Major Linux Distro
1+ week, 1+ day ago (447+ words) Follow Cyber Kendra on Google News! | Whats App | Telegram Discovered by Korean security researcher Hyunwoo Kim, Dirty Frag chains two separate kernel vulnerabilities to hand any local user a root shell on virtually every major Linux distribution " and right now,…...
Ubuntu's X Account Appears Hijacked to Push Fake "Numbat" Solana AI Agent Crypto Scam
1+ week, 1+ day ago (433+ words) Follow Cyber Kendra on Google News! | Whats App | Telegram Ubuntu users and open-source enthusiasts should be on high alert: a sophisticated impersonation campaign is exploiting Ubuntu's branding " and possibly its official X (formerly Twitter) account " to lure victims into a…...