Follow Cyber Kendra on Google News! | WhatsApp | Telegram

Add as a preferred source on Google
Posts
NGINX Hit by Second Unauthenticated RCE —'nginx-poolslip'

NGINX Hit by Second Unauthenticated RCE —'nginx-poolslip'

F5 has rushed out a security advisory for a second critical heap overflow vulnerability in NGINX's URL rewriting engine this month — and this one…
How Data Rooms Became Decision-Making Tools

How Data Rooms Became Decision-Making Tools

Over the years, data rooms were considered simple storage platforms — a secure location where companies posted documents for audit, fundraising, or m…
Trend Micro's Own Security Tool Turned Against Enterprises — Apex One Zero-Day Actively Exploited

Trend Micro's Own Security Tool Turned Against Enterprises — Apex One Zero-Day Actively Exploited

The endpoint security software meant to protect enterprise networks from attackers has itself become a target. Trend Micro has patched a zero-day vul…
Windows Kernel Bug Breaks Every Browser Sandbox — And It Almost Stayed Secret Until Pwn2Own

Windows Kernel Bug Breaks Every Browser Sandbox — And It Almost Stayed Secret Until Pwn2Own

A security researcher prepared a devastating Windows kernel exploit for Pwn2Own Berlin 2026 — then had to watch it go public days before the contest …
PoC Exploit Released for Drupal's Critical SQL Injection CVE-2026-9082

PoC Exploit Released for Drupal's Critical SQL Injection CVE-2026-9082

A day after Drupal's emergency patches landed , security researchers at Searchlight Cyber have published a full technical breakdown of CVE-2026-9…
Nine-Year-Old Linux Kernel Flaw CVE-2026-46333 Lets Attackers Steal SSH Keys, Shadow Passwords, and Root Access

Nine-Year-Old Linux Kernel Flaw CVE-2026-46333 Lets Attackers Steal SSH Keys, Shadow Passwords, and Root Access

The Qualys Threat Research Unit (TRU) has released the full advisory for CVE-2026-46333, a logic flaw in the Linux kernel's __ptrace_may_access()…
Drupal Patches Highly Critical SQL Injection That Lets Anonymous Attackers Hijack PostgreSQL-Backed Sites

Drupal Patches Highly Critical SQL Injection That Lets Anonymous Attackers Hijack PostgreSQL-Backed Sites

Drupal has pushed emergency security updates for a highly critical SQL injection vulnerability in its core database abstraction layer — the kind of f…
PinTheft: New Linux Exploit Steals Kernel References to Root Shell

PinTheft: New Linux Exploit Steals Kernel References to Root Shell

A working proof-of-concept exploit for a new Linux kernel privilege escalation bug called PinTheft went public this week, adding another name to a gr…
PostgreSQL Patches 11 Security Flaws, Including Code Execution and a Sneaky Password-Stealing Timing Attack

PostgreSQL Patches 11 Security Flaws, Including Code Execution and a Sneaky Password-Stealing Timing Attack

The world's most popular open-source database just dropped its biggest security update of the year — and if you haven't patched yet, attacker…
GitHub's Own Codebase Was Breached — A Poisoned VS Code Extension Was All It Took

GitHub's Own Codebase Was Breached — A Poisoned VS Code Extension Was All It Took

The world's largest code-hosting platform just became the victim of its own ecosystem. On May 20, 2026, GitHub confirmed that a threat actor exf…