AI agent finds 18-year-old remote code execution flaw in Nginx
CSO Online 14.05.2026 23:06
Researchers have found a critical vulnerability in the widely used Nginx web server that can potentially lead to remote code execution under certain conditions. The flaw is a heap buffer overflow that has gone undetected in the program’s code for the past 18 years.
Tracked as CVE-2026-42945, the vulnerability is one of 4 bugs found in Nginx by researchers from security startup DepthFirst AI, using their LLM-powered platform. It adds to the increasing number of flaws that security scanners and humans have missed in high profile open-source projects over the years, but which have been discovered with the help of AI models in recent months.
Meet Fragnesia, the third Linux kernel vulnerability in a month
CSO Online 14.05.2026 20:29
Linux admins reeling from handling last month’s CopyFail and last week’s Dirty Frag kernel vulnerabilities have a new headache to deal with: Fragnesia.
“This is a significant vulnerability,” Robert Beggs, head of incident response firm DigitalDefence, told CSO. “It is bypassing traditional filesystem permissions that are present and enforced (for example, ‘file is owned by root’, or ‘file is read-only’) to allow manipulation without touching the disk.”
Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access
The Hacker News 14.05.2026 17:45
Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been exploited in limited attacks.
The vulnerability, tracked as CVE-2026-20182, carries a CVSS score of 10.0.
"A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly
Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike
The Hacker News 14.05.2026 14:00
The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine.
Active since at least 2016, Ghostwriter has been linked to both cyber espionage and influence operations targeting neighboring countries, particularly Ukraine. It's also tracked under the monikers FrostyNeighbor, PUSHCHA, Storm-0257, TA445, UAC‑0057
New Fragnesia Flaw Hands Linux Local Users Root Access
Infosecurity Magazine 14.05.2026 13:00
New Fragnesia kernel flaw lets unprivileged local users escalate to root on Linux systems
PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure
The Hacker News 14.05.2026 11:40
Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an open-source multi-agent orchestration framework, within four hours of public disclosure.
The vulnerability in question is CVE-2026-44338 (CVSS score: 7.3), a case of missing authentication that exposes sensitive endpoints to anyone, potentially allowing an attacker to invoke the
Foxconn-Werke in Nordamerika von Ransomware-Gruppe Nitrogen angegriffen
Heise Security 14.05.2026 11:12
Der Auftragsfertiger bestätigt den Cyberangriff. Nitrogen prahlt damit, 11 Millionen Dateien zu Apple, Nvidia und weiteren Kunden gestohlen haben.
Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation
The Hacker News 14.05.2026 09:25
An anonymous cybersecurity researcher who disclosed three Microsoft Defender vulnerabilities has returned with two more zero-days involving a BitLocker bypass and a privilege escalation impacting Windows Collaborative Translation Framework (CTFMON).
The security defects have been codenamed YellowKey and GreenPlasma, respectively, by the researcher, who goes by the online aliases Chaotic Eclipse