New 0-Day Vulnerabilities Found in Microsoft Exchange
Our team is currently investigating new 0-day vulnerabilities in Microsoft Exchange servers that could lead to Remote Code Execution (RCE) for an authenticated user. Our…
Author: Cybernoz
New Windows ‘MiniPlasma’ zero-day exploit gives SYSTEM access, PoC released
A cybersecurity researcher has released a proof-of-concept exploit for a Windows privilege escalation zero-day dubbed “MiniPlasma” that lets attackers gain SYSTEM privileges on fully patched…
Closing the Gap: The Regulatory and Structural Maturation of Digital Assets
The global financial system operates on a single continuum. The narrative that cryptocurrency exists as an isolated and experimental market no longer matches current realities.…
Debian 13.5 point release lands with security fixes, bug patches
Debian 13.5 is the fifth point release for the stable distribution “trixie.” The update folds in roughly 100 Debian Security Advisories and corrections for more…
Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws
Microsoft on Tuesday released patches for 138 security vulnerabilities spanning its product portfolio, although none of them have been listed as publicly known or under…
Service NSW charts a path off VMware’s container platform
Service NSW is changing the way it containerises and hosts more than 200 digital products, moving off the Tanzu Application Service to a Red Hat…
Security Affairs newsletter Round 577 by Pierluigi Paganini – INTERNATIONAL EDITION
Security Affairs newsletter Round 577 by Pierluigi Paganini – INTERNATIONAL EDITION Pierluigi Paganini May 17, 2026 A new round of the weekly Security Affairs newsletter…
Norway arrests Chinese man for spying, interior security service says
Norway’s interior security service, PST, said on Sunday a Chinese man had been arrested in the country’s north for spying, just weeks after a Chinese…
A Sneak Peek at hack_it 2022
We’re super excited to announce that hack_it is back! hack_it teaches hacker tradecraft and helps us defenders see cybersecurity from a different perspective. This year’s…
Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing
The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack Microsoft 365 accounts. Despite an international law enforcement operation…
Grafana Says It Rejected Ransom Demand After Source Code Theft
Grafana Labs says an attacker gained access to part of its GitHub environment after obtaining a compromised token, allowing the threat actor to download the…
NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
Ravie LakshmananMay 17, 2026Server Security / Vulnerability A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the…