Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer 
Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code 
NSAuditor AI EE 0.15.3 Closes the 4th and Final S3 Public-Exposure Vector with Object-Level ACL Enumeration and a BucketOwnerEnforced Upstream Short-Circuit 
NSAuditor AI EE 0.15.x Cumulative — NEW Plugin 1222 Azure Key Vault Deep Auditor (27 → 28), Plus Audit-Accuracy Calibration and CloudTrail Hardening Across 0.15.0, 0.15.1, and 0.15.2 
Malicious npm Package Stole Files From Claude AI User Directory via GitHub 
Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
What's new: Grafana has reported a breach where an unauthorized party accessed its GitHub environment using a compromised token, allowing...
CISA Admin Leaked AWS GovCloud Keys on Github
What's new: A contractor for the Cybersecurity & Infrastructure Security Agency (CISA) inadvertently exposed AWS GovCloud credentials and sensitive internal...
NSAuditor AI EE 0.6.3 Closes Alerting-Destination False-PASS in GuardDuty and Inspector2 Audit
What's new: Nsasoft US LLC has released NSAuditor AI Enterprise Edition v0.6.3, closing a critical substrate-without-sink false-PASS class in plugin...
NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
What's new: A critical vulnerability in NGINX, tracked as CVE-2026-42945, has been actively exploited in the wild. This heap buffer...
Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations
What's new: Analysis by Symantec and Carbon Black has confirmed that the fast16 malware, developed before Stuxnet, was designed to...