NGINX Was Hiding a Critical Bug for 18 Years. An AI Just Found It.
A newly disclosed NGINX vulnerability lay dormant in the codebase for 18 years before an AI system pulled it into daylight.
Secure.com News
Stay updated with the latest cybersecurity news, threat intelligence, and industry updates from secure.com.
Browse by Category
The SailPoint Lesson: Why Identity Infrastructure Remains the Weakest Link in Supply Chain Security
The SailPoint GitHub breach exposes how supply chain security and identity infrastructure remain the softest targets in enterprise defense.
Hackers Abuse Google Ads and Claude.ai Shared Chats to Target Mac Users
A new macOS malware campaign exploits Google Ads and Claude.ai shared chat features to distribute malicious software through fake AI applications.
New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials
Cybersecurity researchers have discovered PamDOORa Linux backdoor being sold on Russian cybercrime forums for $1,600.
New Linux Bug ‘Dirty Frag’ Hands Root Access to Attackers
A newly disclosed Dirty Frag Linux vulnerability allows attackers to gain root privileges by chaining two separate kernel flaws together.
Vimeo Data Breach Exposes 119,000 Users Unique Email Addresses
A Vimeo data breach discovered in April 2026 exposed 119,000 unique email addresses through a supply chain security incident.
Instructure Data Breach Exposes Canvas Users After ShinyHunters Attack
The Instructure data breach exposed Canvas user information after ShinyHunters claimed responsibility for the second incident in eight months.
Trellix Source Code Breach: Hackers Gain Unauthorized Access to Repository
Cybersecurity company Trellix disclosed a Trellix source code breach where hackers gained unauthorized access to portions of its code repository.
CVE-2026-31431: The Linux Kernel Bug That Hid in Plain Sight for Nine Years
A Linux kernel zero-day tracked as CVE-2026-31431 gives any unprivileged local user full root access on every major Linux distribution shipped since 2017.
New Vect 2.0 Ransomware Targets Windows, Linux, and ESXi. And Paying Won’t Save Your Files.
A new Vect 2.0 ransomware operation is permanently destroying enterprise files across Windows, Linux, and VMware ESXi, and paying the ransom does nothing.
One Git Push. Full Access to Millions of Repositories.
A critical GitHub RCE vulnerability, CVE-2026-3854, allowed any authenticated user to compromise GitHub's backend infrastructure with a single git push command.
Vidar Infostealer Tops the Chaotic Cybercrime Market After Lumma’s Collapse
The Vidar infostealer just became the dominant credential thief on the dark web, and security teams have less than 48 hours to react.