Auteur/autrice : Cyber Redaction
[Cybersécurité] 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years.
The vulnerability, disc
[Cybersécurité] [Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud
TL;DR: Stop chasing thousands of « toast » alerts. Join experts from Wiz to learn how hackers connect tiny flaws to build a « Lethal Chain » to your data—and how to break it. Register for the Strategic Br
[Cybersécurité] cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor
A threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments.
The attack ex
[Cybersécurité] Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation
A threat actor with affiliations to China has been linked to a « multi-wave intrusion » targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an
[Cybersécurité] Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, and persistence.
The vulnerabilities, collectiv
[Cybersécurité] CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV
[Cybersécurité] New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption
Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation (LPE) vulnerability that allows local attackers to gain root access, making it the third such bug to
[Cybersécurité] Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak
Cybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker to leak its entire process memory.
[Cybersécurité] ‘Dirty Frag’ Exploit Poised to Blow Up on Enterprise Linux Distros
The privilege escalation vulnerability, which is similar to other Linux flaws like Copy Fail and Dirty Pipe, may already be under limited exploitation.
[Cybersécurité] It’s Patch Tuesday for Microsoft & Not a Zero-Day In Sight
It’s the first time in two years with no zero-days. But with 137 flaws to patch, including nine critical ones, admins still have plenty of work to do.
![[Cybersécurité] 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE](https://cyber.kiminox.net/wp-content/uploads/2024/10/cybersecurity_img2-100x100.png)