Cybersecurity News
Active exploits, CVE advisories, patch deadlines, and security intelligence. Updated regularly.
Copy Fail: The Nine-Year-Old Linux Bug That Gives Attackers Root Without Touching a Single File on Disk
A controlled 4-byte write into kernel memory is all it takes. The binary on disk is never modified, integrity checks stay quiet, and the attacker has root in seconds. CISA confirmed active exploitation, and every major Linux distribution shipped since 2017 is affected.
From HTTP Request to Root: How NGINX Rift and Dirty Frag Chain Into a Complete Server Takeover
One unauthenticated HTTP request exploits an 18-year-old NGINX heap overflow and lands a shell. A second kernel-level flaw, present since 2017, escalates that shell straight to root. No credentials. No prior access. Public exploits for all three CVEs.
Four Chained OpenClaw Flaws Give Attackers Everything: From Your Files to Full System Control
Researchers named it "Claw Chain" for good reason: four individually dangerous vulnerabilities in OpenClaw link together into a seamless attack path that ends with persistent, undetected control of a compromised host.
Your Inbox Could Be the Entry Point: CISA Flags Actively Exploited Microsoft Exchange Flaw
A cross-site scripting vulnerability hiding inside Outlook Web Access is already being weaponized: and the clock is ticking for organizations still running on-premises Exchange.