NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE https://firewall.firm.in/wp-content/uploads/2026/05/nginx.jpg Ravie LakshmananMay 17, 2026Server Security / Vulnerability A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck. The vulnerability, tracked as CVE-2026-42945 (CVSS score: 9.2), is a heap buffer overflow ...

TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms https://firewall.firm.in/wp-content/uploads/2026/05/banking.jpg Threat hunters have flagged a previously undocumented Brazilian banking trojan dubbed TCLBANKER that’s capable of targeting 59 banking, fintech, and cryptocurrency platforms. The activity is being tracked by Elastic Security Labs under the moniker REF3076. The malware family is assessed to be a major update of the Maverick, ...

Meta pauses all work with AI recruiting startup Mercor after $10 billion company confirms hacking https://etimg.etb2bimg.com/thumb/msid-130050239,imgsize-7718,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/meta-pauses-all-work-with-ai-recruiting-startup-mercor-after-10-billion-company-confirms-hacking.jpg Meta has indefinitely suspended all work with Mercor. This comes after the artificial intelligence (AI) data contracting startup valued at $10 billion confirmed a security breach that may have exposed proprietary training data belonging to some of the world’s most prominent AI laboratories. According ...

Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise https://firewall.firm.in/wp-content/uploads/2026/05/kube.jpg Ravie LakshmananMay 08, 2026Linux / DevOps A previously undocumented Linux implant codenamed Quasar Linux RAT (QLNX) is targeting developers’ systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality, such as credential harvesting, keylogging, file manipulation, clipboard monitoring, and network tunneling. “QLNX ...

China supercomputer breach exposes massive defence data, sparks security concerns https://etimg.etb2bimg.com/thumb/msid-130168248,imgsize-172930,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/china-supercomputer-breach-exposes-massive-defence-data-sparks-security-concerns.jpg A major cybersecurity breach has reportedly exposed highly sensitive data from a Chinese government supercomputer, raising serious concerns around national security and data protection. The story reported by CNN broke out recently. According to reports, a hacker managed to infiltrate a system linked to the National Supercomputing Centre in ...

2026: The Year of AI-Assisted Attacks https://firewall.firm.in/wp-content/uploads/2026/05/ai-cyberattacks.png On December 4, 2025, a 17-year-old was arrested in Osaka under Japan’s Unauthorized Access Prohibition Act. The young man had run malicious code to extract the personal data of over 7 million users of Kaikatsu Club, Japan’s largest internet cafe chain. When asked, the young man shared his motivation for the hack: he ...

Vercel data breach: How hackers targeted the cloud company and offered its data for sale for $2 million https://etimg.etb2bimg.com/thumb/msid-130431427,imgsize-5766,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/vercel-data-breach-how-hackers-targeted-the-cloud-company-and-offered-its-data-for-sale-for-2-million.jpg American cloud development platform Vercel on Sunday confirmed a security breach allowing an attacker to gain unauthorised access to data for a “limited subset of customers”. “We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems. We ...

VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi https://firewall.firm.in/wp-content/uploads/2026/04/vect.gif Threat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like a wiper than a ransomware due to a critical flaw in its encryption implementation across Windows, Linux, and ESXi variants that renders recovery impossible even for the threat actors. The fact that ...

US security company ADT confirms hacking incident, says some customer data stolen https://etimg.etb2bimg.com/thumb/msid-130543679,imgsize-86843,width-1200,height=627,overlay-etciso,resizemode-75/data-breaches/us-security-company-adt-confirms-hacking-incident-says-some-customer-data-stolen.jpg ADT, one of the largest home security providers in the US, has confirmed that hackers successfully broke into its systems and stole customer information like their phone numbers and addresses. The announcement comes as a notorious extortion group, known as ShinyHunters, threatens to leak millions of records ...

Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software https://firewall.firm.in/wp-content/uploads/2026/04/fast16-exploit.jpg Cybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran’s nuclear program by destroying uranium enrichment centrifuges. According to a new report published by SentinelOne, the previously undocumented cyber sabotage framework dates back to 2005, primarily targeting high-precision calculation software to ...