A hand holds a tablet displaying digital icons and connections against a night cityscape. This image represents technology, innovation, and modern communication concepts.

(Adobe Stock)

Critical bug in F5 NGINX actively exploited

Steve ZurierMay 18, 2026

Experts raise concerns because NGINX runs in front of one-third of al website worldwide.

RESOURCES

Managed Security Services
The CISO shortage: Finding leadership without a leader
Exposure management
Fighting fire with fire: Defending against Mythos-powered cyberattacks
SOC
The human factor: Why AI-powered SOCs still need people in charge
Email security
Beyond the inbox: Why your domain and social media are the next front lines
AI/ML
Securing every door: Scalable strategies to manage machine and AI agent risks

PODCASTS

Data Security
AI Has a data problem, cascading breaches, and the weekly news – Dimitri Sirota – ESW #459
Vulnerability Management
Cisco, Canvas, Microsoft, Exchange 0-Days, NPM Backdoors, GPT-5.5 and more… – SWN #581
Breach
You’re not going to patch your way out of this – PSW #926
Leadership
Optimize Legal Operations as the CISO Role Changes to Address Skills Gaps and AI – Walter Scott Wilkens – BSW #447
Vulnerability Management
Tomato, JDownloader, TempPCP, Bad Vibes, Dirty Frag, Giedi Prime, Aaran Leyland… – SWN #580

FEATURED

Perspectives Spotlight: Expert Insights

Perspectives Spotlight: Expert Insights

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

Cybersecurity and Infrastructure Security Agency CISA logotype displayed on smartphone

Critical Infrastructure Security

IBM executive floated for CISA director as concerns persist for agency

Steve ZurierMay 18, 2026

Cybersecurity leaders warn weakened CISA could hurt AI-era defense and threat response.

Critical Infrastructure Security

TeamPCP releases ‘vibe coded’ Shai-Hulud source code, issues challenge

Laura FrenchMay 15, 2026

The variant was used in recent attacks against TanStack and others – but it’s not the original, researchers say.

Vulnerability Management

10.0 Cisco Catalyst SD-WAN Controller bug added to CISA’s KEV list

Steve ZurierMay 15, 2026

Maximum-severity bug an authentication bypass flaw that’s considered the highest value target in an attacker’s playbook.

Vulnerability Management

New Linux privilege escalation flaw ‘Fragnesia’ disclosed; PoC available

Laura FrenchMay 15, 2026

Fragnesia is at least the fourth privilege escalation flaw affecting Linux systems disclosed in the last three weeks.

(Credit: Andrii Lysenko – stock.adobe.com)

OpenAI Daybreak joins growing movement of AI-driven vulnerability discovery

Laura FrenchMay 14, 2026

The program aims to leverage GPT models and Codex Security to improve software resilience.

US Capitol Building with 3 Flags Flying

House calls on Instructure to brief Congress on Canvas hack

Steve ZurierMay 13, 2026

ShinyHunters hit Canvas twice, exposing student data via XSS and identity compromise.

(Credit: theartofpics – stock.adobe.com)

Vulnerability Management

Patch Tuesday: No zero days among 137 Microsoft CVEs, 4 Word RCEs

Laura FrenchMay 12, 2026

The May 2026 Microsoft security update included no zero days for the first time since June 2024.

(Adobe Stock)

‘Mini’ Shai-Hulud attack compromises hundreds of npm, PyPI packages

Steve ZurierMay 12, 2026

Teams warn the latest Shai-Hulud wave weaponizes trusted OIDC tokens to bypass package integrity checks.

EVENTS