Breaking News – Cyber Threats (last 6h)
Generated: 2026-05-17 08:00 PDT
- Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing
BleepingComputer • 2026-05-17 07:43 • www.bleepingcomputer.com
The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack Microsoft 365 accounts. […]
https://www.bleepingcomputer.com/news/security/tycoon2fa-hijacks-microsoft-365-accounts-via-device-code-phishing/ - NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
The Hacker News • 2026-05-17 04:57 • thehackernews.com
A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck.
The vulnerability, tracked as CVE-2026-42945 (CVSS score: 9.2), is a heap buffer overflow in ngx_http_rewrite_module affecting NGINX versions 0.6.27 through 1.30.0. According to AI-native security company depthfirst, the
https://thehackernews.com/2026/05/nginx-cve-2026-42945-exploited-in-wild.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
