Morning Overview on MSN

An 18-year-old flaw in NGINX just gave attackers remote code execution on millions of web servers — nobody noticed for two decades

For roughly 18 years, a chunk of code inside one of the internet’s most popular web servers quietly carried a critical ...
The Hacker News

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

NGINX Rift CVE-2026-42945 scores 9.2 after 18 years, enabling unauthenticated RCE or DoS via crafted HTTP requests.

Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator

Fortinet has released security patches for two critical vulnerabilities in FortiSandbox and FortiAuthenticator that could ...
The Hacker News

New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution

Exim has released security updates to address a severe security issue affecting certain configurations that could enable ...

Microsoft’s Patch Tuesday Update Targets 120 Security Flaws

Microsoft’s May Patch Tuesday fixes 120 flaws, including 31 remote code execution bugs, with no zero-days reported at release ...
SecurityWeek

Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises

Microsoft patches a critical Outlook vulnerability tracked as CVE-2026-40361 that can be exploited for remote code execution.
CRN

Red Hat Warns About Remote Code Execution Flaws Impacting Enterprise Linux

‘All versions of Red Hat Enterprise Linux (RHEL) are affected by [the vulnerabilities] but are not vulnerable in their default configurations,’ the IBM-owned company said. Red Hat warned Thursday that ...
SecurityWeek

Critical Remote Code Execution Vulnerability Patched in Android

Google announced on Monday the release of an Android update patching a critical vulnerability that can be exploited for ...

Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days

Today is Microsoft's May 2026 Patch Tuesday, with security updates for 120 flaws and no zero-days disclosed this month.