Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CVE-2026-42945, nicknamed "NGINX Rift", is a heap buffer overflow in the ngx_http_rewrite_module component of NGINX. It has sat in the project's source code since 2008. F5 disclosed the flaw on May 13, 2026, after responsible disclosure by researchers at depthfirst, who reported finding it through an autonomous code scanning system.

CVE-2026-20182 is an authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Cisco Catalyst SD-WAN Manager (formerly vManage). The flaw sits in the peering authentication path of the vdaemon service running over DTLS on UDP port 12346, the same control-plane service involved in CVE-2026-20127 earlier in 2026. It is not a patch bypass of that earlier issue, but a separate weakness in the device-type handling of the control connection handshake.

Every CISO has sat in a budget meeting where the conversation quietly pivoted from risk to price. Not because the chief financial officer (CFO) was being difficult. Not because security stopped mattering. But because at some point in the discussion, two platforms started to look identical, and when things look identical, cost becomes the deciding factor. That pivot is where security investment decisions go wrong. Security leaders do not lose budget because financial leaders undervalue security.

Certificate automation does a lot of work on your behalf. Agents running on your servers, talking to certificate authorities, deploying certs to your infrastructure. At some point someone (your CISO, your auditor, or your own brain at 3am) is going to ask: what exactly happened, and when? Today we’re shipping audit logs. Every action taken in CertKit is now recorded: logins, invitations, certificates added, issued, renewed, revoked, and deployed. Agent registrations, approvals, and config changes.

A newly disclosed security issue, tracked as CVE-2026-44578, affecting Next.js applications is raising concerns across the developer and security communities after researchers identified multiple authorization bypass and middleware evasion paths that could expose protected application data and credentials. The vulnerabilities impact several versions of Next.js and allow attackers to bypass middleware-based authorization controls using crafted requests and route manipulation techniques.

Infostealers are among the most persistent and damaging strains of malware affecting individuals and organizations worldwide. These stealthy and malicious programs often go unnoticed, quietly infiltrating devices to steal sensitive data and relay it to cybercriminals. From session tokens and login credentials to financial information and browser-stored data, infostealers pose a grave risk to organizations.

Most teams can get OpenStack running, but keeping it running without burning out your engineers is the harder problem. Mirantis OpenStack packages upstream OpenStack with the validated builds, deployment tooling, and vendor support that platform teams need for stability. With Mirantis OpenStack for Kubernetes (MOSK), the architecture goes even further.

Confluence is where teams keep operational knowledge: runbooks, architecture decisions, postmortems, HR policies, product specs, onboarding docs, and internal knowledge bases. Atlassian’s status pages show that disruption is not theoretical: on April 8, 2026, Atlassian reported search failures impacting multiple products, and on April 13, 2026, some users were unable to log in across Atlassian products.

Here’s the DR planning problem that businesses with multiple locations run into: the math doesn’t scale. If you have one office, you need one DR solution. Straightforward. But if you have five offices, or ten, or fifteen, the traditional approach says you need DR infrastructure at every site, or at least a secondary site that mirrors the primary. That means duplicating hardware, licensing, networking, and staff time across every location.

AI is transforming banking. But without security and data readiness, it accelerates risk as much as innovation.