Tag

Exploitation

All articles tagged with #exploitation

cybersecurity8 days ago•57 min saved

Millions at Risk as NGINX Zero-Day RCE Flaw Sees Real-World Exploitation

Security researchers say CVE-2026-42945, a heap buffer overflow in NGINX Open Source and NGINX Plus, is being actively exploited in the wild. The flaw can crash NGINX worker processes via crafted requests, with remote code execution possible only if ASLR is disabled and a specific rewrite configuration is present; despite ASLR generally enabled, estimates show up to 5.7 million internet-facing servers may be affected. Organizations should patch promptly, ensure ASLR remains enabled, and audit rewrite rules to mitigate risk while threat actors rapidly scan for vulnerable systems.

via CyberSecurityNews|

#cve-2026-42945 #cybersecurity #exploitation

security27 days ago•4 min saved

Active cPanel/WHM zero-day exploit prompts rapid patch after PoC release

A critical authentication-bypass vulnerability CVE-2026-41940 in cPanel/WHM and WP Squared is being actively exploited in the wild; recent technical details and a PoC show CRLF injection in login/session handling that can grant control without a password. cPanel issued a patch on April 28, while mitigations include restarting cpsrvd, blocking ports 2083/2087/2095/2096 if patching isn’t immediate, and using provided detection scripts to verify compromise.

via BleepingComputer|

#cpanel #cve-2026-41940 #exploitation

entertainment1 month ago•17 min saved

Brand Admits Exploitative Sex With 16-Year-Old at 30 Amid Legal Battles

Russell Brand said on The Megyn Kelly Show that he had exploitative but consensual sex with a 16-year-old when he was 30, a claim raised as he faces rape and sexual assault charges dating from 1999–2009, with his trial now scheduled for October; he argues the relationships reflected a power imbalance and his past selfish behavior.

via hollywoodreporter.com|

#16-year-old #consent #entertainment

uk-news1 month ago•2 min saved

Brand: past relationship with a 16-year-old called exploitative as rape trial looms

Russell Brand told Megyn Kelly that he had an exploitative, consensual sexual encounter with a 16-year-old when he was 30 and described his past behavior as selfish. He is facing a autumn trial at Southwark Crown Court on six accusations from six women—three rape charges, three sexual assaults and one indecent assault—while he denies all charges and remains on bail.

via The Guardian|

#16-year-old #exploitation #rape-charges

entertainment1 month ago•3 min saved

Brand admits sleeping with 16-year-old at 30 and calls it exploitative

On the Megyn Kelly Show, Russell Brand says he slept with a 16-year-old when he was 30, calling it legal where he is from but exploitative due to power dynamics; he faces ongoing sexual assault and rape charges in London and has pleaded not guilty to multiple counts from 1999–2005, framing his past promiscuity as something to redeem while noting his sobriety and faith.

via USA Today|

#age-of-consent #entertainment #exploitation

entertainment1 month ago•15 min saved

Brand's Past Confession: A 16-Year-Old Encounter At 30 Labeled Exploitative

Russell Brand told Megyn Kelly that he slept with a 16-year-old when he was 30, calling the act exploitative and acknowledging a power imbalance. He noted that in Europe and the UK the age of consent is 16 and described his past behavior as selfish and immature. The piece also references rape and sexual assault charges Brand faced in 2025, for which he has pleaded not guilty.

via Variety|

#age-of-consent-16 #entertainment #exploitation

security1 month ago•4 min saved

Active Exploit Targets Nginx UI Flaw, Enables Full Server Takeover

A critical vulnerability in Nginx UI with MCP support (CVE-2026-33032) leaves the /mcp_message endpoint unauthenticated, allowing attackers to invoke privileged MCP actions, modify or reload nginx configuration, and take over the server. Exploitation is active in the wild; patches were released (2.3.4, followed by 2.3.6 as the latest) and thousands of exposed instances have been identified, so admins should update immediately.

via BleepingComputer|

#cve-2026-33032 #exploitation #nginx

entertainment1 month ago•35 min saved

From Fame to Fallout: The Dark Side of 90s Boy Bands

Investigation Discovery's Boy Band Confidential pulls back the curtain on how the 1990s boy-band phenomenon thrived on predatory contracts and revenue skimming, with Lou Pearlman’s empire extracting control and money from groups like NSYNC and the Backstreet Boys. The documentary covers exploitation in contracts (high manager take, hefty recoupables), the industry’s racial and marketing biases, mental-health struggles among members, and disturbing abuse allegations against figures tied to the scene, including Pearlman and manager Joby Harte, along with the lawsuits, fraud charges, and eventual collapse that reshaped the era.

via Variety|

#backstreet-boys #boy-bands #entertainment

entertainment2 months ago•468 min saved

Jayme Lawson Calls BAFTAs Exploitative, Urges Real Inclusion

Sinners star Jayme Lawson praised Michael B. Jordan and Delroy Lindo for how they handled a slur at the BAFTAs, but she denounced the event as exploitative rather than inclusive, arguing that inviting people into spaces without real safety and resources isn’t true inclusion. She also criticized the BBC for cutting or censoring moments in their coverage (and referenced censorship of a separate “Free Palestine” moment), saying such edits undermine dignity and protection for Black artists who contributed to the night.

via Vulture|

#baftas #entertainment #exploitation

entertainment2 months ago•17 min saved

Sinners Star Jayme Lawson Calls BAFTA Incident Exploitation, Urges Real Inclusion

Jayme Lawson criticized the BAFTA incident in which a guest with Tourette’s shouted the N-word at Michael B. Jordan and Delroy Lindo, calling it exploitation and urging true inclusion with safety resources; she praised how the onstage duo handled the moment, condemned the BBC and BAFTA for carelessness in coverage, and tied the event to broader issues of dignity, safety, and representation highlighted at the NAACP Image Awards.

via The Hollywood Reporter|

#bafta-awards #entertainment #exploitation

legal3 months ago•3 min saved

Allegations of Captivity and Exploitation in Crispin Glover Lawsuit

A California lawsuit accuses Crispin Glover of grooming a former model, luring her to Los Angeles, and holding her captive as a live‑in girlfriend for sex and unpaid labor, while allegedly controlling her movements and whereabouts and assaulting her; the plaintiff says she was eventually locked out of his home, leaving her homeless. The suit, filed in Superior Court of California, also alleges battery, fraud and wrongful eviction and seeks unspecified damages. Glover’s representatives deny the allegations, saying he intends to vigorously defend himself and noting that he previously was the victim of an assault by Jane Doe; a restraining order he filed against Jane Doe was later dismissed. The case references a 2024 incident after which LAPD was involved.

via NBC News|

#california #captivity #crispin-glover

security3 months ago•2 min saved

CISA Flags Four Actively Exploited Flaws in KEV Update and Urges Patch

CISA added four flaws to the Known Exploited Vulnerabilities catalog due to active exploitation: CVE-2026-2441 (Chrome use-after-free), CVE-2024-7694 (TeamT5 ThreatSonar Anti-Ransomware arbitrary file upload leading to command execution), CVE-2020-7796 (Zimbra Collaboration Server SSRF), and CVE-2008-0015 (Windows Video ActiveX buffer overflow). Google confirms an in-the-wild exploit for CVE-2026-2441; GreyNoise documents about 400 IPs exploiting CVE-2020-7796 across several countries; the CVE-2008-0015 exploit can download additional malware like Dogkild and alter system files/hosts. The TeamT5 exploitation vector remains unclear. Federal agencies are urged to patch by March 10, 2026.

via The Hacker News|

#cisa #exploitation #kev

world3 months ago•1 min saved

Northern Sweden husband accused of pimping wife to about 120 men

A man in his 60s from northern Sweden is suspected of exploiting his wife by selling sex with her to at least 120 men; in custody since October, he faces aggravated procuring charges, while two men who bought sex from the wife have already been charged and more are likely; Swedish law criminalizes buying sex and procuring it, with sellers treated as exploited; indictment against the husband is set for March 13 and the trial will follow.

via AP News|

#aggravated-procuring #exploitation #note-avoid-duplicate

security4 months ago•1 min saved

CISA Flags VMware vCenter RCE Flaw CVE-2024-37079 as Actively Exploited

CISA added CVE-2024-37079, a critical heap-overflow flaw in Broadcom VMware vCenter Server, to the KEV catalog after evidence of active exploitation; Broadcom patched CVE-2024-37079 (and CVE-2024-37080) in June 2024, with researchers Hao Zheng and Zibo Li linking related DCE/RPC flaws; a Black Hat Asia 2025 presentation notes two additional CVEs (CVE-2024-38812/38813) patched later, and federal agencies must upgrade to the latest version by Feb 13, 2026 to stay protected.

via The Hacker News|

#cisa #cve-2024-37079 #exploitation

cybersecurity4 months ago•3 min saved

CISA warns four enterprise flaws actively exploited across Versa, Zimbra, Vite, and Prettier

CISA has added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2025-31125 and CVE-2025-34026 affecting Versa software (including the Concerto SD-WAN) via dev-exposure and Traefik misconfig, CVE-2025-68645 in Zimbra Webmail Classic UI (local file inclusion), and a supply-chain issue in eslint-config-prettier (CVE-2025-54313) tied to Prettier. Patches or mitigations exist for affected products; US federal agencies must apply updates or stop using the products by February 12, 2026. The status of ransomware-related exploitation remains unknown.

via BleepingComputer|

#cisa #cybersecurity #enterprise-software