Latest Internet & Cybersecurity News
Hon Hai (Foxconn) Confirms Cyberattack on North American Plants
Hon Hai Precision Industry Co confirmed a cyberattack by the Nitrogen ransomware group targeting its North American facilities, leading to temporary shutdowns in Wisconsin. The group claimed to have stolen 8TB of data including sensitive info on clients like Apple, Intel, Google, Nvidia, and Dell. Affected factories are resuming normal production after activating cybersecurity measures .
New Fragnesia Linux Kernel Vulnerability Grants Root Access
CVE-2026-46300 (Fragnesia), a variant of Dirty Frag, allows unprivileged local attackers to corrupt the Linux page cache via XFRM ESP-in-TCP, achieving root on major distros (CVSS 7.8). Discovered by William Bowling, patches are available; mitigations include disabling ESP and restricting user namespaces. No in-the-wild exploitation observed yet .
18-Year-Old NGINX Rewrite Module Flaw Enables RCE (NGINX Rift)
CVE-2026-42945 (CVSS 9.2) is a heap buffer overflow in ngx_http_rewrite_module allowing unauthenticated RCE or DoS via crafted HTTP requests, undetected for 18 years. Additional flaws include CVE-2026-42946 (memory allocation, CVSS 8.3) and others affecting SCGI, SSL, and charset modules. Users urged to patch or adjust rewrite configs immediately .
Japan FSA Holds Working Group on AI-Related Cybersecurity Threats in Finance
The Financial Services Agency convened a public-private working group to address AI-driven cybersecurity threats in the financial sector, involving industry, IT providers, government, and Bank of Japan. Discussions focus on sharing threat understanding and responses; details kept confidential for security. Contact: Office of Policy Coordination for IT Risk .
Omdia Names 2026 Cybersecurity Platform Ecosystem Champions
Omdia identified Check Point, CrowdStrike, Palo Alto Networks, Proofpoint, TrendAI, and Zscaler as Champions in the 2026 Cybersecurity Platform Ecosystems Leadership Matrix. These vendors lead amid the industry's biggest transformation in over a decade, redefining partner value. Report highlights cybersecurity at an inflection point .
Sophos 2026 Report: Over 70% of Organizations Hit by Identity Breaches
Sophos' 2026 Identity Breach Costs survey reveals over 70% of organizations suffered identity attacks linked to ransomware, with rising breach costs due to weak non-human identity security. Trends show increasing identity attack prevalence. Organizations urged to strengthen identity protections .
Fortinet Reports Strong Q1 2026 Financial Results
Fortinet announced Q1 2026 results with product revenue up 41% to $645 million and billings rising 31% to $2.09 billion, exceeding expectations. The cybersecurity firm continues robust growth amid high demand. Reported via Zawya/TradingView .
Nitrogen Ransomware Group Claims 8TB Breach of Hon Hai (Foxconn)
The Nitrogen group posted on the dark web claiming breach of Hon Hai's network, stealing 8 terabytes including 11 million documents with sensitive tech data from major clients. Hon Hai initially called it a 'technical issue' but confirmed attack with production resuming. Media reports highlight potential impacts on Apple, Nvidia, etc. .
Linux LPE Zero-Day Advertised for $170K by 'berz0k' Threat Actor
Threat actor 'berz0k' is selling a zero-day Linux LPE exploit for $170,000 on cybercrime forums, claiming TOCTOU-based stable escalation without crashes using /tmp .so payload. Works on multiple major distros; coincides with Fragnesia disclosures. ThreatMon monitoring active sales .
NGINX Vulnerabilities Include Memory Disclosure and Worker Restarts
Beyond NGINX Rift (CVE-2026-42945), flaws like CVE-2026-42946 enable memory reads via excessive allocation in SCGI/UWSGI modules (CVSS 8.3), CVE-2026-40701 use-after-free in SSL (CVSS 6.3), and CVE-2026-42934 out-of-bounds read in charset module. All allow unauthenticated attacks leading to DoS or data leaks; patch urged .