ꓘris | ⏳🇲🇹🇮🇹🇨🇭

⚠️ Critical Apache HTTP Server Flaw Exposes Millions of Servers to RCE Attacks Source: https://t.co/nyaOOtouZa The Apache Software Foundation has released a critical security update for Apache HTTP Server, patching five vulnerabilities, including a dangerous double-free flaw capable of enabling Remote Code Execution (RCE) in version 2.4.67, released on May 4, 2026. All users running version 2.4.66 or earlier are strongly urged to upgrade immediately. The most severe of the five vulnerabilities is CVE-2026-23918, rated High with a CVSS base score of 8.8. The flaw is a double-free memory corruption bug triggered within Apache's HTTP/2 protocol implementation during an "early stream reset" sequence. #cybersecuritynews #vulnerability

Just finished a red team for a fintech that burned millions on Falcon + SentinelOne AI stacks. Got domain admin in under 15 mins from the guest WiFi. Walked into the kitchen, saw the shiny Samsung “enterprise” smart fridge on the same VLAN as everything important. Still on old firmware. Default creds on the admin panel. Classic unauth RCE in the diagnostics endpoint. Shell within minutes. From there it had cached corp creds for SAP sync and outbound allowed. Their EDR had the fridge IP whitelisted as “normal IoT behavior” because of the MQTT pings. Dropped a Reynolds-style BYOVD (that NSecKrnl one everyone’s using now), killed the hooks on a DC, and exfil’d test data back out the fridge’s own channel. SOC barely blinked. CISO’s reaction when I showed him live: “It’s just a fridge though…” Man, 2026 and we’re still getting wrecked by IoT crap facilities bought on Amazon. Same story as the 2014 Proofpoint fridge botnet or Target’s HVAC. Nothing changes.

🚨 New Chrome Zero-Day Vulnerability Actively Exploited in Attacks — Patch Now Source: https://t.co/8545tqtgul Google has released an emergency security update for its Chrome browser, patching a zero-day vulnerability that is already being actively exploited in the wild. The actively exploited vulnerability, tracked as CVE-2026-5281, is a use-after-free vulnerability in Dawn Chrome’s cross-platform GPU abstraction layer used to implement WebGPU. Google has officially confirmed active exploitation, stating it “is aware that an exploit for CVE-2026-5281 exists in the wild.” The flaw was discovered and reported by an anonymous researcher on March 10, 2026. #cybersecuritynews #Googlechrome

Shannon: Fully autonomous AI hacker to find actual exploits in your web apps. Shannon has achieved a 96.15% success rate on the hint-free, source-aware XBOW Benchmark. GitHub: https://t.co/ZqVM5xNr6P Features: ▪️Fully Autonomous Operation ▪️Pentester-Grade Reports with Reproducible Exploits ▪️Critical OWASP Vulnerability Coverage ▪️Code-Aware Dynamic Testing ▪️Powered by Integrated Security Tools ▪️Parallel Processing for Faster Results