DEEP DIVEWazuh 5.0 is not a standard upgrade. The manager cannot be upgraded in-place from any 4.x version -- you are doing a clean install. This checklist covers the full migration: agent inventory, manager rebuild, config migration, and post-migration verification.
BRIEFDay 2 of Pwn2Own Berlin 2026 yielded 15 zero-days and $385,750 in prizes. Exchange fell to a three-bug RCE chain. Cursor AI and OpenAI Codex were exploited too.
BRIEFCVE-2026-42945 is a critical heap buffer overflow in NGINX's rewrite module, present since 2008. Unauthenticated remote attackers can crash worker processes or achieve RCE. Patch now.
BRIEFCVE-2026-45585 (YellowKey) gives an attacker shell access to a BitLocker volume using physical access and a USB drive. PoC is public, no patch exists. Enable TPM+PIN to block it.