Pwn2Own Berlin Day 2: Exchange, Linux, and AI agents fall
Day 2 of Pwn2Own Berlin 2026 yielded 15 zero-days and $385,750 in prizes. Exchange fell to a three-bug RCE chain. Cursor AI and OpenAI Codex were exploited too.
Sysadmin
3 articles tagged #sysadmin
Articles tagged Sysadmin
NGINX Rift: 18-Year-Old Bug Enables Remote RCE
CVE-2026-42945 is a critical heap buffer overflow in NGINX's rewrite module, present since 2008. Unauthenticated remote attackers can crash worker processes or achieve RCE. Patch now.
BitLocker zero-day: no patch, PoC is public
BitLocker zero-day YellowKey gives full read access to encrypted drives via USB. No patch as of May 2026 Patch Tuesday. TPM-only configs are the primary target.