MSN on MSN

CISA ordered agencies to patch the actively exploited MongoBleed flaw before attackers spread

Federal agencies that rely on MongoDB now face a hard deadline to fix a vulnerability that lets unauthenticated attackers ...
Morning Overview on MSN

An 18-year-old heap buffer overflow in NGINX gives attackers remote code execution — billions of devices run the affected module

A single rewrite rule, the kind pasted into NGINX configurations thousands of times a day, can hand an unauthenticated attacker full remote code execution on the underlying server. The vulnerability, ...