07:00 PM UTC · Exploits · Patch Watch5 minIntel Branch Privilege Injection Flaw Undermines Six Years of Spectre v2 Hardware DefensesIntel issued microcode mitigations for CVE-2024-45332, a Branch Privilege Injection flaw that can bypass Spectre v2 hardware defenses and leak privileged memory from affected systems.
05:34 PM UTC · Exploits · Patch Watch5 minSAP Patches Second Critical NetWeaver Flaw After Researchers Link It to Chained Zero-Day AttacksSAP patched CVE-2025-42999, a critical NetWeaver Visual Composer deserialization flaw linked to chained attacks that followed exploitation of CVE-2025-31324.
03:52 PM UTC · Supply Chain · Patch Watch5 minMini Shai-Hulud Worm Exposes Limits of Trusted Publishing After 170+ npm and PyPI Packages HitThe Mini Shai-Hulud campaign compromised more than 170 reported npm and PyPI packages, exposing how trusted publishing and provenance can still be abused when CI/CD environments are compromised.
03:37 PM UTC · Exploits · Patch Watch4 minNGINX “Rift” Rewrite Module Flaw Confirmed as CVE-2026-42945CVE-2026-42945 is now tracked as a heap-based buffer overflow in NGINX's rewrite module, affecting NGINX Open Source and NGINX Plus under specific rewrite-rule conditions.
