SCAM ALERT: There has been a huge escalation lately in airdrop and giveaway scams targetting XRPL users lately. Any such posts you see are likely scams. Ripple-linked fraud warnings in recent months have also covered phishing operations targeting XRP holders through fake verification requests and malicious wallet prompts. Some schemes encouraged users to connect wallets or submit sensitive recovery information through unofficial channels masquerading as trusted XRP resources.
The most severe of the resolved issues is CVE-2026-42945 (CVSS v4.0 score of 9.2), a denial-of-service (DoS) condition in NGINX's ngx_http_rewrite_module module. The bug allows an unauthenticated attacker to send crafted HTTP requests that, combined with certain conditions beyond the attacker's control, could trigger a heap buffer overflow and a restart. If Address Space Layout Randomization (ASLR) is disabled, the flaw can be exploited for code execution.
A zero-day exploit circulating online allows people with physical access to a Windows 11 system to bypass default BitLocker protections and gain complete access to an encrypted drive within seconds. The exploit, named YellowKey, was published earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments of BitLocker, the full-volume encryption protection Microsoft provides to make disk contents off-limits to anyone without the decryption key, which is stored in a secured piece of hardware known as a trusted platform module (TPM).
A threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an expansion of its targeting.
More than 200 websites were found to be targeting Irish residents with scams last year, including fake online shops and fraudulent loan websites claiming to be regulated by the Central Bank of Ireland.
