SecurityHorrors is a simple blog where you can read security horror stories: breaches, outages, leaked keys, painful misconfigurations, and the postmortems nobody wants to star in. Yikes!
Made by Andras who is working on several open-source projects including Coolify and Jean and many other things at coolLabs
Have a story?
Posts
NGINX: Three Cracks in the Proxy Wall
TLDR and affected version summary for NGINX Rift, CVE-2026-42926, and CVE-2026-42946
Mini Shai-Hulud: The Package That Crawled Through CI
TLDR and affected package summary for the Mini Shai-Hulud npm and PyPI supply-chain campaign.
React and Next.js: Thirteen Doors Left Open
TLDR and affected version summary for the May 2026 React and Next.js security advisories.
Dirty Frag: Two Kernel Teeth Under the Floorboards
TLDR and affected system summary for Dirty Frag, CVE-2026-43284 and CVE-2026-43500.
Bleeding Llama: The Local AI That Remembered Too Much
TLDR and affected version summary for CVE-2026-7482, the Bleeding Llama vulnerability in Ollama.
CopyFail: Root Was Only 732 Bytes Away
TLDR and affected system summary for CVE-2026-31431, the Linux CopyFail local privilege escalation.