NGINX Heap Overflow (CVE-2026-42945), BitLocker Zero-Day, & Chrome Extension Supply Chain Attack Today's Highlights This week's top security news features a critical heap buffer overflow in NGINX's rewrite module with a disclosed PoC, alongside a widespread supply chain attack leveraging 126 malicious Chrome extensions. Additionally, a new zero-day exploit, YellowKey, reportedly bypasses Microsoft BitLocker protection using only a USB stick. CVE-2026-42945: NGINX Heap Buffer Overflow in rewrite module (r/netsec) Source: https://reddit.com/r/netsec/comments/1tctw53/cve202642945_nginx_heap_buffer_overflow_in/ This disclosure details CVE-2026-42945, a heap buffer overflow vulnerability affecting the rewrite module in NGINX. The writeup provides a comprehensive analysis of the flaw, which could potentially lead to denial of service or remote code execution in specific configurations. The vulnerability arises from improper bounds checking within the module's logic when processing certain rewrite rules.…