NGINX RCE, Windows crypto-stealer, Salesforce breaches, INC ransomware surge

F5 released patches for a critical NGINX RCE (CVE-2026-42530); Microsoft disclosed an active Windows clipboard‑stealing campaign that spreads via USB LNK worms and uses Tor-based C2; INC ransomware claims 830+ victims while Gentlemen develops EDR-evasion tools; and a Klue OAuth compromise enabled Salesforce data theft—urgent actions include applying patches, rotating/revoking OAuth tokens, strengthening EDR and remote access controls, and monitoring/blocking Tor C2 activity.