CSO Online

Critical nginx UI tool vulnerability opens web servers to full compromise

The vulnerability, with a CVSS score of 9.8, relates to the software’s support for Model Context Protocol (MCP) servers, ...

Critical Nginx UI auth bypass flaw now actively exploited in the wild

A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full ...
Microsoft

Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise

The Microsoft Defender Security Research Team uncovered a sophisticated macOS intrusion campaign attributed to the North ...
The Hacker News

Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

CVE-2026-33032 exposes nginx-ui to unauthenticated takeover via MCP endpoint, impacting 2,600+ instances with active ...
The Hacker News

New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released

Two Composer flaws (CVE-2026-40176, CVE-2026-40261) allow command execution via Perforce configurations, prompting urgent ...