The Hacker News

Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

CVE-2026-33032 exposes nginx-ui to unauthenticated takeover via MCP endpoint, impacting 2,600+ instances with active ...

New GoGra malware for Linux uses Microsoft Graph API for comms

A Linux variant of the GoGra backdoor uses legitimate Microsoft infrastructure, relying on an Outlook inbox for stealthy ...
Communications of the ACM

Subscription Bombing: Email under Attack

Email subscription bombing (also known as subscription flooding or email spam bombing) is an attack technique that overwhelms ...
The Hacker News

n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails

According to Cisco Talos, it's these URL-exposed webhooks – which make use of the same *.app.n8n [.]cloud subdomain – that ...
Dark Reading

Critical MCP Integration Flaw Puts NGINX at Risk

Attackers can abuse the near-maximum severity flaw in nginx-ui to restart, create, modify, and delete NGINX configuration ...
Infosecurity Magazine

Critical Nginx-ui MCP Flaw Actively Exploited in the Wild

A critical authentication bypass in nginx-ui, a widely used open-source web interface for managing nginx servers, has been ...
WeLiveSecurity

New NGate variant hides in a trojanized NFC payment app

ESET researchers discover another iteration of NGate malware, this time possibly developed with the assistance of AI.

13-year-old bug in ActiveMQ lets hackers remotely execute commands

Security researchers discovered a remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that has gone ...
DataBreachToday

Grafana AI Bug Leaks Data With Zero-Click Exploit

A Grafana AI flaw enables zero-click data exfiltration by hiding malicious prompts in URLs, said a Noma Security report.