The Hacker News

Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

CVE-2026-33032 exposes nginx-ui to unauthenticated takeover via MCP endpoint, impacting 2,600+ instances with active ...
SecurityWeek

‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain Attacks

A ‘by design’ flaw in Anthropic’s Model Context Protocol (MCP) could allow silent command execution and full system ...
The Information

New Salesforce Tool Connects Third-Party Agents With Its Customer Data

Salesforce has launched a tool that lets its customers connect other companies’ AI agents with their Salesforce data, an executive said on LinkedIn. The tool, known as a hosted Model Context Protocol ...