Critical Nginx UI auth bypass flaw now actively exploited in the wild

A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full ...
SecurityWeek

Splunk Enterprise Update Patches Code Execution Vulnerability

Splunk has released patches that resolve high- and medium-severity vulnerabilities in Splunk Enterprise and MCP Server.

Dangerous Fake Microsoft Windows Update Confirmed—Do Not Download

As security researchers warn about a dangerous Microsoft Windows update that isn’t legitimate, users must pay close attention ...

Microsoft fixes 167 security flaws in April, second biggest Patch Tuesday ever

This month's Patch Tuesday includes an actively exploited Office zero-day vulnerability and several critical RCE bugs in ...

WordPress plugin suite hacked to push malware to thousands of sites

More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows ...

Money transfer app Duc exposed thousands of driver’s licenses and passports to the open web

An exposed Amazon-hosted server allowed anyone to access reams of customer data without needing a password.
The Hacker News

Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

CVE-2026-33032 exposes nginx-ui to unauthenticated takeover via MCP endpoint, impacting 2,600+ instances with active ...

Microsoft adds new safety rails to save you from remote desktop attacks

Microsoft has shipped one of the most practically useful security updates in recent memory, and if you work in an environment ...

Proxy Servers Explained: The Hidden Layer of the Internet

Learn how proxy servers work and uncover their role as the hidden layer of the internet. Explore types, benefits, security features, and how they enhance privacy and control online access.
CSO Online

Seven IBM WebSphere Liberty flaws can be chained into full takeover

A pre‑authentication bug in SAML Web SSO, combined with weak access controls and cryptography, allows attackers to escalate privileges and achieve remote code execution.
Security Boulevard

Microsoft’s March Security Update of High-Risk Vulnerability Notice for Multiple Products

Overview On March 11, NSFOCUS CERT detected that Microsoft released the March Security Update patch, which fixed 83 security issues involving widely used products such as Windows, Microsoft Office, ...