Critical Nginx UI auth bypass flaw now actively exploited in the wild

A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full ...

Microsoft’s Patch Tuesday release for April is a whopper

Nearly every major product family needs immediate patching, from Windows to Office to Microsoft Edge, SQL Server, and even ...
The Hacker News

Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

CVE-2026-33032 exposes nginx-ui to unauthenticated takeover via MCP endpoint, impacting 2,600+ instances with active ...
Decrypt

Anthropic’s Alarming Mythos Findings Replicated With Off-the-Shelf AI, Researchers Say

Security researchers used GPT-5.4 and Claude Opus 4.6 in an open-source harness to reproduce Anthropic's Mythos vulnerability ...

Why log file analysis matters for AI crawlers and search visibility

Track how AI crawlers access your site, identify crawl gaps, and understand what content gets missed using log file data.
CSO Online

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

The 9.1-CVSS vulnerability enables attackers to circumvent RCE protections in the de facto template engine for the Java ...

Nothing makes it easy to share files between any Android phone and a Mac

I test Android phones for a living, but I write about them using a company-supplied MacBook Air. Both platforms are great in ...

cryptact Launches MCP Server for AI Assistants

BusinessWire IndiaNew Delhi [India], April 16: cryptact, the crypto tax platform used by more than 200,000 investors and operated by pafin Inc., today launched an MCP server that lets AI assistants ...

Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days

Today is Microsoft's April 2026 Patch Tuesday with security updates for 167 flaws, including 2 zero-day vulnerabilities.
The Hacker News

UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign

The Computer Emergencies Response Team of Ukraine (CERT-UA) has disclosed details of a new campaign that has targeted ...
CSO Online

Seven IBM WebSphere Liberty flaws can be chained into full takeover

A pre‑authentication bug in SAML Web SSO, combined with weak access controls and cryptography, allows attackers to escalate privileges and achieve remote code execution.