CSO Online

Critical nginx UI tool vulnerability opens web servers to full compromise

The vulnerability, with a CVSS score of 9.8, relates to the software’s support for Model Context Protocol (MCP) servers, ...
Homeland Security Today

Threat Actors Exploited Progress Telerik Vulnerability in U.S. Government IIS Server

The CISA, Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA), Threat Actors Exploit Progress Telerik ...
The Hacker News

Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

CVE-2026-33032 exposes nginx-ui to unauthenticated takeover via MCP endpoint, impacting 2,600+ instances with active ...

Critical Nginx UI auth bypass flaw now actively exploited in the wild

A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full ...
ZDNet

Microsoft warns this hacking group is targeting vulnerable web servers

Microsoft has revealed details of a hacking group it calls Gallium that has malware infrastructure in China and Hong Kong and has been targeting telecommunications companies. From Microsoft's ...
CSOonline

Wave of native IIS malware hits Windows servers

Security researchers warn that multiple groups are compromising Windows web servers and are deploying malware programs that are designed to function as extensions for Internet Information Services ...
InfoWorld

Continuing the Web Server Security Wars: Is IIS or Apache More Secure?

Continuing the theme from my previous column on the relative security of Internet Information Service (IIS) vs. Apache, I’ve come across more studies to support my initial conclusion. Since a single ...