The Hacker News

Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

CVE-2026-33032 exposes nginx-ui to unauthenticated takeover via MCP endpoint, impacting 2,600+ instances with active ...
MyNewsLA.com

Scottish Man Plead Guilty in $8 Million Phishing and Crypto Theft Scheme

A man from Scotland pleaded guilty Friday to conspiring to hack into company computer systems through text message phishing attacks and steal at least $8 million in virtual currency from victims ...

CISA tells feds to patch 13-year-old Apache ActiveMQ bug under active attack

The US cybersecurity agency added the bug, tracked as CVE-2026-34197, to its Known Exploited Vulnerabilities (KEV) catalog on ...
SecurityWeek

Recent Apache ActiveMQ Vulnerability Exploited in the Wild

Organizations are warned that a recently patched vulnerability affecting Apache ActiveMQ Classic is being exploited in the ...
Infosecurity Magazine

Critical Nginx-ui MCP Flaw Actively Exploited in the Wild

A critical authentication bypass in nginx-ui, a widely used open-source web interface for managing nginx servers, has been ...
India Today on MSN

The mystery of missing LPG cylinders: Delivered, but not received

Talk about the massive raids to recover LPG cylinders from the black market in India. Have you wondered how these make it ...

Attackers are attacking Apache ActiveMQ Broker, Apache ActiveMQ

Admins should quickly install the versions of Apache ActiveMQ Broker and Apache ActiveMQ that are protected against currently ...

Tampa woman sentenced for trafficking Microsoft certificate of authenticity labels

A Tampa woman was sentenced for trafficking illicit Microsoft certificate of authenticity labels. Heidi Richards, 52, was ...

4 Recent Social Security Changes That Impact Millions of Retirees

Sudden Social Security changes can take you by surprise and affect your check for the rest of your life. Learn about WEP, GPO ...

Over 100 Chrome Web Store extensions steal user accounts, data

More than 100 malicious extensions in the official Chrome Web Store are attempting to steal Google OAuth2 Bearer tokens, ...

Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway.

Microsoft assigned CVE-2026-21520 to a Copilot Studio prompt injection vulnerability and patched it in January — but in ...