SecurityWeek

Hackers are exploiting CVE-2026-33032, a critical remote takeover vulnerability in the Nginx UI management tool. 

The Israeli startup aims to secure AI agents at runtime, continuously monitoring their behavior to prevent unsafe actions.

Researchers warn that a flaw in Anthropic’s Model Context Protocol allows unsanitized commands to execute silently, enabling full system compromise across widely used AI environments.

Published through five accounts, the extensions appear part of a coordinated campaign based on shared C&C infrastructure.

Sophos’ Ross McKerchar discusses leadership at scale, retaining talent, defending against AI-enabled threats, and the industry’s growing trust problem.

Offered as a MaaS to a small number of affiliates, mainly Russian speakers, the RAT can turn devices into residential proxy nodes.

The flaws could allow a remote attacker to maintain access after their account has been disabled and to access information from other user sessions.

Researchers found adware capable of killing cybersecurity products and pushing more dangerous payloads to infected systems.

Congress is set to take up the reauthorization of a divisive program that lets U.S. spy agencies pore over foreigners’ calls, texts and emails.

The flaws could allow attackers to bypass authentication or execute arbitrary code or commands via HTTP requests.

Siemens, Schneider Electric, Aveva, Rockwell Automation, ABB, Phoenix Contact, Mitsubishi Electric, and Moxa patched vulnerabilities.

Experts say this is the second-largest Microsoft Patch Tuesday ever based on CVE count.

Critical ColdFusion vulnerabilities are the most at risk of being exploited in attacks, according to the software giant.

CISOs face a shrinking window to prepare as AI models like Mythos collapse the gap between vulnerability discovery and exploitation, driving a new era of high-velocity cyberattacks.

Basic-Fit has reported that hackers have stolen names, dates of birth, and even bank account details.