Critical Nginx UI Auth Bypass Flaw Under Active Exploitation — BleepingComputer

A critical authentication bypass vulnerability (CVE-2026-33032) in Nginx UI with Model Context Protocol (MCP) support is being actively exploited in the wild. This flaw allows attackers to take full control of Nginx servers, including the ability to restart, create, modify, and delete configurations. Security teams should prioritize patching affected systems to mitigate potential server takeovers and ensure robust access controls are in place.

AgingFly Malware Targets Ukrainian Government and Hospitals — BleepingComputer

The 'AgingFly' malware family has been identified in cyberattacks against Ukrainian government entities and healthcare facilities. This sophisticated malware is believed to be part of a nation-state campaign, employing advanced evasion techniques and targeting sensitive data. Security teams should monitor for indicators of compromise and enhance defenses to protect against potential data breaches and service disruptions.

• Microsoft, Salesforce Patch AI Agent Data Leak Flaws [Dark Reading]
• WordPress plugin suite hacked to push malware to thousands of sites [BleepingComputer]
• CISA flags Windows Task Host vulnerability as exploited in attacks [BleepingComputer]
• 108 malicious Chrome extensions caught stealing Google and Telegram data from 20,000 users - Bitdefender [Google News Security]