Attention: You are using an outdated browser, device or you do not have the latest version of JavaScript downloaded and so this website may not work as expected. Please download the latest software or switch device to avoid further issues.
| 21 Apr 2026 | |
| Written by Gabi Gerber | |
| Attacks & Threats |
Attackers are actively exploiting a critical flaw in the widely used nginx-ui interface for managing NGINX web servers.
The flaw, tracked as CVE-2026-33032, (CVSS: 9.8) stems from nginx-ui's insecure implementation of the Model Context Protocol (MCP) and gives attackers a way to make unauthorized changes to NGINX server configurations with little or no authentication in some cases. More here
Chained Bypasses Exfiltrate Data Via Hidden AI Prompts More...
In a new report from the Cloud Security Alliance (CSA), experts warn of an "AI vulnerability storm" triggered by the int… More...
Its Mythos Preview model, which can allegedly find and exploit critical zero-days, also comes with certain controls, the… More...
The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromis… More...
Chained Bypasses Exfiltrate Data Via Hidden AI Prompts More...
Attackers can abuse the near-maximum severity flaw in nginx-ui to restart, create, modify, and delete NGINX configuratio… More...
In a new report from the Cloud Security Alliance (CSA), experts warn of an "AI vulnerability storm" triggered by the int… More...
Its Mythos Preview model, which can allegedly find and exploit critical zero-days, also comes with certain controls, the… More...
