A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full server takeover without authentication. […]
New AgingFly malware used in attacks on Ukraine govt, hospitals
A new malware family named ‘AgingFly’ has been identified in attacks against local governments and hospitals that steal authentication data from Chromium-based browsers and WhatsApp messenger. […]
WordPress plugin suite hacked to push malware to thousands of sites
More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows unauthorized access to websites running them. […]
Signed software abused to deploy antivirus-killing scripts
A digitally signed adware tool has deployed payloads running with SYSTEM privileges that disabled antivirus protections on thousands of endpoints, some in the educational, utilities, government, and healthcare sectors. […]
n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails
Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails.
“By leveraging trusted infrastructure, these attackers bypass traditional security filters, turning productivity tools into delivery
“By leveraging trusted infrastructure, these attackers bypass traditional security filters, turning productivity tools into delivery
Sweden Blames Pro-Russian Group for Cyberattack Last Year on Its Energy Infrastructure
In what was Sweden’s first public mention of the attack, the country’s minister for civil defense said it targeted a heating plant in western Sweden.
The post Sweden Blames Pro-Russian Group for Cyberattack Last Year on Its Energy Infrastructure appeared first on SecurityWeek.
Microsoft pays $2.3M for cloud and AI flaws at Zero Day Quest
Microsoft has awarded $2.3 million to security researchers after receiving nearly 700 submissions during this year’s Zero Day Quest hacking contest. […]
CISA flags Windows Task Host vulnerability as exploited in attacks
CISA warned U.S. government agencies to secure their systems against a Windows Task Host privilege escalation vulnerability that could allow attackers to gain SYSTEM privileges. […]
Exploited Vulnerability Exposes Nginx Servers to Hacking
Hackers are exploiting CVE-2026-33032, a critical remote takeover vulnerability in the Nginx UI management tool.
The post Exploited Vulnerability Exposes Nginx Servers to Hacking appeared first on SecurityWeek.
Rolling Networks: Securing the Transportation Sector
Modern trucks are rolling networks packed with sensors, connectivity, and attack surfaces, creating new cyber risks. NMFTA’s Cybersecurity Conference brings industry leaders together to tackle emerging threats in transportation. […]