Sophos’ Ross McKerchar discusses leadership at scale, retaining talent, defending against AI-enabled threats, and the industry’s growing trust problem.
The post CISO Conversations: Ross McKerchar, CISO at Sophos appeared first on SecurityWeek.
Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild.
The vulnerability in question is CVE-2026-33032 (CVSS score: 9.8), an authentication bypass vulnerability that enables threat actors to seize control of the Nginx service. It has been codenamed MCPwn by Pluto Security.
“
The vulnerability in question is CVE-2026-33032 (CVSS score: 9.8), an authentication bypass vulnerability that enables threat actors to seize control of the Nginx service. It has been codenamed MCPwn by Pluto Security.
“
April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
A number of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April’s Patch Tuesday releases.
Topping the list is an SQL injection vulnerability impacting SAP Business Planning and Consolidation and SAP Business Warehouse (CVE-2026-27681, CVSS score: 9.9) that could result in the execution of arbitrary database
Topping the list is an SQL injection vulnerability impacting SAP Business Planning and Consolidation and SAP Business Warehouse (CVE-2026-27681, CVSS score: 9.9) that could result in the execution of arbitrary database
Mirax RAT Targeting Android Users in Europe
Offered as a MaaS to a small number of affiliates, mainly Russian speakers, the RAT can turn devices into residential proxy nodes.
The post Mirax RAT Targeting Android Users in Europe appeared first on SecurityWeek.
Microsoft: April updates trigger BitLocker key prompts on some servers
Microsoft confirmed on Tuesday that some Windows Server 2025 devices will boot into BitLocker recovery after installing the April 2026 KB5082063 Windows security update. […]
Two Vulnerabilities Patched in Ivanti Neurons for ITSM
The flaws could allow a remote attacker to maintain access after their account has been disabled and to access information from other user sessions.
The post Two Vulnerabilities Patched in Ivanti Neurons for ITSM appeared first on SecurityWeek.
Deterministic + Agentic AI: The Architecture Exposure Validation Requires
Few technologies have moved from experimentation to boardroom mandate as quickly as AI. Across industries, leadership teams have embraced its broader potential, and boards, investors, and executives are already pushing organizations to adopt it across operational and security functions. Pentera’s AI Security and Exposure Report 2026 reflects that momentum: every CISO surveyed
$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks
Researchers found adware capable of killing cybersecurity products and pushing more dangerous payloads to infected systems.
The post $10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks appeared first on SecurityWeek.
Trump Urges Extending Foreign Surveillance Program as Some Lawmakers Push for US Privacy Protections
Congress is set to take up the reauthorization of a divisive program that lets U.S. spy agencies pore over foreigners’ calls, texts and emails, with supporters like President Donald Trump saying it has saved lives while critics point to longstanding concerns about warrantless surveillance of Americans. A key provision of the Foreign Intelligence Surveillance Act […]
The post Trump Urges Extending Foreign Surveillance Program as Some Lawmakers Push for US Privacy Protections appeared first on SecurityWeek.
Microsoft fixes bug behind Windows Server 2025 automatic upgrades
Microsoft has finally fixed a known issue that was causing systems running Windows Server 2019 and 2022 to “unexpectedly” upgrade to Windows Server 2025. […]