Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft

Researchers linked 108 malicious Chrome extensions to a coordinated campaign that exposed about 20,000 users to data theft, ...
SecurityWeek

Exploited Vulnerability Exposes Nginx Servers to Hacking

Hackers are exploiting CVE-2026-33032, a critical remote takeover vulnerability in the Nginx UI management tool.

Critical Nginx UI auth bypass flaw now actively exploited in the wild

A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full ...
The Hacker News

Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

CVE-2026-33032 exposes nginx-ui to unauthenticated takeover via MCP endpoint, impacting 2,600+ instances with active ...
CSO Online

Critical nginx UI tool vulnerability opens web servers to full compromise

The vulnerability, with a CVSS score of 9.8, relates to the software’s support for Model Context Protocol (MCP) servers, ...