The Hacker News

Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

CVE-2026-33032 exposes nginx-ui to unauthenticated takeover via MCP endpoint, impacting 2,600+ instances with active ...

How digital thieves use fake profiles and invites to scam your friends

The FBI reported this week that Americans were defrauded of nearly $21 billion last year. Here’s how to spot even the most ...
Hackaday

This Week In Security: Flatpak Fixes, Android Malware, And SCADA Was IOT Before IOT Was Cool

Rowhammer attacks have been around since 2014, and mitigations are in place in most modern systems, but the team at gddr6.fail has found ways to apply the attack to current-generation GPUs.

Microsoft Confirms New And Widespread 2FA Code Attacks Ongoing

The Microsoft Defender Security Research Team has confirmed that a pervasive new authentication code attack is compromising ...
SecurityWeek

RCE Bug Lurked in Apache ActiveMQ Classic for 13 Years

RCE vulnerability in Apache ActiveMQ Classic that remained unnoticed for 13 years can be exploited via an Jolokia API.
Microsoft

Inside an AI‑enabled device code phishing campaign

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.
Forbes

Why Fallback Channels Are Now Core To Secure Authentication

For years, one-time passwords (OTPs) have been treated as a tactical security layer. Add an extra step, reduce casual fraud, move on. But in my experience helping businesses verify users, prevent ...
AOL

Text Message 2FA Is a Weak Link and These Options Are Stronger

Text message two-factor authentication sounds like a security upgrade. It feels official. It looks responsible. Yet it often stands as the flimsiest barrier between a criminal and everything stored in ...