The Hacker News

Hidden Passenger? How Taboola Routes Logged-In Banking Sessions to Temu

Taboola pixel redirected logged-in banking users to Temu in February 2026 audit, exposing GDPR and PCI DSS risks.

Critical Nginx UI auth bypass flaw now actively exploited in the wild

A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full ...

Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft

Researchers linked 108 malicious Chrome extensions to a coordinated campaign that exposed about 20,000 users to data theft, ...
The Hacker News

Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

CVE-2026-33032 exposes nginx-ui to unauthenticated takeover via MCP endpoint, impacting 2,600+ instances with active ...
Dawn

The underground architecture that has sustained Iran’s military capacity in the face of US-Israeli attacks

The movement downward is not merely concealment, but a reorganisation of space forced by a mode of war that seeks to make the ...

Over 100 Chrome Web Store extensions steal user accounts, data

More than 100 malicious extensions in the official Chrome Web Store are attempting to steal Google OAuth2 Bearer tokens, ...
CNX Software

Linux 7.0 Release – Main changes, Arm, RISC-V, and MIPS architectures

The last week of the release continued the same “lots of small fixes” trend, but it all really does seem pretty benign, so I’ve tagged the final 7.0 and pushed it out. I suspect it’s a lot of AI tool ...
MUO on MSN

I finally escaped my ISP's DNS lock-in with this device-level trick

Don't let your ISP's network settings slow you down.
WinBuzzer

Google, Microsoft, Meta Ignore Privacy Opt-Outs, Audit Finds

An audit has found Google, Microsoft, and Meta have ignored privacy opt-out signals on most California websites, setting ad ...