SecurityWeek

Exploited Vulnerability Exposes Nginx Servers to Hacking

Hackers are exploiting CVE-2026-33032, a critical remote takeover vulnerability in the Nginx UI management tool.
The Hacker News

Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

CVE-2026-33032 exposes nginx-ui to unauthenticated takeover via MCP endpoint, impacting 2,600+ instances with active ...

The silent “Storm”: New infostealer hijacks sessions, decrypts server-side

New "Storm" infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA.
The Hacker News

Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits

Apple is now sending Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS to alert users of web-based attacks and urge them to install the update. The development ...
Hosted on MSN

Fear, threats, fake rituals to exploit women: Inside Ashok Kharat's web of coercion

A self-proclaimed numerologist and godman, Ashok Kharat, also known as 'Captain' Kharat, was arrested on Thursday by the Nashik Crime Branch for allegedly raping a woman and exploiting others under ...
GitHub

getgodm_http_response_bof.rb

Contribute to ParrotSec/metasploit-framework development by creating an account on GitHub.
GitHub

tftpserver_wrq_bof.rb

is due to the way TFTP handles the filename parameter extracted from a WRQ request. The server will append the user-supplied filename to TFTP server binary's path without any bounds checking, and then ...