A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full ...

CVE-2026-33032 exposes nginx-ui to unauthenticated takeover via MCP endpoint, impacting 2,600+ instances with active ...

A single unauthenticated connection gives attackers a full shell; credential theft observed in under three minutes on honeypot servers.

CPUID breach served STX RAT via trojanized CPU-Z downloads on April 9–10, impacting 150+ victims and multiple industries.

Goal: Exploit a vulnerable Samba service to gain root access on a Linux target, then systematically use a suite of Metasploit post-exploitation modules to gather credentials, system hashes, and ...

Abstract: The Vim text editor, due to its significant scripting capabilities (Vimscript) and legitimate features like modeline and autocmd, presents a unique attack surface often overlooked by ...

One of the kernel exploits in the recently discovered iOS exploit kit Coruna is an updated version of an exploit used in Operation Triangulation over three years ago, Kaspersky reports. In mid-2023, ...

Security researchers have uncovered a series of cyberattacks targeting Apple customers across the world. The tools used in these hacking campaigns have been dubbed Coruna and DarkSword, and they have ...

Leaking the code is a double-edged sword; although cybercriminals can quickly adopt it for their own schemes, publicizing the exploit techniques can also force the entire industry to bolster its ...

DarkSword, a serious iPhone exploit kit, just leaked on GitHub. If your device is running iOS 18.4 through 18.7 — or legacy versions 15.8.7 or 16.7.15 — you’re vulnerable. Contacts, messages, call ...

iPhone users should be on alert: DarkSword spyware has been posted in the wild. Credit: Cheng Xin/Getty Images DarkSword, the web-based hacker tool that can be used to steal data from millions of ...