The Hacker News

Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

CVE-2026-33032 exposes nginx-ui to unauthenticated takeover via MCP endpoint, impacting 2,600+ instances with active ...
Hackaday

This Week In Security: Flatpak Fixes, Android Malware, And SCADA Was IOT Before IOT Was Cool

Rowhammer attacks have been around since 2014, and mitigations are in place in most modern systems, but the team at gddr6.fail has found ways to apply the attack to current-generation GPUs.

New Apple Scam Hits Millions of iPhone Users Worldwide, Draining Bank Accounts

Apple warns of a new scam targeting millions of iPhone users. Learn the red flags, how it works, and how to protect your ...

Microsoft Confirms New And Widespread 2FA Code Attacks Ongoing

The Microsoft Defender Security Research Team has confirmed that a pervasive new authentication code attack is compromising ...
SecurityWeek

RCE Bug Lurked in Apache ActiveMQ Classic for 13 Years

RCE vulnerability in Apache ActiveMQ Classic that remained unnoticed for 13 years can be exploited via an Jolokia API.
Microsoft

Inside an AI‑enabled device code phishing campaign

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.
DataBreachToday

One-Time Passcodes Are Gateway for Financial Fraud Attacks

Financial institutions have historically relied on one-time passcodes as a primary authentication control for their ...
AOL

Text Message 2FA Is a Weak Link and These Options Are Stronger

Text message two-factor authentication sounds like a security upgrade. It feels official. It looks responsible. Yet it often stands as the flimsiest barrier between a criminal and everything stored in ...
VentureBeat

Kilo launches AI-powered Slack bot that ships code from a chat message

Kilo Code, the open-source AI coding startup backed by GitLab cofounder Sid Sijbrandij, is launching a Slack integration that allows software engineering teams to execute code changes, debug issues, ...
Windows Report

Windows 11 and Server 2026 Updates Get Bigger With New CLFS Security Changes

Microsoft continues to roll out security hardening measures in Windows through its monthly Patch Tuesday releases, and the November 2025 update introduces a significant change for the Common Log File ...