N8n webhooks abused since October 2025, with phishing volume up 686%, enabling malware delivery and device tracking.
Get the latest international news and world events from around the world.
Actively Exploited nginx-ui Flaw (CVE-2026–33032) Enables Full Nginx Server Takeover
A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild.
The vulnerability in question is CVE-2026–33032 (CVSS score: 9.8), an authentication bypass vulnerability that enables threat actors to seize control of the Nginx service. It has been codenamed MCPwn by Pluto Security.
“The nginx-ui MCP (Model Context Protocol) integration exposes two HTTP endpoints: /mcp and /mcp_message,” according to an advisory released by nginx-ui maintainers last month. “While /mcp requires both IP whitelisting and authentication (AuthRequired middleware), the /mcp_message endpoint only applies IP whitelisting — and the default IP whitelist is empty, which the middleware treats as ‘allow all.’”
Microsoft pays $2.3M for cloud and AI flaws at Zero Day Quest
Microsoft has awarded $2.3 million to security researchers after receiving nearly 700 submissions during this year’s Zero Day Quest hacking contest.
Tom Gallagher, Vice President of Engineering at Microsoft Security Response Center (MSRC), said that over 80 flaws found during the live event at Microsoft’s Redmond campus were high-impact cloud and AI security vulnerabilities.
“During the 2026 live hacking event, Microsoft partnered with the global security research community, representing more than 20 countries and a wide range of professional backgrounds, from high school students to college professors,” Gallagher said.
WordPress plugin suite hacked to push malware to thousands of sites
More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows unauthorized access to websites running them.
A malicious actor planted the backdoor code last year but only recently started pushing it to users via updates, generating spam pages and causing redirects, as per the instructions received from the command-and-control (C2) server.
The compromise affects plugins with hundreds of thousands of active installations and was spotted by Austin Ginder, the founder of managed WordPress hosting provider Anchor Hosting, after receiving a tip about one add-on containing code that allowed third-party access.
Signed software abused to deploy antivirus-killing scripts
A digitally signed adware tool has deployed payloads running with SYSTEM privileges that disabled antivirus protections on thousands of endpoints, some in the educational, utilities, government, and healthcare sectors.
In a single day, researchers observed more than 23,500 infected hosts in 124 countries trying to connect to the operator’s infrastructure, with hundreds of infected endpoints present in high-value networks.
Scientists Discover Game-Changing New Way To Treat High Cholesterol
Scientists are rethinking how to treat a widespread genetic cholesterol disorder by targeting particle production instead of removal.
Familial hypercholesterolemia (FH) disrupts one of the body’s most important cleanup systems. Normally, low-density lipoprotein (LDL), often called “bad” cholesterol, is removed from the bloodstream by LDL receptors (LDLR) in the liver. These receptors act like docking stations, pulling cholesterol into cells where it can be broken down. In people with FH, mutations in the LDLR gene weaken or disable this process.
As a result, cholesterol builds up in the blood for decades, often without obvious symptoms until it leads to heart attacks or other cardiovascular problems. About 1 in 200 adults carries this genetic change, making it one of the most common inherited disorders worldwide.
The Most Underrated Philosophy of All Time?
What if we were to reintroduce aristtelianism back into physics not the common sense notion of motion of bodies but teleology.
Spatiotemporal molecular profiling of macrophage-fibroblast crosstalk defines checkpoints orchestrating onset and resolution of inflammation
Weishaupt, Chambers, et al. combine single-cell transcriptomic and epigenomic profiling with in vivo models to map the temporal dynamics of macrophage-fibroblast communication during inflammatory arthritis. They show that fibroblasts initiate inflammation, whereas monocyte-derived macrophages undergo transcriptional reprogramming into SPP1+ cells that actively promote resolution by restraining fibroblast pathogenicity.