Security news.
Today's security brief highlights critical vulnerabilities under active exploitation, significant Patch Tuesday updates, and ongoing threats from malicious software and nation-state actors. Several reports also focus on the evolving security landscape around AI, including new flaws and defensive measures.
Actively Exploited Nginx-UI Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
A critical authentication bypass vulnerability in the nginx-ui management tool, CVE-2026-33032, is being actively exploited to gain control of Nginx services.
Signed Software Abused to Deploy Antivirus-Killing Scripts
A digitally signed adware tool has been observed deploying payloads with SYSTEM privileges to disable antivirus protections on thousands of endpoints across various sectors, including education, government, and healthcare.
CISA Flags Windows Task Host Vulnerability as Exploited in Attacks
CISA has added a Windows Task Host privilege escalation vulnerability to its KEV catalog, warning that it is actively exploited to gain SYSTEM privileges.
April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
This month's Patch Tuesday addresses a record 169 vulnerabilities, including critical flaws in SAP Business Planning and Consolidation (CVE-2026-27681), a SharePoint zero-day, and other issues in Adobe, Microsoft, and Fortinet products.
n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails
Threat actors are weaponizing n8n, an AI workflow automation platform, to conduct sophisticated phishing campaigns, deliver malicious payloads, and fingerprint devices by sending automated emails.
100 Chrome Extensions Steal User Data, Create Backdoor
Over 100 malicious Chrome extensions, published through five accounts, have been identified stealing user data, deploying backdoors, and engaging in ad fraud, indicating a coordinated campaign.
Sweden Blames Pro-Russian Group for Cyberattack Last Year on Its Energy Infrastructure
Sweden has publicly attributed a cyberattack on a heating plant in western Sweden last year to a pro-Russian group, marking the country's first public acknowledgment of the incident.
Microsoft, Salesforce Patch AI Agent Data Leak Flaws
Microsoft and Salesforce have patched prompt injection vulnerabilities in Copilot and Agentforce, respectively, which could have allowed external attackers to leak sensitive data.