Security news.
Today's security news highlights critical vulnerabilities and active exploitation, with a focus on supply chain risks and the evolving landscape of AI in cyberattacks and defense. Several major tech companies have released patches and updates to address serious flaws, while new malware campaigns target specific regions and sectors.
Critical Nginx UI Auth Bypass Flaw Actively Exploited
A critical vulnerability (CVE-2026-33032) in Nginx UI with Model Context Protocol (MCP) support is now being actively exploited, allowing for full server takeover without authentication.
Hackers Exploit Marimo Flaw to Deploy NKAbuse Malware
A critical vulnerability in Marimo reactive Python notebook is being exploited to deploy a new variant of NKAbuse malware, hosted on Hugging Face Spaces.
New PowMix Botnet Targets Czech Workers
Cybersecurity researchers have uncovered an active campaign using the previously undocumented PowMix botnet, targeting the Czech Republic workforce with randomized C2 traffic to evade detection.
ATHR Vishing Platform Uses AI Voice Agents for Automated Attacks
A new cybercrime platform, ATHR, automates voice phishing attacks using both human operators and AI agents to harvest credentials.
Cisco Patches Critical Webex and ISE Vulnerabilities
Cisco has released security updates for four critical flaws in Identity Services and Webex Services, which could allow arbitrary code execution or user impersonation.
McGraw Hill Data Breach Affects 13.5 Million Accounts
The ShinyHunters extortion group has leaked data from 13.5 million McGraw Hill user accounts after breaching the company's Salesforce environment.
Tennessee Hospital Data Breach Affects 337,000
Cookeville Regional Medical Center was targeted by the Rhysida ransomware group last year, resulting in the theft of 500GB of data impacting 337,000 individuals.
Microsoft's Original Windows Secure Boot Certificate Expiring
Microsoft's original Windows Secure Boot certificate is expiring, necessitating a significant coordinated security maintenance effort across the Windows ecosystem for PC updates.