The post Embargo Broken: Public PoC Released for “Dirty Frag” Linux Kernel Exploit Granting Instant Root Access appeared first on Daily CyberSecurity.

What happened Cyberthint analysts have documented a structural shift in how cyberattacks are conducted, with threat actors now using artificial intelligence to discover and exploit zero-day vulnerabilities in minutes rather than months. The firm identified this transition in late 2024, noting that AI is operating not just as a research assistant but as an active […]

The post Threat Actors Use AI to Automate Zero-Day Discovery and Exploitation at Machine Speed appeared first on CISO Whisperer.

The post Threat Actors Use AI to Automate Zero-Day Discovery and Exploitation at Machine Speed appeared first on Security Boulevard.

The post FreeBSD DHCP Client Flaw Opens Door to Remote Code Execution as Root Privilege appeared first on Daily CyberSecurity.

The post The Tadashi Files: Inside the xlabs_v1 Botnet Targeting 4 Million Android Devices appeared first on Daily CyberSecurity.

The post The Worm Turns to PHP: Mini Shai-Hulud’s 20-Million-Install Hijack of Intercom appeared first on Daily CyberSecurity.

Agentic AI’s impact on ransomware—it’s execution, its success and even who gets to play, is being widely felt. And we’re just getting started. 

The post Ransomware Victims up 389%, TTE in Less Than Two Days: How Can Defenders Stay Ahead? appeared first on Security Boulevard.

The post Copy Fail: Public PoC and Full Details Disclosed for the 732-Byte Linux Root Exploit (CVE-2026-31431) appeared first on Daily CyberSecurity.

Microsoft confirmed a Windows zero-click flaw tied to an incomplete patch is being exploited, putting credentials at risk for unpatched users.

The post Microsoft Confirms Windows Flaw Is Being Exploited After Incomplete Patch appeared first on TechRepublic.

The post Label Leak: Hardcoded Credentials in Snap One WattBox Devices Open Door to Root Access appeared first on Daily CyberSecurity.

The post Critical LiteLLM SQL Injection (CVE-2026-42208) Exploited in the Wild appeared first on Daily CyberSecurity.

The post Unpatched and Exposed: Public PoC Released for Critical 9.8 CVSS Xiongmai IP Camera Flaw appeared first on Daily CyberSecurity.

The post Linux Privilege Escalation: “Pack2TheRoot” Flaw Impacts Major Distributions appeared first on Daily CyberSecurity.

The post Over 400,000 WordPress Sites at Risk as “Breeze” Plugin Zero-Day Is Exploited in the Wild appeared first on Daily CyberSecurity.

The post Nexcorium Botnet Turns Unpatched DVRs into DDoS Foot Soldiers appeared first on Daily CyberSecurity.

The post Zero-Day Alert: The “Red Sun” Vulnerability Turning Microsoft Defender into a Hacker’s Tool appeared first on Daily CyberSecurity.

A critical authentication bypass vulnerability in Nginx UI, tracked as CVE-2026-33032 with a maximum CVSS score of 9.8, is currently being actively exploited in the wild.

This flaw allows unauthenticated remote attackers to gain complete control over affected Nginx web servers.

Cybersecurity researchers from Pluto Security discovered the vulnerability, which stems from a single missing function call in the application’s Model Context Protocol (MCP) integration.

With over 2,600 publicly exposed instances identified on Shodan, the risk to organizations relying on Nginx UI for web server management is severe.

Nginx-ui Vulnerability Actively Exploited

The vulnerability exists within the MCP integration of Nginx UI, a popular web-based interface for managing Nginx configurations.

The application uses two HTTP endpoints for its MCP functionality: /mcp and /mcp_message.

While the /mcp endpoint correctly enforces both IP whitelisting and authentication, the /mcp_message endpoint lacks the necessary authentication middleware entirely.

Furthermore, the IP whitelist mechanism features a fail-open design. By default, the whitelist is completely empty, which the system interprets as allowing all traffic.

This combination of missing authentication and a permissive default configuration means that any attacker on the network can send direct HTTP POST requests to the /mcp_message endpoint and invoke administrative tools without needing a password, token, or session cookie.

An unauthenticated attacker can exploit this flaw to execute any of the 12 available MCP tools.

Because these tools are designed to manage the underlying Nginx server, the consequences of unauthorized access are devastating.

The most critical impacts and attacker capabilities include:

• Complete Service Takeover: Attackers can use tools like nginx_config_add to create or modify configuration files, which automatically triggers an immediate server reload.
  
• Traffic Interception: By rewriting server blocks, threat actors can proxy all traffic through an attacker-controlled endpoint to capture credentials, session tokens, and sensitive data in transit.
  
• Credential Harvesting: Attackers can inject custom logging directives to capture authorization headers from administrators accessing Nginx UI.
  
• Configuration Exfiltration: Read-only tools allow attackers to read all existing configuration files, exposing backend topologies and TLS certificate paths.
  
• Service Disruption: Writing an invalid configuration and forcing a reload can take the entire Nginx server offline.

Active Exploitation and Scope

The threat is not theoretical: a public proof-of-concept exploit is circulating, and active exploitation has been confirmed by Pluto Security.

VulnCheck has added CVE-2026-33032 to its Known Exploited Vulnerabilities (KEV) list, while Recorded Future’s Insikt Group identified it as a high-impact flaw actively leveraged by threat actors.

The public release of exploit code on GitHub advisories significantly lowers the barrier to entry, enabling even low-skilled attackers to exploit unpatched systems.

Organizations running Nginx UI must take immediate action to secure their infrastructure.

Security experts recommend the following mitigation strategies:

• Update immediately to Nginx UI version 2.3.4 or later, which patches the vulnerability by adding the missing authentication middleware to the /mcp_message endpoint.
• If patching is not immediately possible, disable the MCP feature entirely to remove the attack surface.
• Restrict the IP whitelist to trusted administrator IP addresses rather than leaving it empty, ensuring a fail-closed security posture.
• Review all Nginx access logs and configuration directories for unauthorized changes or unfamiliar files that may indicate a compromise.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Nginx-ui Vulnerability Actively Exploited in Attack – Enables Full Server Takeover appeared first on Cyber Security News.

Adobe patches a critical PDF flaw exploited for months, allowing attackers to bypass sandbox protections and deliver malware. Users urged to update now.

The post Adobe Issues Emergency Patch for Critical PDF Flaw Exploited For Months appeared first on TechRepublic.

Description. AhnLab SEcurity intelligence Center (ASEC) analyzed the attack status and malware statistics of Windows web servers in the first quarter of 2026 based on AhnLab Smart Defense (ASD) logs. the analysis covers Internet Information Services (IIS) and Apache Tomcat web servers in Windows environments. command execution through the web shell is the main path […]

A critical Adobe Acrobat zero-day has been exploited for months via malicious PDFs to steal data and potentially take over systems, with no patch yet available.

The post Hackers Exploit Adobe PDF Flaw for Months to Steal Data, No Fix Yet appeared first on TechRepublic.

The post Zero-Day Alert: Sophisticated PDF Exploit Targets Adobe Reader for Massive Data Theft appeared first on Daily CyberSecurity.