# Top Stories

A critical vulnerability (CVE-2026-33032) in Nginx UI with Model Context Protocol support is being actively exploited for authentication bypass, enabling full server takeover without credentials. The near-maximum severity flaw allows attackers to restart, create, modify, and delete NGINX configuration files with SYSTEM privileges.

New AgingFly malware is targeting Ukrainian government agencies and hospitals, stealing authentication data from Chromium-based browsers and WhatsApp messenger. The malware represents an active threat against critical infrastructure in the ongoing conflict zone.

More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code allowing unauthorized website access. The supply chain attack affects thousands of WordPress sites running these popular plugins.

Microsoft patched a record 169 vulnerabilities in April 2026 Patch Tuesday, including one actively exploited SharePoint zero-day and 157 rated as Important severity. Eight vulnerabilities are rated Critical, making this the second-largest Microsoft patch release on record.

A digitally signed adware tool has deployed SYSTEM-privilege payloads that disabled antivirus protections on thousands of endpoints across educational, utilities, government, and healthcare sectors. The attack demonstrates how legitimate code signing can be abused to bypass security controls.

CISA added a Windows Task Host privilege escalation vulnerability to its Known Exploited Vulnerabilities catalog, warning federal agencies of active exploitation. The flaw allows attackers to gain SYSTEM privileges on compromised Windows systems.

Security researchers discovered 108 malicious Chrome extensions stealing user credentials, hijacking Telegram sessions, and injecting unwanted ads across 20,000 users. The extensions were published through five coordinated accounts sharing common command-and-control infrastructure.

Threat actors have weaponized n8n AI workflow automation platform since October 2025 to deliver malware via phishing emails and fingerprint devices. The attack leverages trusted automation infrastructure to bypass traditional security filters.

The UK government warned businesses to strengthen cyber defenses amid concerns over Anthropic's Mythos AI model, which can find and chain software vulnerabilities faster than humans. The advisory highlights growing fears about AI's potential to accelerate cyberattack capabilities.

Educational publisher McGraw Hill disclosed that a Salesforce misconfiguration led to a data breach after cybercriminal group ShinyHunters claimed to have stolen 45 million Salesforce records. The breach emerged when the attackers threatened to leak the data by April 14 unless ransom demands were met.