# Archive

Browse past daily curated stories

May 08 May 05 May 03 May 02 May 01 Apr 30 Apr 28 Apr 26 Apr 25 Apr 24 Apr 23 Apr 22 Apr 21 Apr 20 Apr 19 Apr 18 Apr 17 Apr 16 Apr 15 Apr 14 Apr 12 Apr 11 Apr 10 Apr 09 Apr 08 Apr 07 Apr 05 Apr 04 Apr 03 Apr 02

Thursday, April 16, 2026

1
0

BleepingComputer general
Critical Nginx UI auth bypass flaw now actively exploited in the wild
A critical vulnerability (CVE-2026-33032) in Nginx UI with Model Context Protocol support is being actively exploited for authentication bypass, enabling full server takeover without credentials. The near-maximum severity flaw allows attackers to restart, create, modify, and delete NGINX configuration files with SYSTEM privileges.
2
0

BleepingComputer general
New AgingFly malware used in attacks on Ukraine govt, hospitals
New AgingFly malware is targeting Ukrainian government agencies and hospitals, stealing authentication data from Chromium-based browsers and WhatsApp messenger. The malware represents an active threat against critical infrastructure in the ongoing conflict zone.
3
0

BleepingComputer general
WordPress plugin suite hacked to push malware to thousands of sites
More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code allowing unauthorized website access. The supply chain attack affects thousands of WordPress sites running these popular plugins.
4
0

The Hacker News general
Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities
Microsoft patched a record 169 vulnerabilities in April 2026 Patch Tuesday, including one actively exploited SharePoint zero-day and 157 rated as Important severity. Eight vulnerabilities are rated Critical, making this the second-largest Microsoft patch release on record.
5
0

BleepingComputer general
Signed software abused to deploy antivirus-killing scripts
A digitally signed adware tool has deployed SYSTEM-privilege payloads that disabled antivirus protections on thousands of endpoints across educational, utilities, government, and healthcare sectors. The attack demonstrates how legitimate code signing can be abused to bypass security controls.
6
0

BleepingComputer general
CISA flags Windows Task Host vulnerability as exploited in attacks
CISA added a Windows Task Host privilege escalation vulnerability to its Known Exploited Vulnerabilities catalog, warning federal agencies of active exploitation. The flaw allows attackers to gain SYSTEM privileges on compromised Windows systems.
7
0

SecurityWeek general
100 Chrome Extensions Steal User Data, Create Backdoor
Security researchers discovered 108 malicious Chrome extensions stealing user credentials, hijacking Telegram sessions, and injecting unwanted ads across 20,000 users. The extensions were published through five coordinated accounts sharing common command-and-control infrastructure.
8
0

The Hacker News general
n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails
Threat actors have weaponized n8n AI workflow automation platform since October 2025 to deliver malware via phishing emails and fingerprint devices. The attack leverages trusted automation infrastructure to bypass traditional security filters.
9
0

The Record threat-intel
UK warns businesses to address cyber risks amid Anthropic AI panic
The UK government warned businesses to strengthen cyber defenses amid concerns over Anthropic's Mythos AI model, which can find and chain software vulnerabilities faster than humans. The advisory highlights growing fears about AI's potential to accelerate cyberattack capabilities.
10
0

The Record threat-intel
Educational company McGraw Hill says Salesforce misconfiguration led to data leak
Educational publisher McGraw Hill disclosed that a Salesforce misconfiguration led to a data breach after cybercriminal group ShinyHunters claimed to have stolen 45 million Salesforce records. The breach emerged when the attackers threatened to leak the data by April 14 unless ransom demands were met.