CSO Online

Critical nginx UI tool vulnerability opens web servers to full compromise

The vulnerability, with a CVSS score of 9.8, relates to the software’s support for Model Context Protocol (MCP) servers, ...
Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Malware on npm: HTTP client axios loads backdoor for Windows, macOS, and Linux

The maintainer account for the axios package on npm was compromised to inject a remote access trojan for Windows, macOS, and ...

Cloudflare’s new Dynamic Workers ditch containers to run AI agent code 100x faster

Cloudflare says dynamically loaded Workers are priced at $0.002 per unique Worker loaded per day, in addition to standard CPU and invocation charges ...

Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise

FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from ...

OpenAI patches flaw allowing silent data leakage from ChatGPT conversations

What happens when researchers think outside the box? Data gets exfiltrated through DNS.
WinBuzzer

Claude Code Source Leak Exposes Anti-Distillation Traps

Anthropic's Claude Code source has leaked via a packaging error, exposing anti-distillation traps, an undercover mode, and ...

Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft

Researchers linked 108 malicious Chrome extensions to a coordinated campaign that exposed about 20,000 users to data theft, ...

Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway.

Microsoft assigned CVE-2026-21520 to a Copilot Studio prompt injection vulnerability and patched it in January — but in ...

Iowa bill ends minors’ ability to consent to HPV vaccine alone

Iowa GOP lawmakers sent Gov. Kim Reynolds a bill that eliminates a minor child's ability to consent to the HPV vaccine ...
The Hacker News

Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

CVE-2026-33032 exposes nginx-ui to unauthenticated takeover via MCP endpoint, impacting 2,600+ instances with active ...

Health Canada Approves neffy®--The First Needle-Free Epinephrine Spray for Anaphylaxis

ALK-Abello Pharmaceuticals Inc. Canada (ALK Canada) today announced that Health Canada has approved neffy® 2 mg for the emergency treatment of allergic reactions (anaphylaxis) due to insect stings or ...