Bleeping Computer

Critical Nginx UI auth bypass flaw now actively exploited in the wild

A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full server takeover without authentication. The flaw, tracked as CVE-2026-33032, ...
The New York Times

There’s a New Phishing Scam: Fake Invitations

Hackers are spoofing Paperless Post, Evite and Punchbowl to creep into your hard drive. By Steven Kurutz When John Lantigua, a retired journalist in Miami Beach, checked his email one recent morning, ...
The Hacker News

Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is ...
GitHub

nginx-auth

This is a tool that allows users to use Tailscale Whois authentication with NGINX as a reverse proxy. This allows users that already have a bunch of services hosted on an internal NGINX server to ...
GitHub

ngx_http_auth_token_module.c

An authentication token validation module for NGINX - abedra/nginx-auth-token-module ...