The Hacker News

Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access

Docker CVE-2026-34040 enables AuthZ bypass via padded requests, risking host compromise; fixed in version 29.3.1.
Crypto Briefing

Utexo and x402 enable USDT payments for the agent economy with near-instant settlement

Utexo, the Bitcoin-native execution and settlement layer for stablecoin payments, today announced a collaboration with x402 ...
CSO Online

Old Docker authorization bypass pops up despite previous patch

A 10-year-old issue involving Docker Engine and the AuthZ authorization plug-in lives again to enable attackers to gain ...

Naftiko Launches Alpha of Open-Source Framework That Turns API Sprawl Into Governed Capabilities for AI

Large enterprises manage an average of 1,295 SaaS applications and over 14,000 internal APIs. PARIS, ÎLE-DE-FRANCE, ...
SecurityWeek

Fortinet Patches Critical FortiSandbox Vulnerabilities

Fortinet patched 27 vulnerabilities, including two critical FortiSandbox flaws leading to authentication bypass and code ...

TutorFlow Launches Agent Platform with API and MCP Integration for AI-Powered Education

Developers and AI agents can generate courses, evaluate answers, and run learning workflows through a single API, with ...
The Next Web

LinkedIn is secretly scanning your browser for 6,000 extensions, and you weren’t told

LinkedIn runs a hidden JavaScript script called Spectroscopy that silently probes over 6,000 Chrome extensions and collects ...

Patch these critical Fortinet sandbox bugs that let attackers bypass login, run commands over HTTP

CVE-2026-39808 is an OS command injection flaw in FortiSandbox that allows unauthenticated attackers to execute unauthorized ...
Communications of the ACM

Subscription Bombing: Email under Attack

Email subscription bombing (also known as subscription flooding or email spam bombing) is an attack technique that overwhelms ...

Hackers exploit React2Shell in automated credential theft campaign

Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell ...
Infosecurity Magazine

Critical Nginx-ui MCP Flaw Actively Exploited in the Wild

A critical authentication bypass in nginx-ui, a widely used open-source web interface for managing nginx servers, has been ...
The Hacker News

Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

CVE-2026-33032 exposes nginx-ui to unauthenticated takeover via MCP endpoint, impacting 2,600+ instances with active ...