VulnHub

Last week, the hacking group TeamPCP claimed to have breached GitHub's internal codebase by using a poisoned Visual Studio Code (VS Code) extension. GitHub, owned by Microsoft, confirmed the breach and has since launched an investigation into how their private code repositories were compromised. This incident raises serious concerns about the security of development tools widely used by programmers. Moreover, researchers recently discovered a critical flaw in NGINX, a popular web server software, which is being actively exploited. These incidents highlight the ongoing vulnerabilities in essential software and the need for robust security measures to protect sensitive information.

A serious vulnerability has been discovered in F5 NGINX, a widely used web server technology that powers about one-third of all websites globally. This vulnerability is currently being exploited by attackers, raising alarms among cybersecurity experts. The issue poses a significant risk to countless websites and web applications that rely on NGINX for handling web traffic. Organizations using NGINX should take immediate action to assess their systems and implement necessary security measures to protect against potential attacks. The urgency of this situation is underscored by the fact that the vulnerability is actively being targeted in the wild, making prompt remediation essential to prevent data breaches and other malicious activities.

A serious vulnerability in NGINX, identified as CVE-2026-42945 and nicknamed NGINX Rift, is currently being exploited by attackers. Disclosed last week, this flaw allows attackers to send specially crafted HTTP requests to vulnerable NGINX servers, potentially leading to denial-of-service conditions and even unauthenticated remote code execution. NGINX is the most widely used web server, meaning a large number of websites and applications could be at risk. Security researcher Patrick Garrity highlighted the urgency of addressing this vulnerability as it poses significant risks to web services that rely on NGINX. It's crucial for administrators to take immediate action to protect their systems from these exploits.

A serious vulnerability in NGINX, tracked as CVE-2026-42945, is currently being exploited in the wild, just days after it was disclosed. This flaw is a heap buffer overflow in the ngx_http_rewrite_module, which affects NGINX Plus and NGINX Open versions from 0.6.27 to 1.30.0. The CVSS score of 9.2 indicates a high severity, as it could lead to worker crashes and potentially allow remote code execution (RCE). Organizations using affected versions should prioritize patching their systems to prevent exploitation. Given the active nature of this threat, immediate action is crucial for maintaining security.

A severe vulnerability in nginx-ui, identified as CVE-2026-33032, is currently being exploited by attackers. This flaw allows unauthorized users to bypass authentication and gain complete control of Nginx servers, posing a significant risk to organizations using this web server technology. The vulnerability is linked to inadequate protection of the /mcp_message endpoint, which can be exploited without any prior authentication. With a CVSS score of 9.8, it is crucial for users to take immediate action to secure their systems. Organizations should prioritize patching their Nginx installations to mitigate this serious threat.

A serious security flaw has been identified in the nginx-ui MCP, specifically an authentication bypass vulnerability tracked as CVE-2026-33032. This vulnerability has a high severity score of 9.8 on the CVSS scale and is currently being exploited in the wild, making it a pressing concern for users and organizations running affected versions. Attackers could potentially gain unauthorized access to systems using this flaw, which poses significant risks to data integrity and confidentiality. It's crucial for system administrators to take immediate action to protect their environments from these attacks. Timely updates and security patches are essential to mitigate the risks associated with this vulnerability.

A serious vulnerability, identified as CVE-2026-33032, has been discovered in nginx-ui, a management tool for Nginx servers. This flaw allows attackers to bypass authentication, potentially giving them full control of the Nginx service. Dubbed MCPwn by Pluto Security, the vulnerability has a CVSS score of 9.8, indicating its critical nature. Users of nginx-ui are at risk, as the flaw is currently being actively exploited in the wild. It's crucial for affected organizations to take immediate action to secure their systems and prevent unauthorized access.

Hackers are targeting NGINX servers in a campaign that reroutes user traffic through their own infrastructure. This attack compromises the servers, allowing the perpetrators to intercept and manipulate the data being transmitted. Affected users may experience altered content or be redirected to malicious sites without their knowledge. The incident raises concerns about the security of NGINX, a widely used web server software, and the potential for significant data breaches. Organizations using NGINX should take immediate precautions to safeguard their systems and ensure that their configurations are secure to prevent such hijacking.