The hidden risk of using Google or Apple to log in everywhere

Single sign-on is often safer, but it ties many apps to one “master” account. Here's how to secure it well and revoke old app ...

Crane NXT (CXT) Is Up 5.7% After Strait Reopening Lifts Enterprise IT Spending Expectations

In April 2026, Crane NXT gained attention as easing geopolitical tensions following the reopening of the Strait of Hormuz improved expectations for global enterprise IT spending and long-term digital ...
DataBreachToday

Breach Roundup: Mr. Raccoon Wants Your Password

This week, a "Raccoon"-linked actor hit help desks, Eurail exposed 308K users, Fortinet patched critical flaws, Pushpaganda ...

Age verification is coming for the internet — and it’s already raising red flags

Legislative efforts to age-gate parts of the internet are gaining traction. Some experts warn of compliance complications and ...
Dark Reading

Critical MCP Integration Flaw Puts NGINX at Risk

Attackers can abuse the near-maximum severity flaw in nginx-ui to restart, create, modify, and delete NGINX configuration ...
CSO Online

Critical nginx UI tool vulnerability opens web servers to full compromise

The vulnerability, with a CVSS score of 9.8, relates to the software’s support for Model Context Protocol (MCP) servers, ...
The Hacker News

Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

CVE-2026-33032 exposes nginx-ui to unauthenticated takeover via MCP endpoint, impacting 2,600+ instances with active ...
Infosecurity Magazine

Critical Nginx-ui MCP Flaw Actively Exploited in the Wild

A critical authentication bypass in nginx-ui, a widely used open-source web interface for managing nginx servers, has been ...
SecurityWeek

Fortinet Patches Critical FortiSandbox Vulnerabilities

Fortinet patched 27 vulnerabilities, including two critical FortiSandbox flaws leading to authentication bypass and code ...
The Hacker News

Session Cookie Theft: You Showed Your ID at the Door. But Someone Else Has Your Room Key

Stolen session cookies bypass MFA because tokens remain valid for hours or days, enabling silent account takeovers without triggering security alerts.
SecurityWeek

Critical Marimo Flaw Exploited Hours After Public Disclosure

A threat actor started exploiting CVE-2026-39987, an unauthenticated RCE vulnerability in Marimo, nine hours after public ...