The nginx project has released nginx 1.29.5, a mainline update that includes a security fix for an SSL upstream injection vulnerability, tracked as CVE-2026-1642. The patched vulnerability affects certain configurations where nginx proxies traffic to upstream servers over TLS. Under specific conditions, an attacker positioned between nginx and its upstream server could potentially inject plaintext

Continue Reading

Malwarebytes has released a new ChatGPT app that allows users to check suspected scams directly within the chatbot interface. The integration makes Malwarebytes the first cybersecurity company to provide scam analysis and threat intelligence through ChatGPT’s app platform. The feature allows users to submit potentially suspicious content for review during an active conversation, without switching

Continue Reading

A high-severity security vulnerability has been disclosed in clawdbot, an npm package used by the Moltbot AI automation platform, according to a recent GitHub Security Advisory. The issue allows attackers to achieve remote code execution (RCE) with a single click by exploiting how the platform’s control interface handles authentication tokens. Moltbot is a locally run

Continue Reading

Security researchers at Sucuri have identified a WordPress malware technique that allows attackers to inject spam content into search engine results while leaving the website’s visible pages unchanged. The activity was uncovered during a site cleanup after a customer reported seeing gambling-related content appearing in Google search results. According to Sucuri, attackers targeted trusted pages

Continue Reading

Microsoft in a recent blog post has announced that it will disable the legacy NTLM authentication protocol by default in upcoming Windows Server and Windows client releases, citing long-standing security weaknesses. NTLM (New Technology LAN Manager) is an authentication protocol that was introduced in 1993 with Windows NT and was the default for domain-joined systems

Continue Reading

As AI tools become easier to run outside of major cloud platforms, a new and largely unseen layer of AI infrastructure is quietly taking shape online. Joint research by SentinelLabs and Censys has revealed that over 170,000 AI systems are now publicly reachable on the open internet and operating without the safeguards, monitoring, or oversight

Continue Reading

Match Group, the parent company behind Tinder, Hinge, OkCupid, Match.com, and Meetic, has reported a cybersecurity incident that resulted in unauthorized access to user data across several of its platforms. According to Bleepingcomputer, Match Group confirmed the attack traces back to a social engineering effort where attackers compromised an Okta single sign-on account through a

Continue Reading

SmarterTools has released SmarterMail Build 9526, the latest version of their enterprise email server platform. SmarterMail is widely used by businesses and service providers worldwide for secure, reliable email, calendaring, and collaboration services. This update focuses on improving security, fixing critical bugs, and enhancing overall system reliability. The release addresses several serious security vulnerabilities that

Continue Reading