CSO Online

Critical nginx UI tool vulnerability opens web servers to full compromise

The vulnerability, with a CVSS score of 9.8, relates to the software’s support for Model Context Protocol (MCP) servers, ...
Homeland Security Today

Threat Actors Exploited Progress Telerik Vulnerability in U.S. Government IIS Server

The CISA, Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint Cybersecurity Advisory (CSA), Threat Actors Exploit Progress Telerik ...
Bleeping Computer

Critical Progress WhatsUp RCE flaw now under active exploitation

Threat actors are actively attempting to exploit a recently fixed Progress WhatsUp Gold remote code execution vulnerability on exposed servers for initial access to corporate networks. The ...
Computerworld

Opinion: Web server security: Is IIS or Apache more secure

Continuing the theme from my previous column on the relative security of Internet Information Services (IIS) vs. Apache, I’ve come across more studies to support my initial conclusion. If you remember ...

Critical Nginx UI auth bypass flaw now actively exploited in the wild

A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full ...
ZDNet

Microsoft warns this hacking group is targeting vulnerable web servers

Microsoft has revealed details of a hacking group it calls Gallium that has malware infrastructure in China and Hong Kong and has been targeting telecommunications companies. From Microsoft's ...
CSOonline

Wave of native IIS malware hits Windows servers

Security researchers warn that multiple groups are compromising Windows web servers and are deploying malware programs that are designed to function as extensions for Internet Information Services ...