CVE-2026-33032: Unauthenticated nginx-ui MCP takeover
English, Dutchnginx-ui <= 2.3.5 exposes an unauthenticated MCP endpoint that can invoke privileged tools and take over Nginx service management.
cve-2026-33032auth-bypassinitial-access
Websec / Blog Securing Today. Tomorrow could be too late.
Join us as we explore the ever-evolving world of cyber threats and arm yourself with knowledge to defend against potential breaches.
Get ConsultationCVE-2026-29014, MetInfo CMS unauthenticated PHP code injection
English, DutchMetInfo CMS 7.9.0 through 8.1.0 is affected by an unauthenticated PHP code injection flaw that can lead to remote code execution via the WeChat module.
cve-2026-29014rceinitial-access
Ophion: Building a Stealth Intel VT-x Hypervisor for Windows
English, DutchOphion is a stealth Intel VT-x hypervisor that virtualizes Windows while passing AC, AV, and VM-detection checks. This article covers how it works and how it evades detection.
Security EvasionHypervisorExploitation
Hack ZTE router's admin panel
EnglishLet's say that you are connected to a public Wi-Fi. How difficult is it to crack the password to the admin panel of the router?
Posted 12 April, 24
Mobile Pentesting Series - part 1: bypass SSL pinning in Android
EnglishThe purpose of this article is to demonstrate how to circumvent SSL pinning on Android.
Posted 27 October, 23
STUN Protocol IP Exposure Tool by WebSec
EnglishThe STUN Interception Tool is a powerful tool designed to leverage the principles of STUN. Learn more about its features and how to use it effectively.
Posted 11 September, 23
YARA rules Part 2: Using modules
EnglishLet's continue our acquaintance with YARA rules
Posted 22 June, 23
Need Security?
Are you really sure your organization is secure?
At WebSec we help you answer this question by performing advanced security assessments.
Want to know more? Schedule a call with one of our experts.