Critical MCP Vulnerability in Nginx-UI Now Actively Exploited in the Wild
The open‑source nginx‑UI, a web interface for managing Nginx configurations, has been found to lack authentication middleware, creating a critical Missing Control Plane (MCP) vulnerability. With over 11,000 GitHub stars and more than 430,000 Docker pulls, the tool is widely deployed in development and production environments. Security researchers have confirmed that threat actors are actively exploiting the flaw in the wild, allowing unauthenticated remote command execution. The issue has prompted immediate advisories from the project maintainers.
Overstretched NIST to Limit CVE Enrichments
The U.S. National Institute of Standards and Technology (NIST) announced it will stop enriching every CVE entry in its National Vulnerability Database due to a surge in submissions. CVE submissions rose 263 % between 2020 and 2025, overwhelming NIST’s resources. Going...
Shoe Retailer Allbirds Pivots to AI with $50m to Buy up GPUs
Allbirds, the sustainable shoe retailer, announced a $50 million investment to acquire approximately 1,660 NVIDIA H200 GPUs. The hardware spend marks a strategic pivot toward building in‑house artificial‑intelligence capabilities. By securing high‑performance GPUs, Allbirds aims to accelerate product design, demand forecasting,...
We Need to “Right-Size” AI Ambitions in UK, Microsoft VP Tells MPs
Microsoft’s UK vice‑president Hugh Milward testified before Parliament, warning that the country’s AI roadmap lacks clear direction and that the national power grid cannot support a 1‑gigawatt data centre today. He highlighted that without a reliable energy supply, ambitious AI...
Citi's Mandated Transformation Nears Its End, Bring on the AI Spending
Citigroup is scaling back its broad technology transformation program and trimming staff after reporting that 90% of its projects have hit or are close to their targets. The bank will redirect those resources toward a methodical, large‑scale rollout of artificial...
Patch Tuesday's a Monster: Thank AI?
Microsoft’s April Patch Tuesday delivered 247 patches covering 164 vulnerabilities, including eight critical flaws and two actively exploited zero‑days in SharePoint and Chromium. Security researcher Joe Desimone reported that all five of his local‑privilege‑escalation bugs were discovered using AI, highlighting...
Court Transcripts and Public Inquiry Responses: How the UK Gov Is Outsourcing Work to AI
The UK government is increasingly turning to artificial intelligence, notably Google’s Gemini model, to automate the drafting of court transcript summaries and responses to public inquiries. The Department for Transport has piloted Gemini for processing public consultation feedback, aiming to...
GitHub Finally Introduces Stacked Pull Requests, Devs Have Thoughts
GitHub has launched a private beta for stacked pull requests through its GitHub CLI, delivering a long‑awaited capability for developers. The feature enables a series of dependent changes to be submitted as a chain of pull requests, each building on...
Goldman Sachs Is "Accelerating" Cloud Investment for Better AI, CFO Says
Goldman Sachs announced an accelerated push to migrate its systems to the cloud, aiming to improve data quality and unlock AI‑driven productivity. CFO Denis Coleman said early results from the One Goldman Sachs 3.0 overhaul confirmed the need for stronger...
Axios Has a CVSS 10 Bug, Risks "Full Cloud Compromise"
The Axios HTTP client, downloaded over three billion times and embedded in roughly 80% of cloud and code environments, has been assigned a CVSS 10 rating under CVE‑2026‑40175. A proof‑of‑concept exploit shows the flaw can be escalated to remote code execution...
UK Police Spend £25m on Legacy Comms Network Waiting for New Emergency Network Service
UK police have allocated roughly $32 million to keep a legacy communications network running for six months, after a four‑year, $64 million contract for a new Emergency Network Service fell behind schedule. The original plan envisioned a seamless transition, but the new...
STACKUP: The Stack's Weekly Tech Startups and Funding Wrap
The Stack’s weekly roundup highlights a surge of AI‑centric funding across Europe and Asia‑Pacific, with the largest raises coming from those regions. Notable deals include a $100 million‑plus round for a data‑centre startup, a similar-sized investment in RISC‑V chip designer SiFive,...
Command Line: Mythos Burnout and the Boardroom
Anthropic’s Mythos large‑language model is prompting boardroom alarm as AI‑accelerated vulnerability discovery threatens to flood enterprises with exploitable findings. A new “Getting Mythos Ready” paper, authored by top CISOs, urges layered defenses—segmentation, canaries, honey tokens, and automated response playbooks—to contain...
Why IBM and Arm Are Partnering up on AI for Mainframes
IBM and Arm announced a strategic collaboration to develop dual‑architecture hardware that lets Arm‑based AI software run on IBM’s mainframe systems. The initial focus is on virtualization solutions that enable AI workloads to execute directly on on‑prem mainframes, bridging legacy...
Adobe Confirms Exploitation: Malware Uses Undocumented API
Adobe has confirmed active exploitation of the critical CVE‑2026‑34621 vulnerability in Acrobat and Reader on Windows and macOS. The flaw grants attackers arbitrary code execution when a user opens a crafted PDF. Exploit code abuses an undocumented API, SilentDocCenterLogin(), and...
