Topic: security vulnerabilities
-
Anthropic's Official Git MCP Server Exposes Prompt Injection Bugs
Critical vulnerabilities were discovered in Anthropic's official Git server for its Model Context Protocol (MCP), exploitable via prompt injection attacks to manipulate AI assistants into unauthorized actions. The flaws, present in default installations, allow attackers to execute code, delete fi...
Read More » -
Microsoft Patches 56 Flaws, Including Two Zero-Days Under Active Attack
Microsoft's final 2025 security update patches 56 vulnerabilities, including three critical flaws, with two already being actively exploited. The most urgent fix is for CVE-2025-62221, a privilege escalation flaw in Windows that is under active attack and requires prompt patching. Other significa...
Read More » -
Freedom Chat App Exposed Users' Phone Numbers and PINs
Freedom Chat, a privacy-focused messaging app, fixed two major vulnerabilities that allowed attackers to identify registered users' phone numbers and exposed their app-lock PINs to other users in public channels. Security researcher Eric Daigle discovered the flaws, which included weak server pro...
Read More » -
Fortinet warns of critical FortiCloud SSO auth bypass flaw
Fortinet has patched two critical authentication bypass vulnerabilities (CVE-2025-59718 & CVE-2025-59719) in several products, which could allow attackers to gain unauthorized access via a crafted SAML message. The affected FortiCloud SSO feature is not enabled by default on new devices, but it i...
Read More » -
Brave Exposes Critical AI Browser Security Flaws
Brave uncovered critical security flaws in AI browsers like Perplexity Comet and Fellou, where malicious websites can hijack AI assistants to access sensitive user accounts and data through indirect prompt injection attacks. These vulnerabilities allow attackers to embed hidden commands in webpag...
Read More » -
Docker Hardened Images: Now Affordable for Small Businesses
Docker now offers unlimited access to its Hardened Images catalog through an affordable subscription, making secure, vulnerability-checked container images accessible to startups and small businesses with a 30-day free trial. These images are built from source code, stripped of non-essential comp...
Read More » -
Ox Security Raises $60M to Boost Code Vulnerability Scanning
Ox Security, a platform for detecting vulnerabilities in AI-generated and traditional code, raised $60 million in Series B funding, led by DTCP with support from IBM Ventures and Microsoft, totaling $94 million in funding. Founded by ex-Check Point engineers, Ox Security scans code for threats, s...
Read More » -
Code Formatting Sites Leak User Secrets and Credentials
Popular online code formatting platforms like JSONFormatter and CodeBeautify are leaking sensitive user data, including passwords and API keys, through publicly accessible links due to predictable URL patterns. Security researchers found over 80,000 exposed entries containing critical information...
Read More » -
Critical Flaws Exposed in Smart Air Compressor
Smart air compressors like the CAT-10020SMHAD with MDR2i controllers offer digital convenience but introduce cybersecurity risks, including vulnerabilities that could disrupt operations or manipulate data. Security flaws identified include hardcoded Wi-Fi passwords, unencrypted HTTP communication...
Read More » -
Claude for Chrome Enters Beta, Prompt Injection Risks Loom
Anthropic has launched a beta Chrome extension for its Claude AI assistant, allowing it to perform web-based tasks like scheduling and form completion, with initial access limited to 1,000 premium users to address security risks. The extension faces significant security vulnerabilities, such as p...
Read More » -
Viral AI Assistant Sparks Data Security Concerns
The Moltbot AI assistant's deep system integration and popularity pose severe security risks, as its power can lead to leaks of sensitive corporate and personal data if deployments are not properly secured. Insecure enterprise deployments are common, often due to misconfigured proxies that expose...
Read More » -
Microsoft Copilot Hijacked in Reprompt Attack for Data Theft
The "Reprompt" attack is a cybersecurity threat that allows attackers to hijack a user's Microsoft Copilot session via a malicious link, exploiting a vulnerability where Copilot automatically executes prompts from a URL parameter. The attack uses three techniques—Parameter-to-Prompt injection, a ...
Read More » -
Android's December 2025 Security Patch: A Major Update
Google's December 2025 Android Security Bulletin details numerous critical vulnerabilities, including a severe flaw in the Android Framework that could enable remote denial-of-service attacks without special privileges. The update addresses high-severity system and kernel-level vulnerabilities th...
Read More » -
AI-Generated Code: The Hidden Cost of Human Cleanup
AI-generated code now accounts for about a quarter of production code but introduces new vulnerabilities, with many organizations experiencing security incidents due to flaws in this automated output. Accountability for security breaches involving AI-generated code is unclear, as responsibility i...
Read More » -
Your Car's Browser Is a Cyber Risk
Integrated browsers in devices like cars and smart TVs are often unpatched for years, creating significant security vulnerabilities and enabling phishing attacks. A study using crowdsourced testing found many newly released devices contain browsers several years out of date, with manufacturers fr...
Read More » -
Ditch Your Router's USB Port: What Tech Pros Use Instead
Security experts strongly advise against using a router's USB port due to outdated, insecure protocols like FTP and SMBv1, which can expose your network to data breaches and unauthorized access. Using a router's USB port for file sharing often degrades network performance, causing slower internet...
Read More » -
Apple Boosts Bug Bounty to $2 Million for Critical Exploits
Apple is increasing its bug bounty rewards to up to $2 million for critical exploit chains, aiming to secure its ecosystem of over 2.35 billion active devices and incentivize researchers to report severe vulnerabilities directly. The program includes bonuses for bypassing Lockdown Mode or finding...
Read More » -
Urgent: Hackers Exploit Unpatched Oracle EBS Vulnerabilities
Oracle has confirmed active exploitation of unpatched vulnerabilities in its E-Business Suite, with hackers sending extortion emails claiming to have stolen sensitive corporate data. The vulnerabilities were resolved in the July 2025 Critical Patch Update, which addressed nine EBS flaws, includin...
Read More » -
Apple Rolls Out iOS 18.6 & macOS 15.6 Updates as Current Gen Nears End
Apple has released updates (iOS 18.6, iPadOS 18.6, macOS Sequoia 15.6, etc.) focusing on security patches and minor improvements, while preparing for major fall releases. The updates address over two dozen vulnerabilities and introduce compliance measures for EU users, such as support for alterna...
Read More » -
McDonald’s AI Hiring Bot Leaked Millions of Applicants’ Data Due to Weak Security
McDonald’s AI hiring chatbot, Olivia, exposed millions of job applicants' personal data due to weak security, including a default password like "123456" granting full database access. Security researchers Ian Carroll and Sam Curry easily breached the system, uncovering sensitive applicant details...
Read More » -
SMS Sign-In Links Put Millions at Risk
SMS-based authentication links are creating major security vulnerabilities, exposing users to fraud and identity theft across numerous online services due to easily guessable or enumerable tokens in the URLs. Attackers can exploit these weak tokens to access other users' accounts, view sensitive ...
Read More » -
Microsoft's First Free Windows Update for 2026 Confirmed
Microsoft has released a critical 2026 security update for Windows 10, patching over 100 vulnerabilities, as the operating system's official support ends in October 2026. Despite the approaching end-of-life, Windows 10's market share remains high, creating a security challenge as many users have ...
Read More » -
Boost SaaS Security with NIST CSF & Agentic AI
The rapid adoption of SaaS and AI often outpaces security, creating risks; the NIST Cybersecurity Framework provides a structured blueprint to balance innovation with robust protection. Effective security requires strong governance and collaboration between InfoSec and SaaS teams, alongside criti...
Read More » -
HashJack Attack Hijacks AI Browsers and Assistants
Security researchers have discovered a method called HashJack that embeds malicious commands in URL fragments to manipulate AI browsing tools into executing harmful actions like inserting dangerous links or sharing user data. The attack's success varies by platform, affecting Perplexity Comet, Mi...
Read More » -
Tata Motors Patches Security Flaws That Exposed Customer Data
A security researcher discovered and reported critical vulnerabilities in Tata Motors' E-Dukaan portal, including exposed AWS private keys that could access sensitive customer and corporate data. The breach risked exposing extensive information such as customer invoices with personal details, MyS...
Read More » -
F5 Networks Breached: Hackers Stole Code and Customer Data
State-sponsored hackers breached F5 Networks' systems, stealing proprietary source code and sensitive customer data, with the company detecting the intrusion on August 9 and implementing containment measures. The attackers accessed F5's BIG-IP development environment and knowledge systems, exposi...
Read More » -
SystemBC Malware Hijacks VPS Servers as Proxy Gateways
The SystemBC proxy botnet targets vulnerable commercial virtual private servers, maintaining around 1,500 daily compromised systems to route malicious traffic and mask cybercriminal activities. It is widely used by ransomware groups and other threat actors, leveraging unpatched security flaws in ...
Read More » -
Windows 10 Gets Final Major Update as Windows 11 Takes the Spotlight
The final major update for Windows 10 has been released, as Microsoft shifts focus to Windows 11, with official support ending next month and users needing to upgrade or enroll in extended security services. The September update includes crucial security patches addressing 81 vulnerabilities, inc...
Read More » -
Ex-WhatsApp Security Chief Sues Meta, Calls Culture a "Cult"
Meta's advertisements claim WhatsApp ensures complete user privacy, but a lawsuit by its former security head alleges the company concealed significant security vulnerabilities. The suit contends that around 1,500 WhatsApp engineers had unrestricted access to user data, potentially violating an F...
Read More » -
Find Security Flaws in Python Code with Bandit
Bandit is an open-source tool that scans Python source code to identify security vulnerabilities, such as unsafe use of `eval` or hard-coded passwords, by comparing code against a set of security rules. Each finding is assigned a severity and confidence rating to help prioritize fixes, and the to...
Read More » -
Rising Google Ads MCC Takeover Scams: How Phishing Attacks Work
A surge in sophisticated phishing attacks is compromising Google Ads Manager accounts, allowing fraudsters to drain advertising budgets of tens of thousands of dollars within hours, even bypassing two-factor authentication. Attackers use deceptive emails that mimic legitimate Google invitations, ...
Read More » -
Vibe Coding: The Dark Side of the New Open Source
Vibe coding uses AI to rapidly generate functional code, accelerating development but introducing significant security challenges to software supply chains. AI-generated code often reproduces historical vulnerabilities from flawed training data and lacks nuanced understanding of project-specific ...
Read More » -
AI Agents Targeted by Stealthy Web Poisoning Attacks
A new cyber threat called parallel web poisoning targets AI agents by serving them hidden malicious webpages that exploit their predictable digital fingerprints. This attack is stealthy because it bypasses traditional defenses by remaining invisible to human users and standard security scanners, ...
Read More » -
Google's December Update Fixes 33 Bugs, Boosts Pixel Security
Google has released a December security patch for Pixel 6 and later models, addressing 33 bugs and patching critical vulnerabilities to enhance device stability and security. The update fixes specific user-reported issues, including a battery icon glitch, ensures the 80% charge limit works correc...
Read More » -
The Hidden Dangers of Vibe Coding That Could Ruin Your Business
Vibe coding enables developers to program using plain English instructions, making application building faster and more accessible but often at the cost of code quality, security, and maintainability. Experts warn that over-reliance on AI-generated code can lead to inconsistent quality, rapid acc...
Read More » -
AI Agents Outpacing Safety, Deloitte Warns
A Deloitte report reveals a critical gap between rapid AI agent adoption in business and the implementation of safety governance, with only 21% of surveyed companies having strong oversight despite widespread use. The autonomous nature of AI agents, which can perform complex tasks like signing do...
Read More » -
Runlayer Secures $11M from Khosla, Felicis to Launch MCP AI Security
Runlayer has launched with $11 million in seed funding to secure the Model Context Protocol (MCP), which is widely adopted by major tech companies and has already attracted clients like Gusto and Instacart. The MCP, an open-source standard for AI agents to interact with external systems, lacks bu...
Read More » -
Get Windows 10 Update Now Available in Microsoft Store
Microsoft now offers a paid Windows 10 Extended Security Updates (ESU) option for $30, providing one year of critical security patches without requiring a persistent Microsoft Account login. This paid ESU addresses user frustration with mandatory cloud accounts, offering a compromise for security...
Read More » -
XWorm Malware Returns with Ransomware & 35+ Plugins
XWorm malware has evolved with ransomware capabilities and over 35 plugins, distributed by multiple threat actors through phishing campaigns after the original developer's departure. Initially a versatile remote access trojan, it steals sensitive data, enables DDoS attacks, and has been widely ad...
Read More » -
Condé Nast Data Breach Exposed, Ars Remains Secure
A hacker leaked over 2.3 million user records from WIRED, exposing personal details like names and email addresses, and plans to release 40 million more records from other Condé Nast publications. The hacker's claimed motive of improving security is disputed, with cybersecurity reports suggesting...
Read More » -
Inside DragonForce Ransomware and Scattered Spider
The DragonForce ransomware operation has evolved into a "cartel" model, offering affiliates high profit shares to scale its impact, and has formed a high-profile partnership with the social engineering group Scattered Spider. This alliance merges Scattered Spider's sophisticated initial access te...
Read More » -
Intel, AMD Secure Enclaves Breached by Physical Attacks
Hardware-level security features like Intel's SGX and AMD's SEV-SNP create isolated, encrypted environments in processors to protect sensitive data, widely used by platforms such as Signal and WhatsApp. Recent academic studies have exposed vulnerabilities in these technologies, with attacks like ...
Read More » -
UK Renews Push Against Apple Encryption
The UK government has renewed demands for Apple to provide special access to encrypted iCloud user data, specifically targeting British citizens' backups, reversing earlier indications that the effort was dropped. Despite previous reports that the UK had dropped the mandate due to US pressure and...
Read More » -
AI and Rust: The New Era of OS Programming
The development of major operating systems like Windows and Linux is being fundamentally reshaped by the adoption of **Rust for memory safety** and **AI for developer efficiency**, though the transition from legacy C/C++ codebases will be gradual and incremental. While both ecosystems embrace the...
Read More » -
GlobalProtect VPN Portals Hit by 2.3 Million Cyber Scans
A fortyfold surge in malicious scanning targeting Palo Alto Networks GlobalProtect VPN portals began on November 14, 2025, marking the highest volume observed in the past 90 days, with 2.3 million sessions detected over five days. These coordinated scans focus on the login endpoint and are linked...
Read More » -
Shadow DAMs: The New System of Record
The rise of shadow DAMs—informal systems for managing digital assets outside official governance—offers immediate collaboration benefits but introduces risks like inefficiency and compliance issues. Shadow DAMs proliferate due to their speed, cost-effectiveness, and seamless integration into exis...
Read More » -
Riot's New Anti-Cheat May Strain Older PCs
Advanced kernel-level anti-cheat software for online games now often requires modern Windows security features, leading Riot Games to mandate a BIOS update for some users to address vulnerabilities. The required update fixes critical UEFI firmware bugs that could disable memory protection during ...
Read More » -
India Mandates Government Security App on All Smartphones
The Indian government mandates pre-installation of the "Sanchar Saathi" security app on all smartphones to combat theft and fraud, but critics warn it could enable state surveillance. Apple refuses to comply, citing global policy and security concerns, arguing the mandate risks user privacy and c...
Read More » -
Amazon's Starlink Rival Debuts With Fastest Satellite Antenna
Amazon has launched the Leo Ultra antenna for business and government customers, entering the satellite internet market as a competitor to services like Starlink, with a commercial release expected next year. The Leo Ultra is claimed to be the fastest customer terminal, offering download speeds u...
Read More » -
Microsoft Azure Hit by Record 15 Tbps DDoS Attack
Microsoft's Azure cloud platform successfully defended against a record-breaking 15.72 Tbps DDoS attack from the Aisuru botnet, which utilized over 500,000 IP addresses and targeted a single Australian IP with up to 3.64 billion packets per second. The Aisuru botnet, known for compromising IoT de...
Read More »