#localhost-exploitation
#localhost-exploitation

14 hours ago

Software development

Claude Opus wrote a Chrome exploit for $2,283

fromWIRED

Silicon Valley

The Dumbest Hack of the Year Exposed a Very Real Problem

Information security

Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch

fromYahoo Tech

Privacy technologies

Hackers Are Using Your Home Router to Spy on Microsoft 365 Users

In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested

Senate legislation aims to enhance satellite cybersecurity amid rising threats and vulnerabilities in commercial satellite signals.

ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories

Hackers exploit vulnerabilities, including a fake app draining $9.5M, while new exploits like RedSun target Microsoft Defender.

Software development

14 hours ago

Claude Opus wrote a Chrome exploit for $2,283

Anthropic withheld its Mythos model due to security concerns, while Opus 4.6 was used to create a functional exploit for Chrome's V8 engine.

Silicon Valley

fromWIRED

The Dumbest Hack of the Year Exposed a Very Real Problem

A cyberattack in Silicon Valley exploited weak passwords to spoof crosswalk button recordings with voices of tech CEOs, raising security concerns.

Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch

Hackers exploited Windows vulnerabilities published by a researcher, affecting Windows Defender and allowing high-level access.

Privacy technologies

fromYahoo Tech

Hackers Are Using Your Home Router to Spy on Microsoft 365 Users

Russian spies exploited consumer routers to steal Microsoft 365 credentials from thousands of users, turning home devices into espionage tools.

In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested

Senate legislation aims to enhance satellite cybersecurity amid rising threats and vulnerabilities in commercial satellite signals.

ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories

Hackers exploit vulnerabilities, including a fake app draining $9.5M, while new exploits like RedSun target Microsoft Defender.

OWASP Top 10 (2025 List) for Python Devs

The OWASP Top 10 has been updated with significant changes including supply chain attacks and exceptional condition handling.

#microsoft

fromThe Verge

Privacy technologies

Microsoft faces fresh Windows Recall security concerns

Information security

Microsoft closes book on rogue Windows Server 2025 upgrades

Information security

Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest

Information security

Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft's Patch Tuesday updates address 165 vulnerabilities, including a critical SharePoint zero-day exploit tracked as CVE-2026-32201.

April Patch Tuesday brings zero-days in Defender, SharePoint Server | Computer Weekly

Microsoft's April Patch Tuesday update addresses over 160 issues, including two critical zero-day vulnerabilities, marking one of the largest updates in history.

Privacy technologies

fromThe Verge

Microsoft faces fresh Windows Recall security concerns

A new tool, TotalRecall Reloaded, extracts data from Microsoft's redesigned Recall feature, raising ongoing security and privacy concerns.

Microsoft closes book on rogue Windows Server 2025 upgrades

Microsoft has resolved the Windows Server 2025 upgrade issue, but new problems have emerged with the cumulative update KB5082063.

Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest

Microsoft's Zero Day Quest 2026 awarded $2.3 million for discovering 80 high-impact vulnerabilities in cloud and AI services.

Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days

Microsoft released a significant security update addressing 165 vulnerabilities, including two critical zero-days, marking one of the largest updates in its history.

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft's Patch Tuesday updates address 165 vulnerabilities, including a critical SharePoint zero-day exploit tracked as CVE-2026-32201.

April Patch Tuesday brings zero-days in Defender, SharePoint Server | Computer Weekly

Microsoft's April Patch Tuesday update addresses over 160 issues, including two critical zero-day vulnerabilities, marking one of the largest updates in history.

more#microsoft

Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads

Mirax integrates advanced Remote Access Trojan (RAT) capabilities, allowing threat actors to fully interact with compromised devices in real time, enhancing its operational value significantly.

Roam Research

DevOps

fromMedium

5 days ago

Set it up once, test it properly, and let the system handle the rest.

Automating SSL certificate renewal prevents production outages and reduces stress during incidents.

Node JS

fromNist

5 days ago

NVD

Axios library versions prior to 1.15.0 are vulnerable to Prototype Pollution, leading to Remote Code Execution and Full Cloud Compromise.

Software development

20-year-old Enlightenment E16 bug finally gets patched

Kamila Szewczyk fixed a 20-year-old bug in the Enlightenment E16 Linux window manager, emphasizing the value of maintaining older software.

Recent Apache ActiveMQ Vulnerability Exploited in the Wild

A vulnerability in Apache ActiveMQ Classic, CVE-2026-34197, is being actively exploited, requiring immediate patching by organizations.

16 hours ago

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

A high-severity security flaw in Apache ActiveMQ Classic, CVE-2026-34197, is actively exploited, requiring urgent fixes by April 30, 2026.

CISA tells feds to patch 13-year-old Apache ActiveMQ bug

CISA warns of a critical Apache ActiveMQ vulnerability requiring federal agencies to patch within two weeks to prevent exploitation.

12 hours ago

Recent Apache ActiveMQ Vulnerability Exploited in the Wild

A vulnerability in Apache ActiveMQ Classic, CVE-2026-34197, is being actively exploited, requiring immediate patching by organizations.

16 hours ago

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

A high-severity security flaw in Apache ActiveMQ Classic, CVE-2026-34197, is actively exploited, requiring urgent fixes by April 30, 2026.

CISA tells feds to patch 13-year-old Apache ActiveMQ bug

CISA warns of a critical Apache ActiveMQ vulnerability requiring federal agencies to patch within two weeks to prevent exploitation.

'Like handing out the blueprint to a bank vault': Why AI led one company to abandon open source

Cal is shifting from open source to proprietary licensing due to security risks posed by modern AI tools.

fromYcombinator

Show HN: OpenParallax: OS-level privilege separation for AI agent execution | Hacker News

An open-source AI agent was developed with a secure, sandboxed architecture to prevent data exfiltration and unauthorized actions.

Software development

fromZDNET

'Like handing out the blueprint to a bank vault': Why AI led one company to abandon open source

Cal is shifting from open source to proprietary licensing due to security risks posed by modern AI tools.

fromYcombinator

Show HN: OpenParallax: OS-level privilege separation for AI agent execution | Hacker News

An open-source AI agent was developed with a secure, sandboxed architecture to prevent data exfiltration and unauthorized actions.

Cursor AI Vulnerability Exposed Developer Devices

A vulnerability in Cursor AI allows attackers to hijack developer machines via malicious repositories without user interaction.

Exploited Vulnerability Exposes Nginx Servers to Hacking

A critical vulnerability in Nginx UI allows attackers to take full control of servers, affecting numerous deployments worldwide.

Critical nginx-ui Vulnerability CVE-2026-33032 Allows Unauthenticated Nginx Takeover

A critical authentication bypass vulnerability in nginx-ui allows attackers to take control of the Nginx service without authentication.

Exploited Vulnerability Exposes Nginx Servers to Hacking

A critical vulnerability in Nginx UI allows attackers to take full control of servers, affecting numerous deployments worldwide.

Critical nginx-ui Vulnerability CVE-2026-33032 Allows Unauthenticated Nginx Takeover

A critical authentication bypass vulnerability in nginx-ui allows attackers to take control of the Nginx service without authentication.

more#nginx-ui

#north-korea

3 hours ago

Information security

North Korean social engineering campaign targets macOS users | Computer Weekly

A North Korean campaign targeting macOS users tricked victims into executing malicious files, leading to credential and data theft.

North Korea targets macOS users in latest heist

North Korean criminals use social engineering and fake software updates to steal Apple users' credentials and cryptocurrency.

3 hours ago

North Korean social engineering campaign targets macOS users | Computer Weekly

A North Korean campaign targeting macOS users tricked victims into executing malicious files, leading to credential and data theft.

North Korea targets macOS users in latest heist

North Korean criminals use social engineering and fake software updates to steal Apple users' credentials and cryptocurrency.

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

Information security

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

Information security

Fake Linux Foundation leader using Slack to phish devs

Information security

Fake Claude Website Distributes PlugX RAT

A fake Anthropic Claude website distributed a remote access trojan disguised as a legitimate application download.

Information security

New RoadK1ll WebSocket implant used to pivot on breached networks

RoadK1ll is a Node.js implant that enables attackers to pivot from a compromised host to other internal systems undetected.

7 hours ago

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

A sophisticated threat disguised as adware compromised over 25,000 endpoints, allowing silent control through an unregistered domain.

Fake Linux Foundation leader using Slack to phish devs

A malware campaign targets open source developers via Slack, impersonating a Linux Foundation official to steal credentials and compromise systems.

Fake Claude Website Distributes PlugX RAT

A fake Anthropic Claude website distributed a remote access trojan disguised as a legitimate application download.

New RoadK1ll WebSocket implant used to pivot on breached networks

RoadK1ll is a Node.js implant that enables attackers to pivot from a compromised host to other internal systems undetected.

Information security

Critical Fortinet sandbox bugs allow auth bypass and RCE

Information security

Fortinet Patches Critical FortiSandbox Vulnerabilities

Information security

Attackers exploited the FortiClient EMS bug as a 0-day

Information security

Exploitation of Critical Fortinet FortiClient EMS Flaw Begins

Critical Fortinet sandbox bugs allow auth bypass and RCE

Two critical vulnerabilities in Fortinet's sandbox allow unauthenticated attackers to bypass authentication or execute unauthorized code.

Fortinet Patches Critical FortiSandbox Vulnerabilities

Fortinet released 26 advisories for 27 vulnerabilities, including two critical flaws in FortiSandbox with a CVSS score of 9.1.

Attackers exploited the FortiClient EMS bug as a 0-day

Fortinet released an emergency patch for a critical vulnerability in FortiClient EMS, which is being actively exploited.

Exploitation of Critical Fortinet FortiClient EMS Flaw Begins

Threat actors exploit a critical SQL injection vulnerability in Fortinet FortiClient EMS, allowing remote code execution without authentication.

MCP 'design flaw' puts 200k servers at risk: Researcher

A design flaw in Anthropic's Model Context Protocol puts 200,000 servers at risk, despite repeated requests for a patch from security researchers.

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has released patches for four critical security vulnerabilities in Identity Services and Webex Services that could allow unauthorized access and code execution.

Cisco Patches Critical Vulnerabilities in Webex, ISE

Cisco patched 15 vulnerabilities, including critical flaws in Webex and Identity Services Engine, allowing potential unauthorized access and command execution.

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has released patches for four critical security vulnerabilities in Identity Services and Webex Services that could allow unauthorized access and code execution.

Cisco Patches Critical Vulnerabilities in Webex, ISE

Cisco patched 15 vulnerabilities, including critical flaws in Webex and Identity Services Engine, allowing potential unauthorized access and command execution.

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Threat actors are exploiting three vulnerabilities in Microsoft Defender for elevated privileges, with one flaw already addressed by Microsoft.

Server-room lock was nothing but a crock

A security vulnerability allowed unauthorized access to a server room due to a flaw in the two-factor authentication lock.

Splunk Enterprise Update Patches Code Execution Vulnerability

Splunk has released fixes for high and medium-severity vulnerabilities in its products, including Splunk Enterprise, Cloud Platform, and MCP Server.

#ai-security

Information security

AI agents on GitHub leak API keys via prompt injection

fromInfoQ

Information security

Claude Code Used to Find Remotely Exploitable Linux Kernel Vulnerability Hidden for 23 Years

Information security

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

Information security

Git identity spoof fools Claude into giving bad code the nod

AI agents on GitHub leak API keys via prompt injection

Three popular AI agents on GitHub Actions are vulnerable to Comment and Control attacks, allowing attackers to steal API keys and access tokens.

fromInfoQ

Claude Code Used to Find Remotely Exploitable Linux Kernel Vulnerability Hidden for 23 Years

Claude Code identified multiple security vulnerabilities in the Linux kernel, including a long-standing heap buffer overflow, with minimal oversight required.

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

A prompt injection attack method named 'Comment and Control' targets AI code security tools, allowing attackers to hijack AI agents using crafted GitHub comments.

Git identity spoof fools Claude into giving bad code the nod

AI code reviewers can be deceived into approving malicious code by spoofing trusted developer identities using Git commands.

Cisco Systems issues three advisories for critical vulnerabilities in Webex, ISE

Identity and access management is crucial for cybersecurity, with a focus on IAM hygiene necessary to mitigate risks from vulnerabilities.

Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites

Malicious WordPress plugins with backdoors compromised thousands of websites, demonstrating a supply-chain attack and leading to their permanent removal.

fromTNW | Apps

30+ WordPress plugins bought on Flippa and backdoored in supply chain attack

A significant WordPress plugin compromise involved a backdoor planted in over 30 plugins, exposing a critical vulnerability in plugin ownership transfer and update mechanisms.

Someone planted backdoors in dozens of WordPress plugins used in thousands of websites | TechCrunch

Dozens of WordPress plugins were compromised by a backdoor, distributing malicious code after a change in ownership of the plugin maker.

Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover

A critical vulnerability in Ninja Forms allows file uploads that could lead to remote code execution on affected websites.

Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites

Malicious WordPress plugins with backdoors compromised thousands of websites, demonstrating a supply-chain attack and leading to their permanent removal.

fromTNW | Apps

30+ WordPress plugins bought on Flippa and backdoored in supply chain attack

A significant WordPress plugin compromise involved a backdoor planted in over 30 plugins, exposing a critical vulnerability in plugin ownership transfer and update mechanisms.

Someone planted backdoors in dozens of WordPress plugins used in thousands of websites | TechCrunch

Dozens of WordPress plugins were compromised by a backdoor, distributing malicious code after a change in ownership of the plugin maker.

Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover

A critical vulnerability in Ninja Forms allows file uploads that could lead to remote code execution on affected websites.

NIST updates NVD: not every CVE will be scrutinized

NIST is updating its vulnerability assessment methodology due to an overwhelming increase in CVEs, prioritizing critical vulnerabilities for analysis.

NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software

NIST updates its National Vulnerability Database operations to prioritize enriching critical CVEs due to a surge in submissions.

NIST updates NVD: not every CVE will be scrutinized

NIST is updating its vulnerability assessment methodology due to an overwhelming increase in CVEs, prioritizing critical vulnerabilities for analysis.

NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software

NIST updates its National Vulnerability Database operations to prioritize enriching critical CVEs due to a surge in submissions.

New PHP Composer Flaws Enable Arbitrary Command Execution - Patches Released

Two high-severity vulnerabilities in Composer could allow arbitrary command execution through command injection flaws in the Perforce VCS driver.

ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories

Multiple industrial giants have released new ICS security advisories addressing various vulnerabilities since the last Patch Tuesday.

'By Design' Flaw in MCP Could Enable Widespread AI Supply Chain Attacks

MCP's architectural flaw allows adversarial takeover of user systems, exposing sensitive data and enabling malware installation.

Ancient Excel bug comes out of retirement for active attacks

A 17-year-old critical Excel vulnerability is actively being exploited, prompting CISA to issue a patch deadline for federal agencies.

Two Vulnerabilities Patched in Ivanti Neurons for ITSM

Ivanti resolved two medium-severity vulnerabilities in Neurons for ITSM affecting on-premises and cloud deployments.

n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails

Threat actors are weaponizing n8n to conduct phishing campaigns and deliver malicious payloads through automated emails.

Information security

Critical N8n Sandbox Escape Could Lead to Server Compromise

Information security

N8n Vulnerabilities Could Lead to Remote Code Execution

Information security

Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution

Two eval injection vulnerabilities in n8n allow authenticated users to bypass sandboxes and achieve remote code execution, enabling full instance compromise.

Information security

Critical n8n flaws disclosed along with public exploits

Authenticated users who can create or edit n8n workflows can escape sandboxes to achieve remote code execution and full server takeover (CVE-2026-25049).

n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails

Threat actors are weaponizing n8n to conduct phishing campaigns and deliver malicious payloads through automated emails.

Information security

Critical N8n Sandbox Escape Could Lead to Server Compromise

Information security

N8n Vulnerabilities Could Lead to Remote Code Execution

Information security

Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution

Information security

Critical n8n flaws disclosed along with public exploits

April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More

Critical vulnerabilities in Adobe, Fortinet, Microsoft, and SAP products were highlighted in April's Patch Tuesday releases.

Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with seven new vulnerabilities, including critical Windows and Adobe flaws.

100 Chrome Extensions Steal User Data, Create Backdoor

Over 20,000 users installed malicious Chrome extensions that steal information, provide backdoors, or inject ads, as reported by cybersecurity firm Socket.

Attackers are targeting developers via Slack and Google Sites

A targeted phishing campaign exploits trust in the open-source community, tricking developers into providing credentials and installing malicious software.

ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

[In] ShowDoc version before 2.8.7, an unrestricted and unauthenticated file upload issue is found and [an] attacker is able to upload a web shell and execute arbitrary code on server.

Information security

fromFinbold

Kraken insider extortion reveals remote work security blind spot

"Shortly after access was terminated, we began receiving extortion demands. The criminals threatened to distribute materials from both the February 2025 incident and the recent incident to media outlets and on social media if we did not comply. We will not pay these criminals," Percoco stated.

Information security

fromInfoWorld

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

CVSS-9.3 vulnerability in Marimo allows unauthenticated remote code execution, exploited shortly after disclosure.

Ransomware scum, other crims exploit 4 old Microsoft bugs

Four Microsoft vulnerabilities are actively exploited, including one from 2012, prompting CISA to urge federal agencies to patch them within two weeks.

Runtime security becomes critical as AI accelerates threats

Artificial intelligence accelerates innovation and cyber threats, necessitating a focus on runtime security for effective enterprise protection.

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI's macOS apps were affected by a supply chain attack, but no user data or internal systems were compromised.

AI agents found vulns in this Linux and Unix print server

Two vulnerabilities in CUPS allow unauthenticated remote code execution and root file overwrite, posing significant security risks in networked environments.

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

Threat actors exploit HTTP cookies for PHP web shells on Linux servers, enabling remote code execution with stealthy control mechanisms.

Exploitation of Fresh Citrix NetScaler Vulnerability Begins

Exploitation of a critical Citrix NetScaler vulnerability began shortly after its public disclosure, with active attempts detected within days.

Citrix NetScaler bug may be multiple flaws in one

In-the-wild exploitation of a critical Citrix NetScaler bug has begun, with attackers actively targeting vulnerable systems within days of its disclosure.

Exploitation of Fresh Citrix NetScaler Vulnerability Begins

Exploitation of a critical Citrix NetScaler vulnerability began shortly after its public disclosure, with active attempts detected within days.

Citrix NetScaler bug may be multiple flaws in one

In-the-wild exploitation of a critical Citrix NetScaler bug has begun, with attackers actively targeting vulnerable systems within days of its disclosure.

We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them

AWS Bedrock's connectivity makes it powerful but also exposes it to multiple attack vectors that can compromise enterprise data.

4 weeks ago

Critical ScreenConnect Vulnerability Exposes Machine Keys

ConnectWise released a security update for ScreenConnect addressing CVE-2026-3564, a critical vulnerability allowing attackers to access cryptographic machine keys by encrypting previously exposed cryptographic material in server configuration files.

4 weeks ago

9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors

Nine critical vulnerabilities in low-cost IP KVM devices from multiple manufacturers allow unauthenticated attackers to gain root access and control compromised systems at the BIOS/UEFI level.

fromArs Technica

Researchers disclose vulnerabilities in IP KVMs from four manufacturers

IP KVMs pose severe network security risks because compromising them enables attackers to bypass system security and access remotely managed servers.

Critical N8n Vulnerabilities Allowed Server Takeover

Two critical vulnerabilities in n8n allowed unauthenticated remote code execution and sandbox escape, potentially exposing all stored credentials including AWS keys, passwords, OAuth tokens, and API keys.

CISA says n8n critical bug exploited in real-world attacks

CISA mandates immediate patching of CVE-2025-68613, a critical 9.9-severity remote code execution vulnerability in n8n workflow automation platform affecting over 103,000 users.

Critical FreeScout Vulnerability Leads to Full Server Compromise

A critical zero-click RCE vulnerability in FreeScout bypasses previous patches using zero-width space characters, enabling unauthenticated remote code execution through malicious emails.

Organizations Warned of Exploited Linux Vulnerabilities

Critical GNU Inetutils telnetd authentication bypass (CVE-2026-24061) enables remote root via crafted Telnet USER variable, and kernel integer overflow (CVE-2018-14634) permits privilege escalation.

BeyondTrust Remote Support has a critical vulnerability

Unauthenticated remote-code-execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access enables full system compromise; affected versions require urgent patching or upgrades.

BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration

The vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), allows attackers to execute operating system commands in the context of the site user. In a report published Thursday, Palo Alto Networks Unit 42 said it detected the security flaw being actively exploited in the wild for network reconnaissance, web shell deployment, command-and-control (C2), backdoor and remote management tool installs, lateral movement, and data theft.

Information security

Vulnerability exploits now dominate intrusions

Exploit of disclosed vulnerabilities now causes most intrusions, with attackers weaponizing new flaws within hours while many organizations patch slowly.

Multiple vulnerabilities found in Anthropic's Git MCP server

Anthropic's reference Git MCP server contained multiple vulnerabilities that allowed arbitrary file access and command execution, exposing the MCP ecosystem to significant security risk.

Infosec researchers mull curious case of Telnet ancient flaw

Tier-1 transit operators likely applied port 23 filtering after advance warning of a critical GNU InetUtils telnetd flaw (CVE-2026-24061), collapsing Telnet traffic.

fromDroids On Roids