#security-flaw

[ follow ]
#cybersecurity #vulnerability #mcp #anthropic #adversarial-takeover #agentic-ai #magento #rest-api #code-execution
Information security
fromSecurityWeek
2 days ago

'By Design' Flaw in MCP Could Enable Widespread AI Supply Chain Attacks

MCP's architectural flaw allows adversarial takeover of user systems, exposing sensitive data and enabling malware installation.
Information security
fromThe Hacker News
4 weeks ago

Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

A critical security flaw in Magento's REST API allows unauthenticated attackers to upload malicious executables, risking code execution and account takeover.
Privacy technologies
fromIT Pro
8 months ago

Microsoft patched a critical vulnerability in its NLWeb AI search tool - but there's no CVE (yet)

A critical flaw in NLWeb enables remote users to read sensitive files without authorization.
fromIT Pro
9 months ago

Cisco warns of critical flaw in Unified Communications Manager - so you better patch now

Cisco has released patches for a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME). The vulnerability, CVE-2025-20309, carries a CVSS score of 10.0, allowing an attacker to log in using the root account with static credentials that cannot be changed. Cisco advises users to upgrade to the latest version or apply the CSCwp27755 patch as there are no workarounds.
Privacy professionals
fromZDNET
9 months ago

Does your Brother printer have an unpatchable security flaw? How to check - and what you can do

Hundreds of Brother printer models have been found to harbor a serious security flaw that can't be fully patched on existing devices.
Privacy professionals
Privacy professionals
fromThe Hacker News
1 year ago

Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes

An incomplete patch for a security flaw in the NVIDIA Container Toolkit poses risks of unauthorized access and denial-of-service attacks.
[ Load more ]