86 matches found
Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain
Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's MCP architecture that could pave the way for remote code execution and have a cascading effect on the artificial intelligence AI supply chain. "This flaw enables Arbitrary Command Execution R...
The Silent Spill: Measuring Sensitive Data Leaks across Public URL Repositories
A large number of URLs are made public by various platforms for security analysis, archiving, and paste sharing -- such as VirusTotal, URLScan.io, Hybrid Analysis, the Wayback Machine, and RedHunt. These services may unintentionally expose links containing sensitive information, as reported in so...
Europol Raids Disrupt Black Axe Cybercrime Ring in Spain
Authorities caught 34 members of the notorious Black Axe gang in Spain known for stealing millions of Euros through online romance scams and email fraud...
Hacktivists claim near-total Spotify music scrape
Hacktivist group Anna’s Archive claims to have scraped almost all of Spotify’s catalog and is now seeding it via BitTorrent, effectively turning a streaming platform into a roughly 300 TB pirate “preservation archive.” On its blog, the group states: “A while ago, we discovered a way to scrape...
SoundCloud, Pornhub, and 700Credit all reported data breaches, but the similarities end there
Comparing data breaches is like comparing apples and oranges. They differ on many levels. To news media, the size of the brand, how many users were impacted, and how it was done often dominate the headlines. For victims, what really matters is the type of information stolen. And for the...
A Cyberattack on Jaguar Land Rover Is Causing a Supply Chain Disaster
The UK-based automaker has been forced to stop vehicle production as a result of the attack—costing JLR tens of millions of dollars and forcing its parts suppliers to lay off workers...
PT-2025-38403
Name of the Vulnerable Software and Affected Versions Vault affected versions not specified Chrome affected versions not specified Description The reported issue concerns authentication flaws within AWS and a denial-of-service condition related to JSON processing in Vault. Additionally, a...
New Shai-hulud Worm Infecting npm Packages With Millions of Downloads
ReversingLabs discovers "Shai-hulud," a self-replicating computer worm on the npm open-source registry. Learn how the malware steals developer…...
224 malicious apps removed from the Google Play Store after ad fraud campaign discovered
Researchers have discovered a large ad fraud campaign on Google Play Store. The Satori Threat Intelligence and Research team found 224 malicious apps which were downloaded over 38 million times and generated up to 2.3 billion ad requests per day. They named the campaign "SlopAds." Ad fraud is a...
DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft
Popular password manager plugins for web browsers have been found susceptible to clickjacking security vulnerabilities that could be exploited to steal account credentials, two-factor authentication 2FA codes, and credit card details under certain conditions. The technique has been dubbed Documen...
“Serial Hacker” Sentenced to 20 Months in UK Prison
Rotherham hacker Al-Tahery Al-Mashriky jailed for 20 months after global cyberattacks, stealing millions of logins and targeting government…...
MAL-2025-18443 Malicious code in dice-dream-millions-win (npm)
The package dice-dream-millions-win was found to contain malicious code...
Malicious code in dice-dream-millions-win (npm)
The package dice-dream-millions-win was found to contain malicious code...
PT-2025-27364
Name of the Vulnerable Software and Affected Versions Airoha Bluetooth audio SDK affected versions not specified Description The Airoha Bluetooth audio SDK contains a flaw involving unauthorized access to the RACE protocol. This access could allow for remote escalation of privilege without...
Operation RapTor: 270 Arrested in Global Crackdown on Dark Web Vendors
Global crackdown: Operation RapTor leads to 270 arrests, millions seized as law enforcement targets dark web drug, weapon, and crypto vendors...
SquareX Discloses Browser-Native Ransomware that Puts Millions at Risk
Palo Alto, USA, 29th March 2025, CyberNewsWire...
PT-2024-5891 · Unknown · Uefi Firmware
Name of the Vulnerable Software and Affected Versions: UEFI firmware affected versions not specified Description: A vulnerability related to the use of an insecure Platform Key PK has been discovered. An attacker with the compromised PK private key can create malicious UEFI software that is signe...
7-Year-Old Pre-Installed Google Pixel App Flaw Puts Millions at Risk
A critical 7-year-old security flaw in a pre-installed app on millions of Google Pixel devices has been exposed.…...
regreSSHion: Critical Vulnerability in OpenSSH Exposes Millions of Servers
A critical vulnerability in OpenSSH regreSSHion allows attackers full access to servers! Millions at risk. Learn how to…...
PT-2024-5576 · Unknown +4 · Wpa Supplicant +4
Name of the Vulnerable Software and Affected Versions: wpa supplicant affected versions not specified Description: The issue is related to an uncontrolled search path element in wpa supplicant, allowing a local unprivileged attacker to escalate privileges to the user that wpa supplicant runs as,...