MCP Servers Are the New Shadow IT for AI

Key Takeaways MCP servers are becoming the default wiring between AI agents and enterprise applications — but most organizations have zero visibility into where they are, what they expose, or how they can be abused. Qualys TotalAI now provides layered discovery of MCP servers across network, host...

PT-2025-31671

Name of the Vulnerable Software and Affected Versions MaterialX version 1.39.2 Description MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. When parsing shader nodes in a MTLX file, the MaterialXCore code accesses a...

AI Trust Risk and Security Management: Why Tackle Them Now?

Co-authored by Sabeen Malik and Laura Ellis In the evolving world of artificial intelligence AI, keeping our customers secure and maintaining their trust is our top priority. As AI technologies integrate more deeply into our daily operations and services, they bring a set of unique challenges tha...

What is XMPP ❓ — Extensible Messaging & Presence Protocol

What is XMPP ❓ — Extensible Messaging & Presence Protocol Introduction In the early 2000s, when the idea of chat applications was shaping, XMPP was allowing developers to construct interactive chat applications. Since its genesis, this protocol has come a long way and is now included in the tech...

What is SAML authentication ❓ How does it work ❓

Enterprises using various business apps have a tough time maintaining data’s secrecy and access grants as per user roles throughout the infrastructure landscape. SAML Security Assertion Markup Language shows up as a great aid at this front. Let’s see what is it, how it works, what are its...

Firefox Patches Critical Mystery Bug, Also Impacting Google Chrome

A Mozilla Foundation update to the Firefox web browser, released Tuesday, tackles one critical vulnerability and a handful of high-severity bugs. The update, released as Firefox version 84, is also billed by Mozilla as boosting the browser’s performance and adding native support for macOS hardwar...

Important: Red Hat Security Advisory: ipmitool security update

An update for ipmitool is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

sigma - Generic Signature Format for SIEM Systems

Generic Signature Format for SIEM Systems. What is Sigma? Sigma is a generic and open signature format that allows you to describe relevant log events in a straight forward manner. The rule format is very flexible, easy to write and applicable to any type of log file. The main purpose of this...

Generic Signature Format for SIEM Systems: Sigma

Sigma is a generic and open signature format that allows you to describe relevant log events in a straight forward manner. The rule format is very flexible, easy to write and applicable to any type of log file. The main purpose of this project is to provide a structured form in which researchers ...

Google Recommends Developers Support OAuth 2.0

Google announced today that in the coming months it will be more stringent in securing users when they log in to their accounts by applying additional authorization checks. “These additional checks will ensure that only the intended user has access to their account, whether through a browser,...

Google Joins FIDO Alliance Effort to Move Beyond Passwords

Google, which gradually has been moving its users away from using passwords as their main form of authentication for Web services, has joined a young organization whose goal is to phase out passwords and replace them with various forms of strong authentication. The FIDO Alliance, formed last year...

Scientific Linux Security Update : ipmitool on SL6.x i386/x86_64

The ipmitool package contains a command line utility for interfacing with devices that support the Intelligent Platform Management Interface IPMI specification. IPMI is an open standard for machine health, inventory, and remote power control. It was discovered that the IPMI event daemon ipmievd...

Visa Announces New Data Encryption Practices

Visa has announced new global best practices for data field encryption, also known as end-to-end encryption – a much-discussed solution in the wake of the Heartland Payment Systems breach. Announced by the global credit card company on Monday, these best practices are designed to further the...

Researchers Unveil Serious XML Flaws

From Washington Post Brian Krebs Security researchers today unveiled details about a little-known but ubiquitous class of vulnerabilities that may reside in a range of Internet components, from Web applications to mobile and cloud computing platforms to documents, images and instant messaging...