First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package

Cybersecurity researchers have discovered what has been described as the first-ever instance of a malicious Model Context Protocol MCP server spotted in the wild, raising software supply chain risks. According to Koi Security, a legitimate-looking developer managed to slip in rogue code within an...

com.foursquare:rogue_2.8.0 (>=1.0.1 <=1.1.8), net.liftweb:JPADemo-Master_2.8.0 (=2.2-RC1) +26 more potentially affected by CVE-2013-3300 via net.liftweb:lift-webkit_2.8.0 (>=2.1 <=2.4-RC1)

net.liftweb:lift-webkit2.8.0 MAVEN version =2.1, =1.0.1, =2.1, =2.1, =2.1, =2.1, =2.1, =2.4-RC1 and more Source cves: CVE-2013-3300 Source advisory: OSV:GHSA-JF9V-FXFQ-WM76...

Vulnerability fixed in Cisco Anyconnect Secure Client

Cisco has fixed a vulnerability in Anyconnect Secure Mobility Client for linux and macOS. A locally authenticated malicious party could exploit the vulnerability to load a rogue shared library, which allows the malicious party to execute arbitrary code execute with root privileges and gain access...

Vulnerability fixed in IBM Aspera Connect

IBM has fixed a vulnerability in Aspera Connect. The vulnerability allows an unauthenticated remote malicious person able to execute arbitrary code under privileges of the application. To do so, the malicious party must induce the victim to execute load a rogue dynamic-link library. IBM has...