WebMCP Tool Surface Poisoning: Runtime Manipulation Attacks on LLM Agents

WebMCP is a newly emerging protocol that enables websites to expose tools directly to AI agents, bypassing traditional user interfaces and introducing new security risks. The dynamic exposure of agent-accessible tools in WebMCP expands the attack surface of web sessions, especially when third-par...

Addressing the OWASP Top 10 Risks in Agentic AI with Microsoft Copilot Studio

Agentic AI is moving fast from pilots to production. That shift changes the security conversation. These systems do not just generate content. They can retrieve sensitive data, invoke tools, and take action using real identities and permissions. When something goes wrong, the failure is not limit...

EUVD-2026-15953

n8n Has External Secrets Authorization Bypass in Credential Saving...

Manipulating AI memory for profit: The rise of AI Recommendation Poisoning

That helpful "Summarize with AI" button? It might be secretly manipulating what your AI recommends. Microsoft security researchers have discovered a growing trend of AI memory poisoning attacks used for promotional purposes, a technique we call AI Recommendation Poisoning. Companies are embedding...

EUVD-2021-0729

Malware in sbrugna...

EUVD-2023-56164

Malicious code in bioql PyPI...

CISA and USCG Issue Joint Advisory to Strengthen Cyber Hygiene in Critical Infrastructure

CISA, in partnership with the U.S. Coast Guard USCG, released a joint Cybersecurity Advisory aimed at helping critical infrastructure organizations improve their cyber hygiene. This follows a proactive threat hunt engagement conducted at a U.S. critical infrastructure facility. During this...

Trivial Trojans: How Minimal MCP Servers Enable Cross-Tool Exfiltration of Sensitive Data

The Model Context Protocol MCP represents a significant advancement in AI-tool integration, enabling seamless communication between AI agents and external services. However, this connectivity introduces novel attack vectors that remain largely unexplored. This paper demonstrates how unsophisticat...

CVE-2025-30192

An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries. The updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS enabled requests and enforcing stricter...

When GPT Spills the Tea: Comprehensive Assessment of Knowledge File Leakage in GPTs

Knowledge files have been widely used in large language model LLM agents, such as GPTs, to improve response quality. However, concerns about the potential leakage of knowledge files have grown significantly. Existing studies demonstrate that adversarial prompts can induce GPTs to leak knowledge...

Creating an FTP Server Buffer Overflow Exploit with Metasploit

This paper, written in Brazilian Portuguese, explains how to create a common exploit from the data of a Metasploit Framework exploit to exploit a vanilla buffer overflow on an FTP server. In the context of application security, the author provides mitigation recommendations...

CVE-2025-29779 Post-Quantum Secure Feldman's Verifiable Secret Sharing has Inadequate Fault Injection Countermeasures in `secure_redundant_execution`

Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing VSS scheme. In versions 0.8.0b2 and prior, the secureredundantexecution function in feldmanvss.py attempts to mitigate fault injection attacks by executing a function...

CVE-2025-25469

FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/iamf.c. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment...

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in various products such as Industrial Edge Management, Mendix, SIMATIC, SIPROTEC and Siveillance. The vulnerabilities potentially enable a malicious person to carry out attacks that can lead to the following categories of damage: - Cross-Site Scripting XSS. -...

CISA: OBP Awareness Products Fact Sheet

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

CVE-2024-2201

A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent FineIBT, and to leak arbitrary Linux kernel memory on Intel systems...

CVE-2022-44515

Acrobat Reader DC version 22.001.20085 and earlier, 20.005.3031x and earlier and 17.012.30205 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this...

CISA Releases Eleven Industrial Control Systems Advisories

CISA released eleven Industrial Control Systems ICS advisories on August 15, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-228-01 Siemens SCALANCE M-800, RUGGEDCOM RM1224 ICSA-24-228-02 Siemens INTRALOG WMS...

DEBIAN-CVE-2023-52740

In the Linux kernel, the following vulnerability has been resolved: powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch The RFI and STF security mitigation options can flip the interruptexitnotreentrant static branch condition concurrently with the interrupt exit code...

CVE-2024-31142

Because of a logical error in XSA-407 Branch Type Confusion, the mitigation is not applied properly when it is intended to be used. XSA-434 Speculative Return Stack Overflow uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html...