Top 25 MCP Vulnerabilities Reveal How AI Agents Can Be Exploited
MCP has become an integral part of the expansion of agentic AI but comes with its own vulnerabilities. Model Context Protocol (MCP), developed by Anthropic…
Month: September 2025
$150K awarded for L1TF Reloaded exploit that bypasses cloud mitigations
$150K awarded for L1TF Reloaded exploit that bypasses cloud mitigations Pierluigi Paganini September 23, 2025 Researchers earned $150K for “L1TF Reloaded,” combining L1TF and half-Spectre…
NPM package caught using QR Code to fetch cookie-stealing malware
Newly discovered npm package ‘fezbox’ employs QR codes to retrieve cookie-stealing malware from the threat actor’s server. The package, masquerading as a utility library, leverages this innovative…
GitHub Enhances NPM’s Security with Strict Authentication, Granular Tokens, and Trusted Publishing
Recent High-profile supply‐chain attacks have exposed critical weaknesses in package registry security, prompting GitHub to roll out a suite of defenses designed to harden the…
Beware of Fake Online Speedtest Apps with Hidden JavaScript Code
These fake online speedtest applications prey on users seeking to measure their internet performance, yet they harbor hidden payloads that compromise system integrity and privacy.…
Hackers Hijacking IIS Servers Using Malicious BadIIS Module to Serve Malicious Content
A sophisticated cyber campaign, dubbed “Operation Rewrite,” is actively hijacking Microsoft Internet Information Services (IIS) web servers to serve malicious content through a technique known…
Russia Leveraging Cyber-Attacks as a Strategic Weapon Against Key Industries in Major Nations
In 2024, as the Russia-Ukraine war prolongs and military and economic cooperation between North Korea and Russia deepens, cyberspace has become a central battleground for…
How Major SOCs Achieve Early Threat Detection in 3 Steps
Every SOC leader understands that faster threat detection is better. But the difference between knowing it and building a system that consistently achieves it is…
Scammers are impersonating the FBI to steal your personal data
Been scammed? Hoping to report it to the FBI? Definitely do so, but be careful. Spoofed versions of the FBI’s Internet Crime Complaint Center (IC3)…
GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security
Sep 23, 2025Ravie LakshmananSupply Chain Attack / Malware GitHub on Monday announced that it will be changing its authentication and publishing options “in the near…
EU to shut door on Big Tech in financial data sharing
Big Tech firms are set to be excluded from access to a European Union (EU)-wide financial data-sharing initiative, in a boost to banks battling to…
Scattered Spider Suspect Arrested in US
A juvenile suspected of being involved in cyberattacks against multiple Las Vegas casinos was arrested last week, the Las Vegas Metropolitan Police Department announced. The…