Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

Anthropic won't own MCP 'design flaw' putting 200K servers at risk, researchers say

A design flaw – or expected behavior based on a bad design choice, depending on who is telling the story – baked into ...
The Hacker News

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture ...
Dark Reading

UNC6692 Combines Social Engineering, Malware, Cloud Abuse

A newly discovered threat actor is using Microsoft Teams, AWS S3 buckets, and custom "Snow" malware in a multipronged ...
American Banker

Unpatched AI flaw poses risk to banking sector

An unpatched vulnerability in Anthropic's Model Context Protocol creates a channel for attackers, forcing banks to manage the ...

Gemma 4 Explained: What It Is, What It Can Do, And How To Use It Right Now

The new family of AI models can run on a smartphone, a Raspberry Pi, or a data centre, and is free to use commercially.
CSO Online

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

A single unauthenticated connection gives attackers a full shell; credential theft observed in under three minutes on honeypot servers.
The Hacker News

UNC6692 Impersonates IT Help Desk via Microsoft Teams to Deploy SNOW Malware

UNC6692 has been attributed to a large email campaign that's designed to overwhelm a target's inbox with a flood of spam ...
Network World

Azure SRE Agent flaw lets outsiders silently eavesdrop on enterprise cloud operations

A multi-tenant authentication gap in Microsoft’s AI operations agent exposed live command streams, internal reasoning, and ...

Legacy Migration To New AI-Native Worlds

Enterprises modernize legacy mainframe systems with AI agents, leveraging existing infrastructure while overcoming ...
CSO Online

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...

Anthropic Claude source code leak explained: Techie reveals how a 4 am update exposed 512,000 lines of code

A routine software update for Anthropic's Claude Code tool accidentally leaked its entire source code, sparking rapid community response. Within hours, a developer rewrote the tool in Python and then ...