A set of three security vulnerabilities has been disclosed in mcp-server-git, the official Git Model Context Protocol (MCP) server maintained by Anthropic, that could be exploited to read or delete… Read More »Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution
Cybersecurity researchers have disclosed details of a malware campaign that’s targeting software developers with a new information stealer called Evelyn Stealer by weaponizing the Microsoft Visual Studio Code (VS Code)… Read More »Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto
The Problem: The Identities Left Behind As organizations grow and evolve, employees, contractors, services, and systems come and go – but their accounts often remain. These abandoned or “orphan” accounts… Read More »The Hidden Risk of Orphan Accounts
Leaked API keys are no longer unusual, nor are the breaches that follow. So why are sensitive tokens still being so easily exposed? To find out, Intruder’s research team looked… Read More »Why Secrets in JavaScript Bundles are Still Being Missed
Cloudflare has addressed a security vulnerability impacting its Automatic Certificate Management Environment (ACME) validation logic that made it possible to bypass security controls and access origin servers. “The vulnerability was… Read More »Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers
A Telegram-based guarantee marketplace known for advertising a broad range of illicit services appears to be winding down its operations, according to new findings from Elliptic. The blockchain intelligence company… Read More »Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over $12 Billion
Cybersecurity researchers have disclosed details of a security flaw that leverages indirect prompt injection targeting Google Gemini as a way to bypass authorization guardrails and use Google Calendar as a… Read More »Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites
In cybersecurity, the line between a normal update and a serious incident keeps getting thinner. Systems that once felt reliable are now under pressure from constant change. New AI tools,… Read More »⚡ Weekly Recap: Fortinet Exploits, RedLine Clipjack, NTLM Crack, Copilot Attack & More
A team of academics from the CISPA Helmholtz Center for Information Security in Germany has disclosed the details of a new hardware vulnerability affecting AMD processors. The security flaw, codenamed… Read More »New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs
Just a few years ago, the cloud was touted as the “magic pill” for any cyber threat or performance issue. Many were lured by the “always-on” dream, trading granular control… Read More »DevOps & SaaS Downtime: The High (and Hidden) Costs for Cloud-First Businesses