200,000 MCP servers expose a command execution flaw that Anthropic calls a feature

OX Security confirmed arbitrary command execution on six live platforms and estimates 200,000 MCP servers are exposed. Here's ...
The Hacker News

ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories

SMS blasters, npm supply chain hits, and unpatched Windows flaws. Stay ahead of new phishing kits and exposed servers.

Critical vulnerability in Ruby's standard library ERB:attackers can execute code

The Ruby vulnerability is not easy to exploit, but allows an attacker to read sensitive data, start code, and install ...
CSO Online

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who have found exploitable instances in many commercial services and open-source ...
Wall Street Journal

AI Is Finding Bugs That Hackers Can Exploit. Get Ready for Bugmageddon.

The software bug was capable of crashing an operating system used by firewalls, servers and network appliances. It went undetected for over 27 years. Last month, it was caught by Mythos, the latest AI ...
CoinDesk

Attacker mints $1 billion Polkadot tokens on Ethereum, ends up stealing just $250,000

Crypto hacks are nothing new, but cases where attackers take big risks and walk away with peanuts aren't common. That rare scenario played out on Sunday. An attacker exploited a vulnerability in ...
TechRepublic

‘BlueHammer’ Exploit Targets Windows, Potentially Impacting 1 Billion+ Devices

A researcher released a working ‘BlueHammer’ Windows zero-day exploit that could impact over 1 billion devices, granting SYSTEM-level access and leaving no patch yet. A disgruntled security researcher ...
Bleeping Computer

Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit

Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions. Dubbed ...
KCCI Des Moines

Fayette County authorities warn of check fraud scam in northeastern Iowa

VETO IT. IN NORTHEASTERN IOWA, THE FAYETTE COUNTY SHERIFF’S OFFICE IS WARNING ABOUT A NEW CHECK FRAUD SCAM. INVESTIGATORS SAY CHECKS MAILED TO THE DISCOVER CREDIT CARD COMPANY WERE INTERCEPTED AT A ...
GitHub

POOPS PS5 Autoloader - BD-J Kernel Exploit & ELF Autoloader

It's Poops-PS5-Java chained with 'ps5_autoloader.elf' For implemented ISO, go check BD-UN-JB-Poops-Autoloader. 'Poops.java' is complete Java port of the poops_ps5.lua IPv6 UAF kernel exploit ...
CoinDesk

North Koreans hackers likely behind $286 million Drift Protocol exploit: Elliptic

Elliptic said Thursday the $285 million Drift Protocol exploit, the largest this year, carries “multiple indicators” of North Korea’s state-sponsored DPRK hacker group involvement. The research firm ...
MacRumors

Apple to Issue Rare iOS 18 Software Update for DarkSword Exploit

Apple on Wednesday will issue software updates to devices still running iOS 18 to protect them from an exploit called DarkSword, which can silently take over an iPhone if it visits a website infected ...