A new ranking of Model Context Protocol weaknesses highlights critical risks—from prompt injection to command injection—and provides a roadmap for securing the foundations of agentic AI. The post Top 25 MCP Vulnerabilities Reveal How AI Agents Can Be Exploited appeared first on SecurityWeek.
Apple has introduced a new hardware/software security feature in the iPhone 17: “Memory Integrity Enforcement,” targeting the memory safety vulnerabilities that spyware products like Pegasus tend to use to get unauthorized system access. From Wired: In recent years, a movement has been steadily growing across the global tech industry toRead More »Apple’s New Memory Integrity Enforcement
The botnet’s operators provide customers with access to an infected network of Docker containers so they can conduct DDoS attacks. The post ShadowV2 DDoS Service Lets Customers Self-Manage Attacks appeared first on SecurityWeek.
The juvenile suspect surrendered on September 17 and was booked on computer intrusion, extortion, and identity theft charges. The post Scattered Spider Suspect Arrested in US appeared first on SecurityWeek.
GitHub on Monday announced that it will be changing its authentication and publishing options “in the near future” in response to a recent wave of supply chain attacks targeting the npm ecosystem, including the Shai-Hulud attack. This includes steps to address threats posed by token abuse and self-replicating malware byRead More »GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security
The company says customer contact information was stolen from a third-party service provider’s platform. The post Automotive Titan Stellantis Discloses Data Breach appeared first on SecurityWeek.
Cybersecurity researchers are calling attention to a search engine optimization (SEO) poisoning campaign likely undertaken by a Chinese-speaking threat actor using a malware called BadIIS in attacks targeting East and Southeast Asia, particularly with a focus on Vietnam. The activity, dubbed Operation Rewrite, is being tracked by Palo Alto NetworksRead More »BadIIS Malware Spreads via SEO Poisoning — Redirects Traffic, Plants Web Shells
A cyberattack disrupted operations in European airports. Cyber experts are sharing their insights.
Organizations in Belarus, Kazakhstan, and Russia have emerged as the target of a phishing campaign undertaken by a previously undocumented hacking group called ComicForm since at least April 2025. The activity primarily targeted industrial, financial, tourism, biotechnology, research, and trade sectors, cybersecurity company F6 said in an analysis published lastRead More »ComicForm and SectorJ149 Hackers Deploy Formbook Malware in Eurasian Cyberattacks
A data hub for the DHS exposed sensitive information.
