Cybersecurity researchers have discovered a critical security vulnerability in artificial intelligence (AI) company Anthropic’s Model Context Protocol (MCP) Inspector project that could result in remote code execution (RCE) and allow an attacker to gain complete access to the hosts. The vulnerability, tracked as CVE-2025-49596, carries a CVSS score of 9.4Read More »Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits

Cybersecurity researchers have flagged the tactical similarities between the threat actors behind the RomCom RAT and a cluster that has been observed delivering a loader dubbed TransferLoader. Enterprise security firm Proofpoint is tracking the activity associated with TransferLoader to a group dubbed UNK_GreenSec and the RomCom RAT actors under theRead More »TA829 and UNK_GreenSec Share Tactics and Infrastructure in Ongoing Malware Campaigns

Research indicated that 16 billion passwords were exposed in what was reportedly the world’s largest data breach to date — however, some experts are questioning these claims.

PowerSchool, a California-based education technology company, recently announced a data breach that occurred between December 19 and December 28, 2024. 

An increase in scanning activity targeted MOVEit Transfer systems may indicate emerging threat activity.

A new study of integrated development environments (IDEs) like Microsoft Visual Studio Code, Visual Studio, IntelliJ IDEA, and Cursor has revealed weaknesses in how they handle the extension verification process, ultimately enabling attackers to execute malicious code on developer machines. “We discovered that flawed verification checks in Visual Studio CodeRead More »New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status