Researchers detail an exploit in GitHub's official MCP server that lets hackers trick an LLM agent into leaking private information about the MCP user
Attackers only need to open a malicious issue on the targeted repositories to exploit the vulnerability. — invariantlabs.ai/blog/mcp-git... Daniel Cuthbert / @dcuthbert : We are truly back in the 19...
A security researcher details how he discovered a zero-day vulnerability in the Linux kernel's SMB implementation by analyzing the code using OpenAI's o3 API
Now finding a Linux kernel-level zero day is as simple as knowing how to prompt. sean.heelan.io/2025/05/22/h... @davidcrespo : key detail in this very good post about finding a novel vuln with LLMs: e...
YouTube is running a test globally that limits ad blocker users to three videos, giving them the option to turn off their tool or subscribe to YouTube Premium
3 videos and you're out Digital Trends : YouTube tries new way of tackling ad blockers Mastodon: Dare Obasanjo / @carnage4life@mas.to : Enshitification is the process by which platforms take back the ...
Uber takes some internal systems offline to investigate a network breach; Yuga Labs' Sam Curry says it appears the hacker pretty much has “full access to Uber”
what you need to know Msmash / Slashdot : Uber Investigating Breach of Its Computer Systems Prajeet Nair / BankInfoSecurity.com : Uber Probes Breach After Hacker Boasts About Intrusion Michael Hill / ...
Russia has created its own trusted TLS certificate authority as sanctions prevent Russian sites from renewing existing TLS certificates
Yeah, RIGHT TechRadar : Russia creates its own TLS certificate authority to bypass sanctions Leigh Mc Gowran / Silicon Republic : Russia issues its own TLS certificates to get past global sanctions Ad...
DHS issues an interim rule that will, once finalized, let it hire cybersecurity professionals at salaries of up to $255,800 and up to $332,100 in special cases
and Retain—Cybersecurity Talent Maggie Miller / The Hill : DHS announces new program to attract and retain cybersecurity talent Natalie Alms / Federal Computer Week : New cyber talent system, years in...
Interview with BlackMatter, a new ransomware group that only targets companies with $100M+ revenue and says it will avoid certain industries like healthcare
Editor's Note: In July, a new ransomware gang started posting advertisements on various cybercrime forums announcing that it was seeking … Tweets: @dcuthbert and @therecord_media Tweets: Daniel Cuthbe...
Clubhouse says it has added security safeguards and banned a user after some Clubhouse audio and metadata was found on a third-party website
privacy breach on invite-only app raises concerns Lorenzo Franceschi-Bicchierai / VICE : This Website Made Clubhouse Conversations Public Becky Bracken / Threatpost : Assume Clubhouse Conversations Ar...
Researchers: “SimJacker”, a widespread SIM card-based vulnerability, is being exploited by a private actor “that works with governments to monitor individuals”
https://thehackernews.com/... #infosec #technews https://twitter.com/... @thehackersnews : What's more worrisome? According to researchers, a specific private company that works with Governments is ac...
Kaspersky researcher identifies sophisticated new spyware, dubbed TajMahal, that went undetected for five years and is from an as-yet unknown source
IT'S NOT EVERY day that security researchers discover a new state-sponsored hacking group. Even rarer is the emergence of one whose spyware … Tweets: @dcuthbert , @dcuthbert , @dcuthbert , and @a_gre...