Researchers detail an exploit in GitHub's official MCP server that lets hackers trick an LLM agent into leaking private information about the MCP user
Attackers only need to open a malicious issue on the targeted repositories to exploit the vulnerability. — invariantlabs.ai/blog/mcp-git... Daniel Cuthbert / @dcuthbert : We are truly back in the 19...
Binarly: UEFI Secure Boot is completely compromised on 200+ device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro due to a cryptographic key leak
hundreds of devices from Dell, Supermicro and more all affected, here's what we know Adam Conway / XDA Developers : PKFail puts hundreds of computers and laptops at risk and renders Secure Boot useles...
Q&A with Del Harvey, who led Twitter's trust and safety team for 13 years until 2021, on the X rebrand, her role, Gamergate, Donald Trump, January 6, and more
From Israel vs. Hamas threats to Donald Trump's “wild” posts, Del Harvey helped make the platform's hardest content moderation calls for 13 years. Mastodon: @anildash@me.dm , @aulia@octodon.social , @...
A profile of Window Snyder, who helped secure the early internet while at Microsoft and Mozilla, and pushed Apple to enable encryption by default in its devices
https://techcrunch.com/... Kenn White / @kennwhite@mastodon.social : This is a great profile on Window Synder, one of the true OG hackers and an absolute force of nature in internet security. You can...
A profile of Window Snyder, who helped secure the early internet while at Microsoft and Mozilla, and pushed Apple to enable encryption by default in its devices
Snyder has made Windows, Mac computers, iPhones, and other technologies more secure for almost 25 years. Mastodon: @Weld@infosec.exchange and @kennwhite@mastodon.social . Bluesky: @arw.bsky.social Twi...
Researchers find 1,000+ web apps, from Ford, American Airlines, and others, mistakenly exposed 38M records stored on Microsoft's Power Apps service
Including Contact-Tracing Info Keumars Afifi-Sabet / IT PRO : Microsoft Power Apps misconfiguration exposes 38 million records James Vincent / The Verge : Check your permissions: default settings in M...
Uncertainty about the nature of the list of 50K potential Pegasus targets created confusion and controversy, but doesn't negate the investigation's key findings
which used NSO tech to spy on dissidents— to expand surveillance into the UK.https://www.theguardian.com/ ... Lorenzo Franceschi-Bicchierai / @lorenzofb : NSO Group is now blaming Palestinian activist...
Researcher finds iPhone bug that disables wireless functionality after joining a WiFi network called “%p%s%s%s%s%n”; resetting network settings fixes the issue
here's the fix and how to prevent it Gordon Kelly / Forbes : Serious Warning Issued For Millions Of Apple iPhone Users Ali Salman / Wccftech : iOS Bug Causes Certain Network Name to Permanently Disabl...
Investigator says hackers breached Colonial Pipeline through a VPN account whose password has since been discovered inside a batch of leaks on the dark web
🍿 Gangster Coworking CNN : Ransomware attackers used compromised password to access Colonial Pipeline network Kim Lyons / The Verge : Hackers reportedly used a compromised password in Colonial Pipelin...
VMware patches a new bug in vCenter Server, a virtualization management product used by an estimated 43K organizations, that could allow remote code execution
Patch Now! Antonia Din / Heimdal Security Blog : Critical Flaw Is Impacting All vCenter Server Deployments, VMware Alerts Simon Sharwood / The Register : VMware reveals critical vCenter hole it says ‘...