MCP security risks stem from AI architecture, not a patchable bug
Researchers warn MCP introduces architectural AI security risks that standard patches cannot fix, raising enterprise concerns over tool access.
CISA orders agencies to patch exploited Cisco SD-WAN flaws
CISA has ordered federal agencies to patch actively exploited Cisco SD-WAN flaws that can hand attackers admin access to network infrastructure.
ShinyHunters targets hundreds of websites in new Salesforce campaign
ShinyHunters’ claimed Salesforce Experience Cloud campaign shows how stolen identities and weak portal controls can expose data at scale.
Aura confirms breach of 900,000 marketing contacts
Aura says an unauthorized party accessed nearly 900,000 marketing contact records, exposing names and email addresses and raising phishing risks.
Leaked Ariomex database sheds light on Iranian crypto sanctions evasion
A leaked Ariomex database may reveal how Iranian actors used crypto to move funds under sanctions pressure, while exposing users to serious privacy ri
Former defense contractor executive gets 7+ years for selling zero-days to Russia
A former L3Harris executive got 7+ years for selling stolen zero-days to a Russian broker, exposing insider risks in the cyber-industrial base.
Google patches Chrome zero-day after confirming in-the-wild exploitation
Google issued an emergency Chrome update for CVE-2024-4671, a high-severity zero-day reportedly exploited in the wild.
NCSC warns critical infrastructure firms to act now after severe attacks hit Polish energy providers
The NCSC is warning critical infrastructure operators to act now after severe disruptive cyber-attacks hit Polish energy providers.
CISA flags actively exploited SolarWinds Web Help Desk flaw
CISA added critical SolarWinds Web Help Desk flaw CVE-2024-28986 to KEV, warning that attackers are already exploiting it in the wild.
AI voice and virtual meeting fraud jumped 1210% in a year, Pindrop says
Pindrop says AI-powered voice and virtual meeting fraud surged 1210% in a year, raising risks for payments, call centers and remote work.
Critical and high-severity n8n sandbox flaws open path to remote code execution
Two severe n8n sandbox flaws could enable remote code execution, putting self-hosted automation servers and stored secrets at risk.
World Leaks claims 1.4TB Nike data breach as extortion-only attacks keep rising
Nike is investigating World Leaks’ claim of a 1.4TB data dump, highlighting the rise of extortion-focused attacks without confirmed encryption.