MCP attack abuses predictable session IDs to hijack AI agents
The vuln affects the Oat++ MCP implementation
Cybersecurity Month21 Oct 2025 |
Security
Muji's minimalist calm shattered as ransomware takes down logistics partner
Japanese retailer halts online orders after attack cripples third-party vendor
Cyber-crime21 Oct 2025 |
How malware vaccines could stop ransomware's rampage
Feature Security pros explore whether infection-spoofing code can immunize Windows systems against attack
Security21 Oct 2025 | 13
Suspected Salt Typhoon snoops lurking in European telco's network
It's Typhoon season…year round
Cybersecurity Month20 Oct 2025 | 2
China blames US for cyber break-in, claims America is world's biggest bit burglar
'US is … the greatest source of chaos in cyberspace'
Cybersecurity Month20 Oct 2025 | 28
A simple AI prompt saved a developer from this job interview scam
INFOSEC IN BRIEF Plus: Ransomware posing as Teams installer, Cisco 0-day exploit to drop rootkit, and European cops bust SIM-box service
Cybersecurity Month20 Oct 2025 | 26
NARROWER TOPICS
UK calls up Armed Forces veterans for digital ID soft launch
Once more into the, er, breach?
Public Sector20 Oct 2025 | 124
American Airlines subsidiary Envoy caught in Clop's Oracle EBS raid
Not a good week for Big Red
Cybersecurity Month17 Oct 2025 | 3
'Fax virus' panicked a manager and sparked job-killing Reply-All incident
On Call The 1990s called with a reminder that in the time before ransomware, infosec panics could be quite quaint
Networks17 Oct 2025 | 141
Anthropic brings mad Skills to Claude
Teaching an old bot new tricks
AI + ML16 Oct 2025 | 20
AI makes phishing 4.5x more effective, Microsoft says
And potentially 50 times more profitable
Cybersecurity Month16 Oct 2025 | 9
Vulnerability scores, huh, what are they good for? Almost nothing
CVE and CVSS systems suffer from misaligned incentives and inconsistency
Security16 Oct 2025 | 5
Nork scammers work the blockchain to steal crypto from job hunters
If someone sends you a coding test, be wary of downloading it
Cybersecurity Month16 Oct 2025 | 3
Chinese cyberspies snoop on Russian IT biz in rare east-on-east attack
Who needs enemies when you have friends like Xi?
Cyber-crime16 Oct 2025 | 9
Microsoft kills 9.9-rated ASP.NET Core bug – 'our highest ever' score
Flaw in Kestrel web server allowed request smuggling, impact depends on hosting setup and application code
Security16 Oct 2025 | 3
CISA exec blames nation-state hackers and Democrats for putting America's critical systems at risk
Federal agencies have seven days to patch F5 products
Cybersecurity Month15 Oct 2025 | 19
'Highly sophisticated' government goons hacked F5, stole source code and undisclosed bug details
And they swiped a limited amount of customers' config data
Cybersecurity Month15 Oct 2025 | 25
Frightful Patch Tuesday gives admins a scare with 175+ Microsoft CVEs, 3 under attack
Plus: Adobe, SAP, Ivanti offer treats, not tricks
Cybersecurity Month14 Oct 2025 | 21
Android 'Pixnapping' attack can capture app data like 2FA codes
GPU-based timing attack inspired by decade-old iframe technique
Cybersecurity Month13 Oct 2025 | 8
Chinese phishing kit helps scammers who send fake texts impersonate TikTok, Coinbase, others
Exclusive Researchers tracking 2,158 domains hosting YYlaiyu phishing pages
Cybersecurity Month10 Oct 2025 | 3
Ransomware crims that exploited SharePoint 0-days add Velociraptor to their arsenal
And they’re likely still abusing the same SharePoint flaws for initial access
Cybersecurity Month10 Oct 2025 |
RondoDox botnet fires 'exploit shotgun' at nearly every router and internet-connected home device
56 bugs across routers, DVRs, CCTV systems, web servers … time to run for cover
Cybersecurity Month09 Oct 2025 | 23
Crims had 3-month head start on defenders in Oracle EBS invasion
The miscreants started their attack all the way back on July 10
Cybersecurity Month09 Oct 2025 | 2
3 more infamous cybercrime crews team up to 'maximize income' in 'challenging' ransomware biz
It's hard out there for a crim
Cybersecurity Month08 Oct 2025 | 3
Take this rob and shove it! Salesforce issues stern retort to ransomware extort
CRM giant 'will not engage, negotiate with, or pay' the scumbags
Cyber-crime08 Oct 2025 | 7
Teens arrested in London preschool ransomware attack
Both men, 17, taken into custody
Cybersecurity Month07 Oct 2025 | 30
Google declares AI bug hunting season open, sets a $30K max reward
Jailbreaks, direct prompt injection not allowed
Cybersecurity Month07 Oct 2025 | 1
Employees regularly paste company secrets into ChatGPT
Microsoft Copilot, not so much
AI + ML07 Oct 2025 | 47
OpenAI bans suspected Chinese accounts using ChatGPT to plan surveillance
It also banned some suspected Russian accounts trying to create influence campaigns and malware
Cyber-crime07 Oct 2025 | 5
How your mouse could eavesdrop on you and rat you out
Mic-E-Mouse can roar by literally vibe hacking speech
Cybersecurity Month07 Oct 2025 | 46
Google DeepMind minds the patch with AI flaw-fixing scheme
CodeMender has been generating fixes for vulnerabilities in open source projects
Cybersecurity Month07 Oct 2025 | 1
Microsoft blames Medusa ransomware affiliates for GoAnywhere exploits while Fortra keeps head buried
You can't find anything bad if you don't look, right?
Cybersecurity Month06 Oct 2025 | 1
Level-10 vuln lurking in Redis source code for 13 years could allow remote code execution
No evidence of exploitation … yet
Cybersecurity Month06 Oct 2025 | 11
Leak suggests US government is fibbing over FEMA security failings
Infosec in brief Plus, PAN under attack, IT whistleblowers get a payout, and China kills online scammers
Cybersecurity Month06 Oct 2025 | 25
AI chatbots that butter you up make you worse at conflict, study finds
Top AI models keep saying you’re right, and that’s the problem
AI + ML05 Oct 2025 | 34
Hacking contest kerfuffle over copied rules pits Wiz against ZDI
'Seems like you should at least run that through ChatGPT to reword it'
Cybersecurity Month05 Oct 2025 | 12
No suds for you! Asahi brewery attack leaves Japanese drinkers dry
One week after the blitz, beer biz is still stymied
Cybersecurity Month03 Oct 2025 | 15
'Retired' cybercrime group demands ransom not to leak 1B Salesforce records
CRM giant insists its platform wasn’t breached
Cybersecurity Month03 Oct 2025 | 4
Red Hat fesses up to GitLab breach after attackers brag of data theft
Open source giant admits intruders broke into dedicated consulting instance, but insists core products untouched
Cybersecurity Month03 Oct 2025 | 5
Oracle tells Clop-targeted EBS users to apply July patch, problem solved
Researchers suggest internet-facing portals are exposing 'thousands' of orgs
Cybersecurity Month03 Oct 2025 |
Pentagon decrees warfighters don't need 'frequent' cybersecurity training
Beards, body fat, and cyber refreshers now frowned upon
Cybersecurity Month02 Oct 2025 | 142
Ransomware scumbags say they deleted kids' info after other gangs called them out
Honor among thieves - extortion is fine, but no juveniles, please
Cybersecurity Month02 Oct 2025 | 6
Curl project, swamped with AI slop, finds not all AI is bad
Artificial intelligence works when humans use it wisely
AI + ML02 Oct 2025 | 9
Ex-US cyber boss slams politics getting in the way of preparedness
interview And don't even get him started on AI
Cybersecurity Month02 Oct 2025 | 5
'Delightful' root-access bug in Red Hat OpenShift AI allows full cluster takeover
Who wouldn't want root access on cluster master nodes?
Cybersecurity Month01 Oct 2025 | 2
Air Force admits SharePoint privacy issue as reports trickle out of possible breach
Exclusive Uncle Sam can't quit Redmond
Cybersecurity Month01 Oct 2025 | 14
Beijing-backed burglars master .NET to target government web servers
‘Phantom Taurus’ created custom malware to hunt secrets across Asia, Africa, and the Middle East
Cybersecurity Month01 Oct 2025 | 8
Fake North Korean IT workers sneaking into healthcare, finance, and AI
It's not just big tech anymore
Security30 Sep 2025 | 8
Google bolts AI into Drive to catch ransomware, but crooks not shaking yet
Stopping the spread isn't the same as stopping attacks, period
AI + ML30 Sep 2025 |
Socket will block it with free malicious package firewall
"sfw" stands for Socket Firewall, but perhaps also "safe for work."
Devops30 Sep 2025 | 10
TMI: How cloud collaboration suites drive oversharing and unmanaged access
Sharing links take seconds to create, but can last for years
Partner Content
Feds cut funding to program that shared cyber threat info with local governments
The federal government's not the only thing shutting down on Oct. 1
Public Sector30 Sep 2025 | 7
One line of malicious npm code led to massive Postmark email heist
MCP plus open source plus typosquatting equals trouble
Cyber-crime29 Sep 2025 | 7
Asahi runs dry as online attackers take down Japanese brewer
No personal info gulped as yet, but don't call for help
Cyber-crime29 Sep 2025 | 9
Dutch teen duo arrested over alleged 'Wi-Fi sniffing' for Russia
Infosec In Brief PLUS: Interpol recoups $439M from crims; CISA criticizes Feds security; FIFA World Cup nets dodgy domain deluge
Security29 Sep 2025 | 6
Hunt for RedNovember: Beijing hacked critical orgs in year-long snooping campaign
Not to be confused with all the other reports of Chinese intruders on US networks that came to light this week
Research27 Sep 2025 | 14
Microsoft spots fresh XCSSET malware strain hiding in Apple dev projects
Upgraded nasty slips into Xcode builds, steals crypto, and disables macOS defenses
Security26 Sep 2025 | 2
Prompt injection – and a $5 domain – trick Salesforce Agentforce into leaking sales
More fun with AI agents and their security holes
AI + ML26 Sep 2025 | 10
Microsoft agrees to 11th hour Win 10 end of life concessions
Updated Consumer org forces Redmond to expunge list of requirements for free ESU in Euro Economic Area, just need a Microsoft account
OSes26 Sep 2025 | 88
North Korea's Lazarus Group shares its malware with IT work scammers
Keeping Pyongyang's coffers full
Cyber-crime25 Sep 2025 |
Empty shelves, empty coffers: Co-op pegs cyber hit at £80m
Supermarket says the hack that shut down systems and emptied shelves has turned profits into losses
Cyber-crime25 Sep 2025 | 25
Three in four European companies are hooked on US tech
Secure your data, avoid US sanctions, and stay compliant with European cybersecurity alternatives
Partner Content
Biting the hand that feeds IT
