U.S. CISA adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog
U.S. CISA adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog Pierluigi Paganini December 08, 2025 U.S....
server
EY Exposes 4TB SQL Server Backup Publicly on Microsoft Azure
EY Exposes 4TB SQL Server Backup Publicly on Microsoft Azure Pierluigi Paganini October 31, 2025 A massive 4TB SQL Server...
AI Application Security with MCP Server | Contrast MCP Server | Contrast Security
When we introduced the Contrast Model-Context Protocol (MCP) Server a few months ago (read Supercharge your vulnerability remediation with...
Critical Microsoft WSUS Security Flaw is Being Actively Exploited
Cybersecurity vendors are warning organizations that a critical vulnerability in Microsoft’s Windows Server Update Service (WSUS) and urging that...
From Path Traversal to Supply Chain Compromise: Breaking MCP Server Hosting
TL;DR We discovered a vulnerability in a popular MCP server hosting service that compromised thousands of AI servers and...
Flax Typhoon APT exploited ArcGIS server for over a year as a backdoor
Flax Typhoon APT exploited ArcGIS server for over a year as a backdoor Pierluigi Paganini October 15, 2025 China-linked cyberespionage...
Hackers Target ICTBroadcast Servers via Cookie Exploit to Gain Remote Shell Access
Oct 15, 2025Ravie LakshmananVulnerability / Server Security Cybersecurity researchers have disclosed that a critical security flaw impacting ICTBroadcast, an autodialer...
The First Malicious MCP Server is a Warning Shot for AI Cybersecurity
The first malicious Model Context Protocol (MCP) server has been discovered and we should all be worried how this is...
#RediShell: Redis/Valkey Get ‘Perfect 10’ Critical RCE Vuln
CVSS 10.0 vulnerability in ubiquitous cloud storage layer. PATCH NOW.Redis (Remote Dictionary Server) and its open source fork Valkey share a...
First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package
Sep 29, 2025Ravie LakshmananMCP Server / Vulnerability Cybersecurity researchers have discovered what has been described as the first-ever instance of...
Malicious MCP Server Found Quietly Stealing Emails
In its first 15 iterations, a Model Context Protocol (MCP) server downloaded upwards of 1,500 times a week from the...
TAOTH Campaign Exploits End-of-Support Software to Target Traditional Chinese Users and Dissidents
Key takeaways The TAOTH campaign leveraged an abandoned Sogou Zhuyin IME update server and spear-phishing operations to deliver multiple malware...
TAOTH Campaign Exploits End-of-Support Software to Target Traditional Chinese Users and Dissidents
Key takeaways The TAOTH campaign leveraged an abandoned Sogou Zhuyin IME update server and spear-phishing operations to deliver multiple malware...
Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit
Samsung has released software updates to address a critical security flaw in MagicINFO 9 Server that has been actively exploited...
⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams
What do a source code editor, a smart billboard, and a web server have in common? They’ve all become launchpads...
