Author: Admin
Cybersecurity researchers have found critical security vulnerability in artificial intelligence (AI) Anthropic Model Context (Mcp) The inspector project that can lead to the remote code (RCE) and will allow the attacker to gain full access to the hosts. Vulnerability tracked as Cve-2025-49596It carries the CVSS 9.4 with a maximum of 10.0. “This is one of the first critical RCES in the Anthropic MCP ecosystem by exposing a new class of attacks based on a browser on the instrument – Note In a report published last week. “When performing the code on the machine developer, the attackers can steal data, install…
Cybersecurity researchers indicated the tactical similarity between the subjects of the threat behind Romcom rat and the cluster observed Broadcast. ProfofPoint Security Enterprise – This is Transferloader’s Activities, to the Group called Unk_greensec and the actors of the Romcom rats nicknamed Ta829. The latter is also known by cigar names, foggy Mantis, Storm-0978, Tropical Scorpius, UAC-0180, UAT-5647, UNC2596 and Void Rabisu. The company said it discovered Unk_greensec as part of its TA829 investigation, describing it as “an unusual amount of similar infrastructure, delivery tactics, target pages and e -mail bait.” TA829 is an unusual hacking group in the threats, given…
01 July 2025Red LakshmananDevelopment developers / software development New Integrated Development Environment Study (IDES), such as Microsoft Visual Studio Code, Visual Studio, Intellij Ideea and Cursor, revealed weaknesses in how they handle the expansion process, ultimately allowing the attackers to perform malicious code for developers. “We found that checking checks in the Visual Studio code allows publishers to add functionality to extensions while maintaining a proven icon,” – Researchers on Ox Nir Zadok and Moshe Siman Tov Bustan – Note In a report that shared with Hacker News. “This leads to the potential for malicious extensions to be checked and…
Despite many years of investment in protection against zero confidence, SSE and endpoints, many businesses still leave one critical layer: browser. This is where 85% of modern work occurs. It is also there that copying/insertion actions, unauthorized use of Genai, extensions of robbers and personal devices create a risk surface that most safety stacks were not designed for processing. For security leaders who know this blind spot exists, but there is not enough roadmap to fix, a new basis can help. Reliable Guide for Browser’s MetCybersecurity researcher Francis Odum, offers a pragmatic model to help CISO and security groups assess,…
01 July 2025Red LakshmananSafety of vulnerability / browser Google has released security updates to resolve the vulnerability in its Chrome browser, for which the wild exists in the wild. The vulnerability with the zero day, which is tracked as CVE-2025-6554 (CVSS: N/A) was described as a type of incomprehensible deficiency in the V8 JavaScript and Webassembly engine. “Enter the confusion in V8 in Google Chrome to 138.0.7204.96 allowed a remote attacker to perform an arbitrary reading/record via the created HTML page,” A description Errors in the National Vulnerability Base Nist (NVD). Enter the vulnerability of confusion may have Severe consequences…
On Monday, the US Department of Justice (DOJ) announced great actions aimed at the North Korea (IT) scheme (IT), which led to one person’s arrest and confiscation of 29 financial accounts, 21 fraudulent sites and nearly 200 computers. The coordinated actions searched 21 known or suspected “laptops” between 10 and 17 and 17 2025 US states, which were used by North Korean IT workers for remote connection to the victim networks through laptops provided by the company. “North Korean actors assisted individuals in the US, China, the United Arab Emirates and Taiwan, and successfully received work with more than 100…
01 July 2025Red LakshmananMobile Security / Privacy Microsoft has stated that it is ending the password support in its Authenticator app since August 1, 2025. Changes, according to the company, are part of its efforts to streamline Autofofy in addition to two -factor authentication (2FA). “Starting July 2025, Autofoful’s feature in Authenticator will stop working, and from August 2025 passwords will no longer be available in Authenticator,” – Microsoft – Note In the support document for Microsoft Authenticator. It should be noted that Microsoft has already deleted the ability to add or import new passwords in the last month. However,…
June 30, 2025Red LakshmananCyber -Atak / Critical Infrastructure The US Cybersecurity and special services issued a joint advisory warning about potential cyber reports from Iranian state-owned or affiliated threat subjects. ‘In the last few months, there has been increasing activity from hativists and Iranian government subjects that are expected – Note. “These cyber-actors often use the goals based on the use of unprotected or outdated software with well-known vulnerabilities and expositions, either by default or total passwords on the Internet accounts and devices.” Currently, there is no evidence of a coordinated campaign -active campaign in the US, which can be…
On Monday, Europol announced the withdrawal of cryptocurrency fraud, which laundered 460 million euros (540 million) with more than 5,000 victims worldwide. The operation, according to the agency, was carried out by Spanish citizens, as well as the support of law enforcement agencies from Estonia, France and the USA. Europol said the syndicate investigation began in 2023. In addition, five alleged suspects behind the cryptocurrency scam were arrested on June 25, 2025. Three arrests took place in the Canary Islands, and two more were detained from Madrid. “In order to carry out their false activities, the leaders of the criminal…
June 30, 2025Red LakshmananCybercrime / vulnerability Actor threats known as Room with high confidence is attributed to the use of the Russian hosting service that is not Proton66. Trustwave Spiderlabs, in message Published last week, it said that she was able to make this connection, turning from digital assets related to Proton66, which led to the detection of an active threat cluster that uses the visual basic scenario (VBS) as its original attack vector and sets the Trojan remote access (rat).Many subjects threaten count on BulletproWhile the Visual Basic (VBS) scenario may seem outdated, it’s stillHosting suppliers like Proton66 because…