Three security vulnerabilities in the official Git server for Anthropic’s Model Context Protocol (MCP), mcp-server-git, have been identified by cybersecurity researchers. The flaws can be exploited through prompt injection, allowing attackers to manipulate AI assistants into performing unintended actions without… Read More "Prompt Injection Bugs Found in Official Anthropic Git MCP Server"
Two security vulnerabilities disclosed in the Chainlit framework have drawn attention to the growing risks posed by traditional web flaws in AI application environments. The issues, discovered by Zafran Research and tracked as CVE-2026-22218 and CVE-2026-22219, show how weaknesses in… Read More "Chainlit Security Flaws Highlight Infrastructure Risks in AI Apps"
The proliferation of AI data, evolving regulatory requirements and risk of large language model (LLM) collapse will help to drive take up of zero trust approaches to data governance in the next two years, Gartner has claimed. The analyst firm warned… Read More "Risk of AI Model Collapse to Drive Zero Trust Data Governance"
Defense attorneys for a Minnesota man convicted in December of assaulting Immigration and Customs Enforcement officer Jonathan Ross are seeking access to investigative files related to the killing of Renee Nicole Good, after learning Ross was the same officer who… Read More "ICE Agent’s ‘Dragging’ Case May Help Expose Evidence in Renee Good Shooting"
A new national fraud reporting service has launched in the UK, promising to transform how businesses and individuals notify law enforcement about offenses, and how police respond. Report Fraud replaces the much-maligned Action Fraud service. Run, like its predecessor, by… Read More "Report Fraud Promises to Streamline Fight Against Economic Crime"
Six more vulnerabilities have been discovered in the n8n workflow platform used for building LLM-powered agents to connect business processes. Four of the six are rated as critical, carrying CVSS severity scores of 9.4. “These vulnerabilities span multiple attack classes,… Read More "Six more vulnerabilities found in n8n automation platform"
A new community-driven, European-headquartered alternative to the US-led Common Vulnerabilities and Exposures (CVE) program has been welcome by security experts. The open source Global Cybersecurity Vulnerability Enumeration (GCVE) initiative brings together vulnerability information from over 25 public sources. These include GCVE Numbering… Read More "Experts Welcome Global Cybersecurity Vulnerability Enumeration Launch"
The EU Commission has launched a new cybersecurity package that includes its formal proposal for an amendment of the current Cybersecurity Act (CSA). The CSA is a regulation adopted by the EU Parliament and Council in March 2019 to strengthen… Read More "EU Unveils Proposed Update to Cybersecurity Act"
A particularly insidious phishing campaign is disguising malware pretending to be ordinary PDF documents behind links to virtual hard disks. Because workers are used to receiving purchase orders or invoices in the PDF format, they are likely to open the… Read More "Pretend Disk Format: PDFs harbor new dangers"
A malware framework that remained hidden for years has been discovered by security researchers at Cisco Talos. The researchers were hunting for samples of DarkNimbus, a backdoor linked to the MOONSHINE exploit kit which have both been known about since 2023, , when… Read More "Chinese-Made Malware Kit Targets Chinese-Based Edge Devices"
