ZDI-26-246: (0Day) aws-mcp-server Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit t...
13 articles
This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit t...
OpenAI’s Safety Bug Bounty program seeks to address AI safety vulnerabilities beyond traditional security flaws
Notorious ransomware group Interlock has been exploiting a Cisco zero-day bug since January, AWS says
CrackArmor AppArmor flaws let local Linux users gain root, break containers and enable DoS attacks
DNS-based attack in AWS Bedrock AgentCore lets AI sandboxes exfiltrate cloud data
CISA issued urgent directive as attackers exploit Cisco SD-WAN flaw granting admin access to networks
FortiGate SSO flaws allows attackers to steal configs, abuse AD creds, deploy RMM tools, and exfiltrate NTDS files.
Huntress researchers uncover campaign exploiting vulnerabilities to steal data using Elastic Cloud as a data hub
Two of the 48 Cisco vulnerabilities, affecting Secure Firewall Management Center, are maximum-severity flaws
The UK government says its new Vulnerability Monitoring Service has cut unresolved security flaws by 75% and reduced cyber-attack fix times from nearly two m...
IBM's 2026 X-Force report reveals 44% rise in cyber-attacks on public apps, driven by AI and flaws
December 2025 saw a 120% surge in critical CVEs, with 22 exploited flaws and React2Shell (CVE-2025-55182) dominating threat activity across Meta’s React fram...
As 2025 draws to a close, Tony looks back at the cybersecurity stories that stood out both in December and across the whole of this year