Nearly 2,000 MCP Servers Possess No Security Whatsoever
Authentication in MCP — the backbone of agentic AI — is optional, and nobody’s implementing it. Instead, they’re allowing any passing attackers full control of their servers.
-
-
3 Ways Security Teams Can Minimize Agentic AI Chaos
Security often lags behind innovation. The path forward requires striking a balance.
-
Firmware Vulnerabilities Continue to Plague Supply Chain
Four flaws in the basic software for Gigabyte motherboards could allow persistent implants, underscoring problems in the ways firmware is developed and updated.
-
CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a phishing campaign that’s designed to deliver a malware codenamed LAMEHUG. “An obvious feature of LAMEHUG is the use of LLM (large language model), used to generate commands based on their textual representation (description),” CERT-UA said in a Thursday advisory. The activity has…
-
Google Sues 25 Chinese Entities Over BADBOX 2.0 Botnet Affecting 10M Android Devices
Google on Thursday revealed it’s pursuing legal action in New York federal court against 25 unnamed individuals or entities in China for allegedly operating BADBOX 2.0 botnet and residential proxy infrastructure. “The BADBOX 2.0 botnet compromised over 10 million uncertified devices running Android’s open-source software (Android Open Source Project), which lacks Google’s security protections,”
-
Critical NVIDIA Container Toolkit Flaw Allows Privilege Escalation on AI Cloud Services
Cybersecurity researchers have disclosed a critical container escape vulnerability in the NVIDIA Container Toolkit that could pose a severe threat to managed AI cloud services. The vulnerability, tracked as CVE-2025-23266, carries a CVSS score of 9.0 out of 10.0. It has been codenamed NVIDIAScape by Google-owned cloud security company Wiz. “NVIDIA Container Toolkit for all…
-
From Backup to Cyber Resilience: Why IT Leaders Must Rethink Backup in the Age of Ransomware
With IT outages and disruptions escalating, IT teams are shifting their focus beyond simply backing up data to maintaining operations during an incident. One of the key drivers behind this shift is the growing threat of ransomware, which continues to evolve in both frequency and complexity. Ransomware-as-a-Service (RaaS) platforms have made it possible for even…
-
4 Chinese APTs Attack Taiwan’s Semiconductor Industry
Chinese threat actors have turned to cyberattacks as a way to undermine and destabilize Taiwan’s most important industrial sector.
-
Alert (AA23-040A) #StopRansomware: Ransomware Activities Related to DPRK
UPDATE 02/27/2023: Added protection for CVE-2022-24990.FortiGuard Labs is aware of a joint advisory on ransomware activities against organizations in healthcare and critical infrastructure performed by threat actors related to the Democratic People’s Republic of Korea (DPRK). The advisory was issued by multiple agencies in the United States and the Republic of Korea (ROK) and contains…
-
Cisco Discloses ’10’ Flaw in ISE, ISE-PIC — Patch Now
Cisco just disclosed a critical severity flaw in its ISE and ISE-PIC products, joining two similar bugs disclosed last month.