CSO Online

Azure SRE Agent flaw lets outsiders silently eavesdrop on enterprise cloud operations

A multi-tenant authentication gap in Microsoft’s AI operations agent exposed live command streams, internal reasoning, and ...

New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.
heise online

n8n: Updates fix critical security vulnerabilities in automation platform

As announced on Monday, the n8n team has now released three new versions for its popular low-code platform. These fix six ...
Security Boulevard

Attacking the MCP Trust Boundary

Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol ...

Fake Windows update installs hidden malware

Scammers built a convincing fake Windows update site that installs password-stealing malware. Learn how the multi-stage ...

MCP Dev Summit Solutions Showcase

The MCP Dev Summit featured more than 50 sponsors offering MCP and related agentic AI products for the enterprise.

Anthropic won't own MCP 'design flaw' putting 200K servers at risk, researchers say

A design flaw – or expected behavior based on a bad design choice, depending on who is telling the story – baked into ...

AI.cc Expands Unified API Platform with Access to 400+ AI Models to Help Enterprises Reduce Costs by Up to 80% in 2026

SINGAPORE, SINGAPORE, SINGAPORE, April 17, 2026 /EINPresswire.com/ -- Singapore, April 17, 2026 – In 2026, enterprises ...
CSO Online

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...
Live Science

Hackers used AI to steal hundreds of millions of Mexican government and private citizen records in one of the largest cybersecurity breaches ever

A group of hackers used both Claude Code and ChatGPT in a cybersecurity hack that lasted two and a half months. Nine Mexican ...
eWeek

OpenAI Debuts GPT-5.4-Cyber, a Locked-Down AI Model for Cyber Defense

OpenAI launches GPT-5.4-Cyber with selective access for verified defenders, adding a cyber-focused model and tighter controls ...
InfoWorld

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says.