Researchers with Cyata and BlueRock uncovered vulnerabilities in MCP servers from Anthropic and Microsoft, feeding ongoing security worries about MCP and other agentic AI tools and their dual natures as both key parts of the evolving AI world and easy targets for threat actors.
The post Anthropic, Microsoft MCP Server Flaws Shine a Light on AI Security Risks appeared first on Security Boulevard.
The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalogue with four critical security flaws affecting widely-used enterprise software and development tools. All vulnerabilities were added on January 22, 2026, with a standardized deadline of February 12, 2026, requiring federal agencies and critical infrastructure operators to implement patches or mitigations. [β¦]
The post CISA Updates KEV Catalog with 4 Critical Vulnerabilities Following Ongoing Exploits appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Similar to recent FortiCloud single sign-on (SSO) login vulnerabilities, the attacks bypass authentication.
The post Fortinet Confirms FortiCloud SSO Exploitation Against Patched Devices appeared first on SecurityWeek.
CISA has added the Zimbra flaw to the KEV catalog along with three other bugs exploited in the wild.
The post Organizations Warned of Exploited Zimbra Collaboration Vulnerability appeared first on SecurityWeek.
Really interesting blog post from Anthropic:
In a recent evaluation of AI modelsβ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations. This illustrates how barriers to the use of AI in relatively autonomous cyber workflows are rapidly coming down, and highlights the importance of security fundamentals like promptly patching known vulnerabilities.
[β¦]
A notable development during the testing of Claude Sonnet 4.5 is that the model can now succeed on a minority of the networks without the custom cyber toolkit needed by previous generations. In particular, Sonnet 4.5 can now exfiltrate all of the (simulated) personal information in a high-fidelity simulation of the Equifax data breachβΒone of the costliest cyber attacks in historyβΒusing only a Bash shell on a widely-available Kali Linux host (standard, open-source tools for penetration testing; not a custom toolkit). Sonnet 4.5 accomplishes this by instantly recognizing a publicized CVE and writing code to exploit it without needing to look it up or iterate on it. Recalling that the original Equifax breach happened by exploiting a publicized CVE that had not yet been patched, the prospect of highly competent and fast AI agents leveraging this approach underscores the pressing need for security best practices like prompt updates and patches. ...
The post AIs are Getting Better at Finding and Exploiting Internet Vulnerabilities appeared first on Security Boulevard.
Pwn2Own participants disclosed a total of 76 vulnerabilities during the three-day event.Β
The post Infotainment, EV Charger Exploits Earn Hackers $1M at Pwn2Own Automotive 2026 appeared first on SecurityWeek.
The exploitation of the authentication bypass vulnerability started two days after patches were released.
The post Fresh SmarterMail Flaw Exploited for Admin Access appeared first on SecurityWeek.
Amit Sheps, head of product marketing at CyCognito, discusses the growing challenges cybersecurity teams face as artificial intelligence accelerates the expansion of enterprise attack surfaces. He explains why visibility, continuous assessment, and proactive risk management are becoming essential in an AI-driven threat landscape. Sheps argues that most teams are still stuck in βvulnerability whack-a-moleβ mode,..
The post Why AI Is Making Attack Surface Management Mandatory appeared first on Security Boulevard.
Hackers bypass the FortiCloud SSO login authentication to create new accounts and change device configurations.
The post New Wave of Attacks Targeting FortiGate Firewalls appeared first on SecurityWeek.
The startup will use the new funding to accelerate product development and deepen remediation capabilities.
The post Furl Raises $10 Million for Autonomous Vulnerability Remediation appeared first on SecurityWeek.
Fixes were rolled out for over two dozen vulnerabilities, including critical- and high-severity bugs.
The post Atlassian, GitLab, Zoom Release Security Patches appeared first on SecurityWeek.
Cisco has released patches for CVE-2026-20045, a critical vulnerability that can be exploited for unauthenticated remote code execution.
The post Hackers Targeting Cisco Unified CM Zero-DayΒ appeared first on SecurityWeek.
Oracleβs January 2026 CPU resolves roughly 230 unique vulnerabilities across more than 30 products.
The post Oracleβs First 2026 CPU Delivers 337 New Security Patches appeared first on SecurityWeek.
Critical iOS and iPadOS WebKit flaws put millions of iPhones and iPads at risk of silent takeover. Apple urges users to update immediately.
The post New iOS and iPadOS Flaws Leave Millions of iPhones at Risk appeared first on TechRepublic.
Critical iOS and iPadOS WebKit flaws put millions of iPhones and iPads at risk of silent takeover. Apple urges users to update immediately.
The post New iOS and iPadOS Flaws Leave Millions of iPhones at Risk appeared first on TechRepublic.
The numbers tell a stark story: $1.42 billion lost across 149 documented incidents in 2024 due to smart contract vulnerabilities, with access control flaws accounting for $953.2 million in damages alone. While the Web3 community debates the perfect AI solution for smart contract security, billions continue to drain from protocols that could have been protected..
The post Why Smart Contract Security Canβt Wait for βBetterβ AI Models appeared first on Security Boulevard.
The two bugs, an arbitrary file read and an SSRF bug, can be exploited without user interaction to leak credentials, databases, and other data.
The post Chainlit Vulnerabilities May Leak Sensitive Information appeared first on SecurityWeek.
TP-Link hasΒ disclosedΒ a high-severity authenticationΒ bypass vulnerabilityΒ affecting its VIGI security camera lineup, allowing attackers on local networks to reset administrator passwords without verification.Β Β The flaw lies in the password recovery feature of the local web interface, which is exploited via client-side state manipulation.Β The vulnerability (CVE-2026-0629) enables threat actors positioned on the sameΒ local area networkΒ (LAN) to gain [β¦]
The post TP-Link Router Flaw Enables Authentication Bypass Through Password Recovery MechanismΒ appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
.webp?ssl=1)
Kimwolf botnet exploits smart gadgets for DDoS attacks, highlighting security lapses in device protection and supply chains.
The post Whatβs On the Tube Or Rather in the Tube: Kimwolf Targets Android-based TVs and Streaming DevicesΒ appeared first on Security Boulevard.
The researcher who discovered the vulnerability saw more than 2,500 internet-exposed devices.
The post TP-Link Patches Vulnerability Exposing VIGI Cameras to Remote Hacking appeared first on SecurityWeek.
Login