The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port. The D-Link ...
The DuneSlide vulnerabilities enable zero-click prompt injection attacks that escape Cursor's sandbox and execute arbitrary code on the underlying operating system.
LevelBlue says QuimaRAT uses encrypted plugins, OS-specific persistence, and JNA libraries to control Windows, Linux, and ...
Security vulnerabilities in the self-hosting platform offer attack possibilities with low, albeit narrowly defined, access ...
As part of the effort to push Large Language Model (LLM) ‘AI’ into more and more places, Anthropic’s Model Context Protocol (MCP) has been adopted as the standard to connect LLMs with various external ...
Sentire says attacks began June 29 against a CVSS 9.6 OS command injection flaw that enables unauthenticated code execution.
The decades-old "finger" command is making a comeback,, with threat actors using the protocol to retrieve remote commands to execute on Windows devices. In the past, people used the finger command to ...
Splunk systems are at risk from a remote command execution (RCE) vulnerability. Tracked as CVE-2026-20163, the flaw allows bad actors to carry out arbitrary shell commands directly on the host ...
Unsafe defaults in MCP configs open servers to possible remote code execution, as evidenced by several commercial services and open-source projects. AI agent building tools enable users to configure ...
A new report out today from Swiss artificial intelligence-powered managed extended detection and response company Ontinue AG warns of the growing abuse of Nezha, a legitimate open-source server ...
Cisco (Nasdaq:CSCO) is urging customers to patch for a maximum-severity flaw affecting its IOS XE Software for Wireless controllers. The flaw, tracked as CVE-2025-20188, received a severity rating of ...