Systemic Flaw in MCP Protocol Could Expose 150 Million Downloads
Security researchers at Ox Security disclosed a critical, systemic flaw in Anthropic's Model Context Protocol (MCP) that enables arbitrary command execution. The vulnerability stems from the protocol’s STDIO interface, which runs commands even when server startup fails, exposing over 200 open‑source projects, 150 million downloads, and up to 200,000 vulnerable instances. Anthropic has labeled the behavior "by design" and declined to modify the SDKs, shifting sanitization responsibility to developers. The flaw threatens sensitive data, API keys, and could allow full system takeover.
Automotive Ransomware Attacks Double in a Year
Ransomware has become the fastest‑growing cyber threat to the automotive industry, accounting for 44% of all attacks on carmakers in 2025. Halcyon’s report shows attack frequency more than doubled last year, driven by connected vehicle platforms, OTA updates and cloud‑based...
European Cybersecurity Agency ENISA Seeks Top-Tier Status in CVE Program
ENISA, the EU’s cybersecurity agency, is pursuing top‑level root CVE Numbering Authority (TL‑Root CNA) status, aiming for approval by 2026 or early 2027. The move follows ENISA’s recent elevation to a root CNA in 2025 and would place it alongside...
Signed Adware Operation Disables Antivirus Across 23,000 Hosts
A signed software operation linked to Dragon Boss Solutions has been silently disabling antivirus products on more than 23,000 endpoints worldwide. The campaign uses a legitimate code‑signing certificate and an Advanced Installer‑based update mechanism to deliver a PowerShell payload, ClockRemoval.ps1,...
Critical Nginx-Ui MCP Flaw Actively Exploited in the Wild
A critical authentication bypass (CVE‑2026‑33032) in the open‑source nginx‑ui management console is being actively exploited. The flaw, scoring 9.8 on CVSS, lets any network‑adjacent attacker issue unauthenticated API calls that control the underlying nginx server. Over 2,600 publicly reachable instances...
AI Companies to Play Bigger Role in CVE Program, Says CISA
CISA’s Vulnerability Response & Coordination chief Lindsey Cerkovnik urged AI firms such as OpenAI and Anthropic to gain stronger representation in the Common Vulnerabilities and Exposures (CVE) program. The call follows the debut of Anthropic’s Claude Mythos Preview and OpenAI’s...
AI Security Institute Advocates Security Best Practices After Mythos Test
The AI Security Institute (AISI) evaluated Anthropic’s Claude Mythos Preview, finding it could autonomously execute multi‑stage attacks and complete 22 of 32 steps in a simulated corporate network. The model succeeded in three out of ten attempts, highlighting both its...
Mailbox Rule Abuse Emerges as Stealthy Post-Compromise Threat
Security researchers have uncovered a sharp increase in the abuse of Microsoft 365 mailbox rules, with Proofpoint reporting that roughly 10% of compromised accounts in Q4 2025 contained malicious rules created within seconds of initial access. These rules, often given trivial names,...
Mirax Android Trojan Turns Devices Into Residential Proxy Nodes
A new Android banking trojan called Mirax is spreading across Europe, targeting Spanish‑speaking users through fake streaming app ads. The campaign has reached more than 200,000 accounts and operates under a restricted Malware‑as‑a‑Service model that limits access to a small...
Just Three Ransomware Gangs Accounted for 40% of Attacks Last Month
A recent threat report found that just three ransomware groups—Conti, REvil and LockBit—were responsible for roughly 40% of all ransomware incidents recorded last month. The concentration of activity drove a 15% increase in average ransom demands, reaching about $250,000 per...
STX RAT Targets Finance Sector With Advanced Stealth Tactics
A new remote access trojan, STX RAT, was discovered after an attempted intrusion in a financial services firm in February 2026. The malware employs multi‑stage scripts, in‑memory execution, and encrypted C2 traffic to evade traditional defenses. It can harvest browser data,...
Governance Gaps Emerge as AI Agents Drive 76% Increase in NHIs
The SANS Institute’s 2026 State of Identity Threats & Defenses Survey reveals a 76 % rise in non‑human identities (NHIs) as AI agents proliferate across enterprises. Seventy‑four percent of firms already deploy AI agents that require credentials, causing NHIs to double...
Google Warns of New Threat Group Targeting BPOs and Helpdesks
Google’s Threat Intelligence Group has identified a new financially motivated threat cluster, UNC6783, targeting business process outsourcers and enterprise helpdesks. The group leverages live‑chat interactions to direct victims to spoofed Okta login pages and malicious Zendesk‑support domains, stealing clipboard data...
Google API Keys Quietly Gain Access to Gemini on Android Devices
A flaw in Google’s API‑key system automatically grants Gemini AI access to any key once the service is enabled, exposing Android apps to unauthorized use. CloudSEK’s analysis of 10,000 apps uncovered 32 active keys in 22 applications that together have...
Claude Discovers Apache ActiveMQ Bug Hidden for 13 Years
Horizon3.ai uncovered a remote code execution vulnerability (CVE‑2026‑34197) in Apache ActiveMQ Classic that had been hidden for 13 years. The flaw lets attackers fetch remote configuration files via the Jolokia API and execute arbitrary OS commands, especially when default credentials...
