Aggregator

You must login to view this content

Two high-severity vulnerabilities in Anthropic’s Model Context Protocol (MCP) Filesystem Server enable attackers to escape sandbox restrictions and execute arbitrary code on host systems.  The vulnerabilities, designated CVE-2025-53109 and CVE-2025-53110, affect all versions prior to 0.6.3 and represent a significant security risk as MCP adoption accelerates across enterprise environments where AI applications often run with […]

The post Anthropic’s MCP Server Vulnerability Allowed Attackers to Escape Sandbox and Execute Code appeared first on Cyber Security News.

The ongoing Russia-Ukraine conflict, which intensified in 2022, continues to reshape the cybercrime landscape in 2025, with hacktivism emerging as a potent weapon in geopolitical disputes. Since the war’s outbreak, pro-Russian and pro-Ukrainian hacktivist groups have waged a parallel battle in cyberspace, employing distributed denial-of-service (DDoS) attacks, website defacements, and data breaches to influence the […]

The post Pro-Russian Hackers Forge New Alliances for High-Profile Cyberattacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A newly disclosed vulnerability in the Sudo command-line tool, present for over 12 years, has exposed countless Linux and Unix-like systems to the risk of local privilege escalation, allowing attackers to gain root access without sophisticated exploits. The flaw, tracked as CVE-2025-32462, was discovered by the Stratascale Cyber Research Unit (CRU) and affects both stable […]

The post 12-Year-Old Sudo Vulnerability Exposes Linux Systems to Root Privilege Escalation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

CISA released four Industrial Control Systems (ICS) advisories on July 3, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-184-01 Hitachi Energy Relion 670/650 and SAM600-IO Series
• ICSA-25-184-02 Hitachi Energy MicroSCADA X SYS600
• ICSA-25-184-03 Mitsubishi Electric MELSOFT Update Manager
• ICSA-25-184-04 Mitsubishi Electric MELSEC iQ-F Series

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Microsoft Corporation has confirmed a significant workforce reduction affecting approximately 9,000 employees, representing nearly 4% of its global workforce.  This strategic restructuring comes as the technology giant continues to navigate the complex landscape of artificial intelligence infrastructure investments while maintaining operational efficiency and shareholder value. Key Takeaways1. Microsoft confirms 9,000 job cuts, 4% workforce reduction across […]

The post Microsoft Confirms Laying Off 9,000 Employees, Impacting 4% of its Workforce appeared first on Cyber Security News.

The cybersecurity landscape has witnessed a dramatic escalation in pro-Russian hacktivist activities since the onset of 2025, with emerging alliances between established and newly formed groups launching increasingly sophisticated attacks against Western infrastructure. These cyber operations, driven by geopolitical tensions surrounding the Russia-Ukraine conflict, have evolved from simple website defacements to coordinated campaigns targeting critical […]

The post Pro-Russian Hackers Making New Alliances to Launch High-Profile Attacks appeared first on Cyber Security News.

A Barracuda Networks analysis of unsolicited and malicious emails sent between February 2022 to April 2025 indicates 14% of the business email compromise (BEC) attacks identified were similarly created using a large language model (LLM).

The post Analysis Surfaces Increased Usage of LLMs to Craft BEC Attacks appeared first on Security Boulevard.

The deluge of bargain-priced ads that flooded social networks during Latin America’s “Hot Sale 2025” has now been traced to a sprawling Chinese-built malware operation that weaponizes thousands of convincingly branded storefronts to harvest payment credentials. First noticed by Mexican journalist Ignacio Gómez Villaseñor while monitoring suspicious domains hosted on a single IP, the campaign […]

The post Beware of Chinese Fake e-Commerce Websites Mimic Apple, Wrangler Jeans and Abuses Payment Services Like MasterCard and PayPal appeared first on Cyber Security News.

Cisco has found a backdoor account in yet another of its software solutions: CVE-2025-20309, stemming from default credentials for the root account, could allow unauthenticated remote attackers to log into a vulnerable Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) platforms and use the acquired access to execute arbitrary commands with the highest privileges. About CVE-2025-20309, and how to fix it Cisco Unified Communications Manager – … More →

The post Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309) appeared first on Help Net Security.