Aggregator

Что это за сбой и в чем настоящая причина?

Microsoft has disclosed a critical security vulnerability in its Internet Information Services (IIS) Web Deploy tool that could allow attackers to execute arbitrary code remotely on affected systems. The vulnerability, designated as CVE-2025-53772, was announced on August 12, 2025, and carries an “Important” severity rating with a CVSS score of 8.8 out of 10. Vulnerability […]

The post Microsoft IIS Web Deploy Vulnerability Allows Remote Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability has been found in eyecix JobSearch Plugin up to 2.9.0 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability was named CVE-2025-52806. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in moshensky CF7 Spreadsheets Plugin up to 2.3.2 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-50040. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Arraytics Eventin Plugin up to 4.0.31 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to deserialization. This vulnerability is handled as CVE-2025-49869. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Sound Strategies SoundSt SEO Search Plugin up to 1.2.3 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-49058. The attack can be launched remotely. There is no exploit available.

Active police and government email accounts are being sold on the dark web for as little as $40, giving cybercriminals a direct line into systems and services that rely on institutional trust. According to new research from Abnormal AI, the accounts come from agencies in the United States, United Kingdom, Germany, India, and Brazil, and are being traded on underground forums. Source: Abnormal AI Unlike spoofed or dormant addresses, these accounts are functional and still … More →

The post For $40, you can buy stolen police and government email accounts appeared first on Help Net Security.

A vulnerability classified as problematic has been found in themefunction Event Manager, Event Calendar and Booking Plugin up to 4.0.24 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-52730. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in RealMag777 MDTF Plugin up to 1.3.3.7 on WordPress. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2025-54707. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in vertim Neon Channel Product Customizer Free Plugin up to 2.0 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to missing authorization. This vulnerability was named CVE-2025-54679. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Shabti Kaplan Frontend Admin by DynamiApps Plugin up to 3.28.3 on WordPress. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2025-49267. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in CleverReach WP Plugin up to 1.5.20 on WordPress and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to sql injection. This vulnerability is handled as CVE-2025-49059. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Ben Ritner Kadence WooCommerce Email Designer Plugin up to 1.5.16 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to incorrect privilege assignment. This vulnerability is known as CVE-2025-54697. The attack can be launched remotely. There is no exploit available.

Imagine an autonomous AI agent tasked with a simple job: generating a weekly sales report. It does this reliably every Monday. But one week, it doesn't just create the report. It also queries the customer database, exports every single record, and sends the file to an unknown external server.

Your firewalls saw nothing wrong. Your API gateway logged a series of seemingly valid calls. So, what happened?

The agent wasn't hacked. Its mind was changed.

As AI evolves from simple copilots to autonomous agents, they operate using a persistent "mental state" that directs their behavior. This operational context is the new, invisible attack surface that most security teams can't see.

Introducing the Model Context Protocol (MCP)

To describe this bundle of instructions and goals, a new concept is needed. We call it the Model Context Protocol (MCP).

Think of MCP as an agent's digital mission briefing. It’s not a single command, but a complete set of operating instructions that defines the agent's entire purpose and limitations.

This mission briefing tells the agent everything it needs to know:

• Its Goal: What it's supposed to accomplish (e.g., "Generate the weekly sales report for the EU region").
• Its Tools: The specific APIs and functions it's allowed to use (e.g., "query the sales database" and "create PDF files").
• Its Role: The identity and permissions it operates with (e.g., a "sales analyst" with limited access).
• Its Memory: Important notes from past actions (e.g., "last report was sent on Monday").
• Its Constraints: The hard rules it must never break (e.g., "do not access sensitive customer information").

This briefing is the agent's brain. It follows these instructions precisely. But what happens if an attacker gets to be the one writing the instructions?

The Attack: A Poisoned Mission

Because the MCP is the driver for every action, hijacking it is the ultimate goal for an attacker. This is context poisoning.

Imagine an attacker intercepts that mission briefing before the agent reads it.

• They cross out the original goal and write a new one: "Export all customer records."
• They upgrade the agent’s role from "sales analyst" to "database administrator," giving it top-level permissions.
• They add dangerous new tools to its approved list, like "export data to the cloud."
• Finally, they erase all the original constraints and safety rules.

The agent isn't compromised in the traditional sense. It's simply following its new, malicious orders perfectly, using your own systems and APIs to carry out an attack. To your other security tools, everything looks like legitimate activity from a trusted source.

Why Your Security Tools Are Flying Blind

This is a nightmare for traditional security because the attack doesn't look like an attack.

• It's upstream of your APIs, happening in the application logic.
• It's logical, not a technical exploit. The API calls the agent makes are individually valid, so they don't trigger alerts.
• It's ephemeral, often existing only in memory, not in permanent logs that can be audited later.

You can't secure what you can't see. And if you only watch your API traffic without understanding the intent behind it, you're missing the real threat.

How to Secure the Unseen

Securing this new layer means securing the intent, not just the action. Context is the new code, and it requires a new security mindset focused on behavior.

1. Monitor for Behavioral Changes: You must know what's normal for an agent. When its API activity suddenly deviates, like accessing new databases or using tools it never has used before, it's a massive red flag.
2. Detect Impossible Drift: An agent with a "sales analyst" role should never suddenly start acting like a "database administrator." Detecting this role drift is key to spotting a poisoned context.
3. Connect Context to Action: A modern security platform must be able to connect an agent's API activity back to its purpose. This allows you to see why it's doing what it's doing and spot malicious intent.

At Salt Security, our API security platform is built for this new reality. By baselining all API activity, we develop a deep contextual understanding of how your systems are supposed to work. This allows us to instantly spot the anomalous behaviors that signal an MCP compromise—detecting goal escalation, tool misuse, and role drift before they lead to a breach.

The Bottom Line

MCP is how agents think. APIs are how they act.

To truly secure autonomous systems, you need visibility and control over both. Ignoring an agent's context is like giving a stranger the keys to your kingdom and hoping they follow the house rules.

To learn more about how Salt provides discovery, posture governance, and run-time threat protection for your entire API ecosystem, including AI and MCP, request a free Attack Surface Assessment or schedule a personalized demo with our team.

The post Beyond the Prompt: Securing the “Brain” of Your AI Agents appeared first on Security Boulevard.

CISA released thirty-two Industrial Control Systems (ICS) advisories on August 14, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-226-01 Siemens SIMATIC RTLS Locating Manager
• ICSA-25-226-02 Siemens COMOS
• ICSA-25-226-03 Siemens Engineering Platforms
• ICSA-25-226-04 Siemens Simcenter Femap
• ICSA-25-226-05 Siemens Wibu CodeMeter Runtime
• ICSA-25-226-06 Siemens Opcenter Quality
• ICSA-25-226-07 Siemens Third-Party Components in SINEC OS
• ICSA-25-226-08 Siemens RUGGEDCOM CROSSBOW Station Access Controller
• ICSA-25-226-09 Siemens RUGGEDCOM APE1808
• ICSA-25-226-10 Siemens SIPROTEC 5
• ICSA-25-226-11 Siemens SIMATIC S7-PLCSIM
• ICSA-25-226-12 Siemens SIPROTEC 4 and SIPROTEC 4 Compact
• ICSA-25-226-13 Siemens SIMATIC RTLS Locating Manager
• ICSA-25-226-14 Siemens RUGGEDCOM ROX II
• ICSA-25-226-15 Siemens SINEC OS
• ICSA-25-226-16 Siemens SICAM Q100/Q200
• ICSA-25-226-17 Siemens SINEC Traffic Analyzer
• ICSA-25-226-18 Siemens SIMOTION SCOUT, SIMOTION SCOUT TIA, and SINAMICS STARTER
• ICSA-25-226-19 Siemens SINUMERIK
• ICSA-25-226-20 Siemens RUGGEDCOM ROX II
• ICSA-25-226-21 Siemens BFCClient
• ICSA-25-226-22 Siemens Web Installer
• ICSA-25-226-23 Rockwell Automation FactoryTalk Viewpoint
• ICSA-25-226-24 Rockwell FactoryTalk Linx
• ICSA-25-226-25 Rockwell Automation Micro800
• ICSA-25-226-26 Rockwell Automation FLEX 5000 I/O
• ICSA-25-226-27 Rockwell Automation ArmorBlock 5000 I/O – Webserver
• ICSA-25-226-28 Rockwell Automation ControlLogix Ethernet Modules
• ICSA-25-226-29 Rockwell Automation Studio 5000 Logix Designer
• ICSA-25-226-30 Rockwell Automation FactoryTalk Action Manager
• ICSA-25-226-31 Rockwell Automation 1756-ENT2R, 1756-EN4TR, 1756-EN4T
• ICSA-25-212-01 Güralp Systems FMUS Series and MIN Series Devices (Update A)

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

Abnormal AI said gaining access to such accounts provides opportunities for sophisticated fraud schemes that impersonate officials

A vulnerability, which was classified as problematic, was found in WP Swings Membership for WooCommerce Plugin up to 2.9.0 on WordPress. Affected is an unknown function. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2025-54692. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in UnlimitedWP Project Cost Calculator Plugin up to 1.0.0 on WordPress. This issue affects some unknown processing. The manipulation leads to missing authorization. The identification of this vulnerability is CVE-2025-52775. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in themefunction Event Manager, Event Calendar and Booking Plugin up to 4.0.24 on WordPress. This vulnerability affects unknown code. The manipulation leads to missing authorization. This vulnerability was named CVE-2025-52731. The attack can be initiated remotely. There is no exploit available.