200,000 MCP servers expose a command execution flaw that Anthropic calls a feature

OX Security confirmed arbitrary command execution on six live platforms and estimates 200,000 MCP servers are exposed. Here's ...
Hackaday

This Week In Security: State Malware, State Hardware Bans, And Stuxnet Before Stuxnet Was Cool

Making headlines everywhere is the CopyFail Linux kernel vulnerability, which allows local privilege escalation (LPE) from any user to root privileges on most kernels and distributions. Local ...

Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.

Six teams exploited Claude Code, Copilot, Codex, and Vertex AI in nine months. Every attack hit runtime credentials that IAM ...

Do You Need Aluminum Luggage?

And if aluminum is too passé for you, Tumi now offers a range of titanium luggage. Starting from a whopping $3,800, it boasts ...
The Hacker News

Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution

Gemini CLI CVSS 10.0 flaw in versions below 0.39.1 enabled RCE in CI workflows, forcing Google to mandate explicit workspace ...

PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...
Opinion

IBM's AI coding 'partner' Bob hits general availability

IBM has announced global availability of Bob, the AI coding assistant - sorry partner - which it claims has delivered a productivity boost to the 80,000 big bluers pressed into guinea pig status last ...
Upstream Online

Chinese contractor secures $2.5 billion worth of new deals in first quarter

COOEC's project awards grew nearly fourfold in the first quarter, as compared to the same period last year Upstream depends ...

Failed shoe company’s pivot to AI is for the birds

Allbirds, or NewBird AI, is less capable of succeeding in this market than I am of beating Daniel Wiffen in the pool. The ...

Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining

Hackers are exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy ...

Google's fix for critical Gemini CLI bug might break your CI/CD pipelines

Google has patched a CVSS 10.0 vulnerability in its command-line AI tool and is warning anyone running it in headless mode, ...
TMCnet

Codezero Launches Cordon: One Command to Keep Credentials Safe Across AI Coding Agents

Cordon's credential containment layer scales across every runtime, agent, and pipeline without replacing a single tool already in your stack. Its architecture is vault-agnostic, ...