Daniel Cuthbert

Researchers detail an exploit in GitHub's official MCP server that lets hackers trick an LLM agent into leaking private information about the MCP user

Attackers only need to open a malicious issue on the targeted repositories to exploit the vulnerability.  —  invariantlabs.ai/blog/mcp-git... Daniel Cuthbert / @dcuthbert : We are ...

A security researcher details how he discovered a zero-day vulnerability in the Linux kernel's SMB implementation by analyzing the code using OpenAI's o3 API

Now finding a Linux kernel-level zero day is as simple as knowing how to prompt. sean.heelan.io/2025/05/22/h... @davidcrespo : key detail in this very good post about finding a nov...

A security researcher details how he discovered a zero-day vulnerability in the Linux kernel's SMB implementation by analyzing the code using OpenAI's o3 API

In this post I'll show you how I found a zeroday vulnerability in the Linux kernel using OpenAI's o3 model.

CISA says it will extend funding to Mitre, which runs the CVE Program, and “there will be no lapse in critical CVE services”, after Mitre said funding expired

CISA says the U.S. government has extended MITRE's funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program.

CISA says it will extend funding to Mitre, which runs the CVE Program, and “there will be no lapse in critical CVE services”, after Mitre said funding expired

CISA says the U.S. government has extended MITRE's funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program.

Wiz: DeepSeek left one of its critical databases exposed, leaking more than 1M records including system logs, user prompt submissions, and users' API keys

China-based DeepSeek has exploded in popularity, drawing greater scrutiny.  Case in point: Security researchers found more than 1 million records …

The UK gives data centers Critical National Infrastructure designation, enabling the government to coordinate better against hackers and unexpected cyber events

LONDON — The U.K. on Thursday said it now classes data centers as critical infrastructure, in a move that is expected …

CrowdStrike says the problematic July 19 software update that brought down 8.5M Windows PCs was deployed into production due to “a bug in the Content Validator”

CrowdStrike has blamed a bug in its own test software for the mass-crash-event it caused last week.

Qualys researchers say an OpenSSH flaw can let attackers remotely compromise servers and allow unauthenticated RCE as root; over 14M servers may be vulnerable

Qualys researchers say an OpenSSH flaw can let attackers remotely compromise servers and allow unauthenticated RCE as root; over 14M servers may be vulnerable

Researchers from Qualys say regreSSHion allows attackers to take over servers with 14 million potentially vulnerable OpenSSH instances identified.

Report: the alleged ringleader of the Scattered Spider hacking group was arrested in Spain; sources say the accused is 22-year-old Scottish man Tyler Buchanan

A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider …Source:Murcia Today.

Researchers find malicious code in versions of the compression tool XZ Utils that were incorporated into Linux distributions from Red Hat, Debian, and others

Malicious code planted in xz Utils has been circulating for more than a month.  —  Researchers have found a malicious backdoor …

JFrog finds ~100 malicious PyTorch and Tensorflow Keras models on Hugging Face, some of which can execute code on users' machines to give attackers a backdoor

JFrog finds ~100 malicious PyTorch and Tensorflow Keras models on Hugging Face, some of which can execute code on users' machines to give attackers a backdoor

Leaked files detail Chinese state-linked hacking groups carrying out large-scale, systematic cyber intrusions against governments, companies, and infrastructure

A trove of leaked documents from a Chinese state-linked hacking group shows that Beijing's intelligence and military groups …

Cybersecurity experts say that global law enforcement agencies dealt Russia-linked LockBit a major blow, but history shows that ransomware gangs regroup quickly

- Disruption of LockBit praised as major blow against gang  — History has shown that hackers regroup quickly, experts say

Cybersecurity experts say that global law enforcement agencies dealt Russia-linked LockBit a major blow, but history shows that ransomware gangs regroup quickly

- Disruption of LockBit praised as major blow against gang  — History has shown that hackers regroup quickly, experts say

Okta tells customers that hackers who breached its network stole information on all users of its customer support system, greater than the 1% claimed previously

- Okta had earlier said breach affected about 1% of customers  — Company said some Okta employee information was also stolen

An in-depth look inside a covert Russian operation to get dual-use specialist microchips, which are protected by EU export controls, into the hands of the state

A rare look inside a covert Russian-led operation to get strategic technology protected by European export controls into the hands of the state

An in-depth look at a covert Russian operation to get dual-use specialist microchips, which are protected by EU export controls, into the hands of the state

A rare look inside a covert Russian-led operation to get strategic technology protected by European export controls into the hands of the state