Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face

Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware ...
Infosecurity Magazine

Systemic Flaw in MCP Protocol Could Expose 150 Million Downloads

However, in a report published on April 15, researchers at Ox Security claimed that a flaw in the protocol could enable ...

Anthropic won't own MCP 'design flaw' putting 200K servers at risk, researchers say

A design flaw – or expected behavior based on a bad design choice, depending on who is telling the story – baked into ...

Do not fall for this fake Windows update support site. It’s spreading a password-stealing malware

Malwarebytes warns that a fake Microsoft support site is distributing password-stealing malware through a spoofed Windows ...
CSO Online

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...

Your developers are already running AI locally: Why on-device inference is the CISO’s new blind spot

Shadow AI 2.0 isn’t a hypothetical future, it’s a predictable consequence of fast hardware, easy distribution, and developer ...

Malware campaign lures users with fake Windows Update website

Malwarebytes recently uncovered a new malicious campaign targeting the Windows Update service. Focused on French-speaking users, the campaign uses layered obfuscation techniques to deliver multiple ...
Analytics India Magazine

New Research Finds Seven ‘Deadly’ Vulnerabilities in AI Benchmarks

A team of researchers from UC Berkeley have demonstrated that eight AI agent benchmarks can be manipulated to produce ...

Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise

FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from ...
Blue Headlineq

Week in Cybersecurity: 338 New Vulnerabilities, 11 Critical (April 07 – April 14, 2026)

This week in cybersecurity: 338 new CVEs published including 11 critical severity. 9 vulnerabilities added to CISA KEV catalog. Plus major developments in AI security, supply chain attacks, and ...
Techzine Europe

OpenSearch is enterprise-ready with long-term support and version 3.6

OpenSearch is getting an LTS program with 18 months of support, SBOM compliance, and vendor accreditation. OpenSearch 3.6 is ...