Anthropic won't own MCP 'design flaw' putting 200K servers at risk, researchers say

A design flaw – or expected behavior based on a bad design choice, depending on who is telling the story – baked into ...
Hackaday

This Week In Security: Docker Auth, Windows Tools, And A Very Full Patch Tuesday

CVE-2026-34040 lets attackers bypass some Docker authentication plugins by allowing an empty request body. Present since 2024, this bug was caused by a previous fix to the auth workflow. In the ...
CSO Online

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...
Microsoft

Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise

The Microsoft Defender Security Research Team uncovered a sophisticated macOS intrusion campaign attributed to the North ...
The Hacker News

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks

PHANTOMPULSE spreads via Obsidian plugin abuse in REF6598 campaign, targeting finance and crypto users, bypassing AV controls ...

Databricks research shows multi-step agents consistently outperform single-turn RAG when answers span databases and documents

Data teams building AI agents keep running into the same failure mode. Questions that require joining structured data with ...

Battlefield 6’s Massive Operation Augur Update Goes Live, Here Are the Full Patch Notes

Easily the biggest aspect of this update, though, is the hundreds of changes that Battlefield Studios has made at once. Just ...
TMCnet

Blackmagic Design Announces DaVinci Resolve 21

NAB 2026 - Blackmagic Design today announced DaVinci Resolve 21, a significant update introducing the new Photo page, which ...

Battlefield 6 1.2.3.0 Patch Notes

The 1.2.3.0 Patch for Battlefield 6 has arrived, bringing with it a wide number of updates including the Operation Augur LTM, ...
Crypto News

Researchers Warn Malicious AI Agent Routers Could Become a New Crypto Theft Vector

University of California researchers have identified a new class crypto theft, stemming from AI agent routers - here's everything to know.

Now that's different - hackers use miniature SVG images to try and hide credit card stealer

Card skimmers were found in 1x1 pixel SVG images, apparently deployed through PolyShell.

Hackers use pixel-large SVG trick to hide credit card stealer

A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code ...