The Hacker News

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture ...
Infosecurity Magazine

European Cybersecurity Agency ENISA Seeks Top-Tier Status in CVE Program

The EU cybersecurity agency looks to become the third Top-Level Root CVE Numbering Authority, alongside CISA and MITRE ...
Infosecurity Magazine

Microsoft Fixes Two Zero-Days in April Patch Tuesday

Microsoft published a higher-than-usual list of fixes for CVEs as part of its monthly Patch Tuesday update round yesterday, ...

Recently leaked Windows zero-days now exploited in attacks

Threat actors are exploiting three recently disclosed Windows security vulnerabilities in attacks aimed at gaining SYSTEM or ...

Microsoft releases emergency patches for critical ASP.NET flaw

Microsoft has released out-of-band (OOB) security updates to patch a critical ASP.NET Core privilege escalation vulnerability ...
Dark Reading

How NIST's Cutback of CVE Handling Impacts Cyber Teams

Industry and ad hoc coalitions appear poised to help fill the gap created by NIST's decision to cut back on CVE data ...
Arabian Post

ENISA’s CVE rise reshapes cyber oversight

The central fact is that ENISA became a CVE Numbering Authority in January 2024, allowing it to assign CVE identifiers and ...
Computer Weekly

April Patch Tuesday brings zero-days in Defender, SharePoint Server

The latest monthly Patch Tuesday update from Microsoft landed earlier on 14 April, including two notable zero-day flaws amid ...