200,000 MCP servers expose a command execution flaw that Anthropic calls a feature

OX Security confirmed arbitrary command execution on six live platforms and estimates 200,000 MCP servers are exposed. Here's ...
Hackaday

This Week In Security: State Malware, State Hardware Bans, And Stuxnet Before Stuxnet Was Cool

Making headlines everywhere is the CopyFail Linux kernel vulnerability, which allows local privilege escalation (LPE) from any user to root privileges on most kernels and distributions. Local ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
Infosecurity Magazine

Deep#Door Python Backdoor Evades Detection On Windows

A stealthy Python-based backdoor framework capable of long-term surveillance and credential theft has been identified ...

Script Injection and Data Theft: Python Data Analysis Tool Compromised

The popular Python package for monitoring data quality was briefly available as a malicious version. Provider Elementary ...

You can now get Gemini to generate downloadable files directly in chat

Google appears to have quietly rolled out a new feature for Gemini that allows you to generate downloadable files directly in ...

Claude can now work inside Photoshop, Blender and Ableton, here is how

Anthropic brings Claude to Adobe Creative Cloud, Blender and more, enabling faster creative work with smart AI automation.
How-To Geek on MSN

Never underestimate the bandwidth of a USB drive full of files

Your gigabit network is slower than this $15 pocket-sized hardware hack ...
About Amazon

AWS launches Amazon Quick desktop AI assistant that works across your applications, tools, and data

Amazon Quick brings a personal AI assistant to your desktop. Build presentations, intelligent dashboards, and more. Connect ...

Top open source PyPI package with over 1 million downloads each month hacked to send out malware

This was not a case of stolen credentials, but rather of vulnerability exploitation.
Techzine Europe

Malicious Python package poses new supply chain threat

The open-source package elementary-data, with over a million downloads per month, has been compromised. Attackers exploited a vulnerability in a GitHub ...