Aggregator
Italy extradites alleged Chinese state hacker to US
The “Unpatchable” Ghost: How PhantomRPC Turns Windows Architecture Against Itself for SYSTEM Control
Security researchers at Kaspersky Lab have identified a surreptitious methodology within Windows to obtain absolute systemic hegemony—a vulnerability
The post The “Unpatchable” Ghost: How PhantomRPC Turns Windows Architecture Against Itself for SYSTEM Control appeared first on Penetration Testing Tools.
CVE-2026-30350 | aegra Agent Protocol Server /store/items/search denial of service
Critical Gemini CLI Vulnerability Enables Remote Code Execution Attacks
Google has fixed a critical security flaw in the Gemini CLI that could allow attackers to execute remote code in certain automated workflows. The issue affects the npm package @google/gemini-cli and the google-github-actions/run-gemini-cli GitHub Action, especially when they are used in headless environments such as CI/CD pipelines. According to the security advisory, the vulnerability comes from two related weaknesses: […]
The post Critical Gemini CLI Vulnerability Enables Remote Code Execution Attacks appeared first on Cyber Security News.
CVE-2026-32688 | elixir-plug plug_cowboy up to 2.8.0 lib/plug/cowboy/conn.ex allocation of resources (GHSA-q8x4-x7mp-5vg2)
CVE-2026-6357 | pip up to 26.0 Self-update Check Local Privilege Escalation
CVE-2026-40514 | SmarterTools SmarterMail up to 100.0.9609 Attachment Download Endpoint weak prng
CVE-2026-7213 | ef10007 MLOps_MCP 1.0.0 save_file Tool fastmcp_server.py filename/destination path traversal
Hidden in the Cloud: Harvester’s New Linux Malware Abuses Microsoft Graph API for Invisible Espionage
The Harvester threat collective has re-emerged, wielding a sophisticated instrument designed to elude conventional defensive parameters. Security researchers
The post Hidden in the Cloud: Harvester’s New Linux Malware Abuses Microsoft Graph API for Invisible Espionage appeared first on Penetration Testing Tools.
Submit #802086: eghuzefa engineer-your-data 0.1.3 Path Traversal [Accepted]
CVE-2026-7212 | edvardlindelof notes-mcp up to 0.1.4 notes_mcp.py root_dir/path path traversal
Submit #802085: ef10007 MLOps_MCP 1.0.0 Path Traversal [Accepted]
CVE-2026-7211 | dvladimirov MCP up to 0.1.0 Git Search API mcp_server.py GitSearchRequest repo_url/pattern command injection
Submit #802084: edvardlindelof notes-mcp 0.1.4 Path Traversal [Accepted]
Microsoft Edge security advisory (AV26-396)
Submit #802083: dvladimirov mcp 0.1.0 Command Injection [Accepted]
US Sanctions Target Cambodian Scam Network Leaders
[un]prompted 2026 – Training BrowseSafe: Lessons from Detecting Prompt Injection
Author, Creator & Presenter: Kyle Polley, Member of Technical Staff At Security Perplexity
Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations' YouTube Channel.
The post [un]prompted 2026 – Training BrowseSafe: Lessons from Detecting Prompt Injection appeared first on Security Boulevard.