Latest News

Creating a golden image of an operating system (OS) is a popular and recommended practice for deploying a new system to any environment, whether it's a data center or public cloud. This enables rapid deployment of systems that are easy to maintain and conforms to your unique Standard Operating Environment (SOE) requirements. Red Hat Enterprise Linux (RHEL) provides two options to help you build customized RHEL OS images: RHEL image builder and Red Hat Lightspeed image builder. For an overview of both options, and a list of the latest blog posts about them, visit redhat.com/image-builder.Light

In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repo_path arguments in subsequent tool calls were actually within that configured path. This could allow tool calls to operate on other repositories accessible to the server process. The fix adds path validation that resolves both the configured repository and the requested path (following symlinks) and verifies the requested path is within the allowed repository before executing any git operations. Users are advised to upgrade to 2025.12.17 upon release to remediate this issue. Thank you to https://hackerone.com/yardenporat for reporting.

In mcp-server-git versions prior to 2025.12.17, the git_diff and git_checkout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values (e.g., `--output=/path/to/file` for `git_diff`) would be interpreted as command-line options rather than git refs, enabling arbitrary file overwrites. The fix adds validation that rejects arguments starting with - and verifies the argument resolves to a valid git ref via rev_parse before execution. Users are advised to update to 2025.12.17 resolve this issue when it is released. Thank you to https://hackerone.com/yardenporat for reporting.

Attackers are targeting admin accounts, and once authenticated, exporting device configurations including hashed credentials and other sensitive information.

Many crypto investors remain sceptical about using AI in their trading. They are aware that the technology exists,…

Anthropic proves that LLMs can be fairly resistant to abuse. Most developers are either incapable of building safer tools, or unwilling to invest in doing so.

The remote access Trojan lets an attacker remotely control a victim's phone and can generate malicious apps from inside the Play Store.

Mattermost Desktop App versions < 6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via reading the application logs. A fix is available for direct download via the [Mattermost Desktop](https://github.com/mattermost/desktop/releases/tag/v6.0.0) repository, but it has not been uploaded to the npm registry at time of publication.

Mattermost versions 10.11.x < 10.11.5, 11.0.x < 11.0.4, 10.12.x < 10.12.2 fail to invalidate invite tokens after use which allows malicious actors who have intercepted invite tokens to manipulate channel memberships including adding or removing users from private channels via token replay attack.

Mattermost versions 11.0.x <= 11.0.4, 10.12.x <= 10.12.2, 10.11.x <= 10.11.6 fail to check WebSocket request field for proper UTF-8 format, which allows attacker to crash Calls plug-in via sending malformed request.