Security
Headlines
HeadlinesLatestCVEs

Latest News

Agentic AI's Risky MCP Backbone Opens Brand-New Attack Vectors

Critical security vulnerabilities affect different parts of the Model Context Protocol (MCP) ecosystem, which many organizations are rapidly adopting in order to integrate AI models with external data sources.

DARKReading
Open in Source
#vulnerability
4 Arrested in UK Over M&S, Co-op, Harrods Hacks

The UK's National Crime Agency arrested four people, who some experts believe are connected to the notorious cybercriminal collective known as Scattered Spider.

Patch, track, repeat

Thorsten takes stock of a rapidly evolving vulnerability landscape: record-setting CVE publication rates, the growing fragmentation of reporting systems, and why consistent tracking and patching remain critical as we move through 2025.

GHSA-ggmv-j932-q89q: Chall-Manager's HTTP Gateway is vulnerable to DoS due to missing header timeout

### Impact The HTTP Gateway processes headers, but with no timeout set. With a Slowloris attack, an attacker could cause Denial of Service (DoS). Exploitation does not require authentication nor authorization, so anyone can exploit it. It should nonetheless not be exploitable as it is highly recommended to bury Chall-Manager deep within the infrastructure due to its large capabilities, so no users could reach the system. ### Patches Patch has been implemented by [commit `1385bd8`](https://github.com/ctfer-io/chall-manager/commit/1385bd869142651146cd0b123085f91cec698636) and shipped in [`v0.1.4`](https://github.com/ctfer-io/chall-manager/releases/tag/v0.1.4). ### Workarounds No workaround exist. ### References N/A

GHSA-r7fm-3pqm-ww5w: Chall-Manager's scenario decoding process does not check for zip bombs

### Impact When decoding a scenario (i.e. a zip archive), the size of the decoded content is not checked, potentially leading to zip bombs decompression. Exploitation does not require authentication nor authorization, so anyone can exploit it. It should nonetheless not be exploitable as it is highly recommended to bury Chall-Manager deep within the infrastructure due to its large capabilities, so no users could reach the system. ### Patches Patch has been implemented by [commit `14042aa`](https://github.com/ctfer-io/chall-manager/commit/14042aa66a577caee777e10fe09adcf2587d20dd) and shipped in [`v0.1.4`](https://github.com/ctfer-io/chall-manager/releases/tag/v0.1.4). ### Workarounds No workaround exist. ### References N/A.

GHSA-3gv2-v3jx-r9fh: Chall-Manager is vulnerable to Path Traversal when extracting/decoding a zip archive

### Impact When decoding a scenario (i.e. a zip archive), the path of the file to write is not checked, potentially leading to zip slips. Exploitation does not require authentication nor authorization, so anyone can exploit it. It should nonetheless not be exploitable as it is **highly** recommended to bury Chall-Manager deep within the infrastructure due to its large capabilities, so no users could reach the system. ### Patches Patch has been implemented by [commit `47d188f`](https://github.com/ctfer-io/chall-manager/commit/47d188fda5e3f86285e820f12ad9fb6f9930662c) and shipped in [`v0.1.4`](https://github.com/ctfer-io/chall-manager/releases/tag/v0.1.4). ### Workarounds No workaround exist. ### References N/A.

GHSA-54xv-94qv-2gfg: @pdfme/common vulnerable to to XSS and Prototype Pollution through its expression evaluation

## Summary The expression evaluation feature in pdfme 5.2.0 to 5.4.0 contains critical vulnerabilities allowing sandbox escape leading to XSS and prototype pollution attacks. ## Details ### 1. Sandbox Escape Leading to XSS The expression evaluator's sandbox can be bypassed to execute arbitrary JavaScript code. Attackers can obtain the Function constructor through indirect methods: ```javascript // Attack vector 1: Using Object.getOwnPropertyDescriptor { ((f, g) => f(g(Object), "constructor").value)(Object.getOwnPropertyDescriptor, Object.getPrototypeOf)("alert(location)")() } // Attack vector 2: Using object property access { { f: Object.getOwnPropertyDescriptor }.f({ g: Object.getPrototypeOf }.g(Object), "constructor").value("alert(location)")() } ``` Both payloads bypass the sandbox restrictions and execute `Function("alert(location)")()`. ### 2. Prototype Pollution The expression evaluator allows access to prototype accessor methods which can be exploited with Object.assign ...

GHSA-275g-g844-73jh: Matrix Rust SDK vulnerable to SQL Injection through its EventCache implementation

An SQL injection vulnerability in the `EventCache::find_event_with_relations` method of matrix-sdk 0.11 and 0.12 allows malicious room members to execute arbitrary SQL commands in Matrix clients that directly pass relation types provided by those room members into this method, when used with the default sqlite-based store backend. Exploitation is unlikely, as no known clients currently use the API in this manner. ### Workarounds Passing only trusted (or sanitised) relation types to the `filter` argument of `EventCache::find_event_with_relations()` avoids the issue. ### Patches The issue is fixed in matrix-sdk 0.13. ### References The issue was introduced in https://github.com/matrix-org/matrix-rust-sdk/pull/4849.

UK Arrests Four in ‘Scattered Spider’ Ransom Group

Authorities in the United Kingdom this week arrested four alleged members of "Scattered Spider," a prolific data theft and extortion group whose recent victims include multiple airlines and the U.K. retail chain Marks & Spencer.

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

Cybersecurity researchers have discovered a critical vulnerability in the open-source mcp-remote project that could result in the execution of arbitrary operating system (OS) commands. The vulnerability, tracked as CVE-2025-6514, carries a CVSS score of 9.6 out of 10.0. "The vulnerability allows attackers to trigger arbitrary OS command execution on the machine running mcp-remote when it