Anthropic won't own MCP 'design flaw' putting 200K servers at risk, researchers say

A design flaw – or expected behavior based on a bad design choice, depending on who is telling the story – baked into ...

Major compromise of the telnyx PyPI library could put millions of users at risk

TeamPCP strikes again, with almost identical code to LiteLLM.
OMG! Ubuntu

Tributary is the GTK4 Rhythmbox port of your dreams

Ever wondered what a GTK4/libadwaita version of Linux music player Rhythmbox might look like? A new app in development ...

Google adds Rust to Pixel 10 modem to block attacks at one of Android's weakest points

The security problem starts with how cellular modems are built. A phone's baseband is effectively its own operating system, ...

Google shoehorned Rust into Pixel 10 modem to make legacy code safer

To protect the Pixel modem from zero-day attacks, Google focused on the DNS parser. As cellular features have migrated to ...
InfoQ

GitHub Actions Custom Runner Images Reach General Availability

GitHub has just announced the availability of custom images for its hosted runners. They've finally left the public preview ...
The Hacker News

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

Cisco patches partly critical vulnerabilities in several products

On Wednesday, Cisco issued nine security advisories. They address partly critical vulnerabilities in several products.
The Hacker News

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

UNC1069 compromised Axios 1.14.1 and 0.30.4 via social engineering, impacting 100M weekly downloads and exposing supply ...