Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

iT4iNT SERVER Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture that could pave the way for remote code execution and have a cascading effect on the artificial intelligence (AI) supply chain.
"This flaw enables Arbitrary Command Execution (RCE) on any system running a vulnerable MCP implementation, granting attackers direct access to VDS VPS Cloud


http://dlvr.it/TS7Djj

Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems

iT4iNT SERVER Cybersecurity researchers have flagged a new malware called ZionSiphon that appears to be specifically designed to target Israeli water treatment and desalination systems.
The malware has been codenamed ZionSiphon by Darktrace, highlighting its ability to set up persistence, tamper with local configuration files, and scan for operational technology (OT)-relevant services on the local subnet. VDS VPS Cloud


http://dlvr.it/TS74J0

Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials

iT4iNT SERVER Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to "certain" internal Vercel systems.
The incident stemmed from the compromise of Context.ai, a third-party artificial intelligence (AI) tool, that was used by an employee at the company.
"The attacker used that access to take over the employee's Vercel Google Workspace account, VDS VPS Cloud


http://dlvr.it/TS6x1p

$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims

iT4iNT SERVER Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it's suspending operations after it blamed Western intelligence agencies for a $13.74 million hack.
The exchange said it fell victim to what it described as a large-scale cyber attack that bore hallmarks of foreign intelligence agency involvement. This attack led to the theft of over 1 VDS VPS Cloud


http://dlvr.it/TS5m7W

Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic

iT4iNT SERVER Cybersecurity researchers have warned of an active malicious campaign that's targeting the workforce in the Czech Republic with a previously undocumented botnet dubbed PowMix since at least December 2025.
"PowMix employs randomized command-and-control (C2) beaconing intervals, rather than persistent connection to the C2 server, to evade the network signature detections," Cisco Talos VDS VPS Cloud


http://dlvr.it/TS4PvN

ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories

iT4iNT SERVER You know that feeling when you open your feed on a Thursday morning and it's just... a lot? Yeah. This week delivered. We've got hackers getting creative in ways that are almost impressive if you ignore the whole "crime" part, ancient vulnerabilities somehow still ruining people's days, and enough supply chain drama to fill a season of television nobody asked for.
Not all bad though. Some  VDS VPS Cloud


http://dlvr.it/TS4GKN

[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment

iT4iNT SERVER In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching.
For every employee in your org, there are 40 to 50 automated credentials: service accounts, API tokens, AI agent connections, andOAuth grants. When projects end or employees leave, most VDS VPS Cloud


http://dlvr.it/TS4569