Skip to content
Brand Logo

CIRCLE WITH A DOT
  • hackerworkspace@infosec.exchangeH

    HackTheBox - AirTouch

    Uncategorized vulnerability exploit penetrationtest
    1
    0 Votes
    1 Posts
    3 Views
    hackerworkspace@infosec.exchangeH
    HackTheBox - AirTouchhttps://www.youtube.com/watch?v=a3zZAV3--00#vulnerability #exploit #penetrationtesting
  • sempf@infosec.exchangeS

    A design flaw in the MCP protocol.

    Uncategorized mcp vulnerability
    5
    0 Votes
    5 Posts
    12 Views
    sempf@infosec.exchangeS
    @dmikusa No, it's nothing new. Once I actually got all the way down to the white paper, I discovered that there really isn't much to this at all, other than: hey, if you have an agent unprotected on your local machine, it can do bad things. That is an important message and should be gotten out there however it gets out there, but certainly not worth all the AI-generated hype and process of the original article.
  • aakl@infosec.exchangeA

    OX Security: Anthropic's "By Design" Failure at the Heart of the AI Ecosystem https://20204725.hs-sites.com/the-mother-of-all-ai-supply-chains

    Uncategorized anthropic vulnerability infosec llm
    1
    0 Votes
    1 Posts
    1 Views
    aakl@infosec.exchangeA
    OX Security: Anthropic's "By Design" Failure at the Heart of the AI Ecosystem https://20204725.hs-sites.com/the-mother-of-all-ai-supply-chainsMore:Security Week: Report: ‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain Attacks https://www.securityweek.com/by-design-flaw-in-mcp-could-enable-widespread-ai-supply-chain-attacks/ @SecurityWeek #Anthropic #vulnerability #infosec #LLM
  • aakl@infosec.exchangeA

    New.

    Uncategorized infosec vulnerability
    1
    0 Votes
    1 Posts
    1 Views
    aakl@infosec.exchangeA
    New.Pluto Security: MCPwn: A CVSS 9.8 One-Line MCP Bug That Hands Over Your Nginx to Anyone on the Network – Actively Exploited in the Wild https://pluto.security/blog/mcp-bug-nginx-security-vulnerability-cvss-9-8/More:Security Week: Exploited Vulnerability Exposes Nginx Servers to Hacking https://www.securityweek.com/exploited-vulnerability-exposes-nginx-servers-to-hacking/ @SecurityWeek #infosec #vulnerability
  • beyondmachines1@infosec.exchangeB

    GitHub Webhook Secret Exposure: Some Secrets Inadvertently Leaked in HTTP Headers Between September 2025 and January 2026

    Uncategorized cybersecurity infosec advisory vulnerability
    1
    0 Votes
    1 Posts
    7 Views
    beyondmachines1@infosec.exchangeB
    GitHub Webhook Secret Exposure: Some Secrets Inadvertently Leaked in HTTP Headers Between September 2025 and January 2026A bug in GitHub's new webhook delivery platform (active Sept 2025–Jan 2026) inadvertently exposed webhook secrets in an HTTP header, potentially allowing attackers who obtained them to forge GitHub webhook payloads. GitHub has notified affected owners and urged them to immediately rotate their webhook secrets, purge any logs containing the exposed headers, and verify HMAC signature validation.**If you received a notification from GitHub about this webhook secret exposure, rotate your affected webhook secrets immediately and purge any HTTP request header logs on your receiving systems that may contain the leaked secrets. After rotating, verify that your endpoint is properly validating the X-Hub-Signature-256 header with the new secret to prevent forged payloads. If you are using CircleCI, check their advisory as well.**#cybersecurity #infosec #advisory #vulnerabilityhttps://beyondmachines.net/event_details/github-webhook-secret-exposure-incident-secrets-inadvertently-leaked-in-http-headers-between-september-2025-and-january-2026-l-j-3-7-t/gD2P6Ple2L