A design flaw – or expected behavior based on a bad design choice, depending on who is telling the story – baked into Anthropic's official Model Context Protocol (MCP) puts as many as 200,000 servers at risk of complete takeover, according to security researchers.
Anthropic surprised the world by declaring that its latest model, Mythos, is so good at bug hunting that it would create chaos if released. Now, with Project Glasswing, 50+ select orgs are testing the hyped up LLM to find holes in their own products. But just how many problems have they discovered?
EXCLUSIVE: Security researchers hijacked three popular AI agents that integrate with GitHub Actions by using a new type of prompt injection attack to steal API keys and access tokens, and the vendors who run agents didn’t disclose the problem.
An unknown malware slinger targeting open source software developers via Slack impersonated a real Linux Foundation official and used pages hosted on Google to steal developers' credentials and take over their systems.
Here's my latest: A tale of two supply-chain attacks. Different attackers, but they both targeted open source software and developer environments and shares similar end goals.
😆
And yet it still works. Every. Time.
The struggle is real…
"Everybody's glorifying threat actors, and that's not helping our customers or organizations. These are just individuals, they just use computers, and they just want to steal your data and make money. They're not mythical. They don't have superpowers," Trellix VP John Fokker told me.
💯
Tens of thousands of people eagerly downloaded the leaked Claude Code source code this week, and hundreds - if not more - of those downloads came with a side of credential-stealing malware.
We are seeing a dangerous convergence between supply chain attackers and high-profile extortion groups like Lapsus$," Ben Read, a lead researcher at Wiz, told me via @theregister.com on Tuesday.
“We can remove their navy. We can remove their air power. We can attack them across all instruments of power, diplomatic, information, military, and economic. And they'll still have the ability to hack," retired US Army Lt. Gen. Ross Coffman told me via @theregister.com
This story is not about Handala, However, when I mention Handala in this piece, it says the hacktivist crew is a MOIS front. Just like every other story I have written about Handala.
BREAKING: FBI, international cops take down SocksEscort, a residential proxy service used by criminals to compromise hundreds of thousands of routers worldwide. FBI Deputy Assistant Director Jason Bilnoski spoke exclusively to @theregister.com about the disruption.
It's good to be back with @theregister.com Kettle! Give us a listen and subscribe on Apple podcasts, Spotify, whatever podcast platform you like.
Researchers at red-team security startup CodeWall told us their AI agent hacked McKinsey's internal AI platform and gained full read and write access to the chatbot in just two hours. www.theregister.com/2026/03/09/m...
ShinyHunters told me via @theregister.com that the extorion crew has stolen data from about 100 high-profile companies in its latest Salesforce customer data heist, including Salesforce itself.
A developer says their company is on the hook for more than $82,000 in unauthorized charges after a stolen Google Gemini API key racked massive usage costs up in just 48 hours.
Thinking back to Ben Franklin, we saw society moving in the right direction for the last 500 years because of our commitment to science, human rights, etc., and that seems to be at the very least slowing down, if not reversing,” Jake Braun told me via The Register.
Two US residents have sued several Homeland Security agencies and officials, including Secretary Kristi Noem, for allegedly using surveillance tools to harass them, branding them as "domestic terrorists," and even showing up at their homes based on license-plate recognition.
BREAKING: Adidas has confirmed it is investigating a third-party breach at one of its partner companies after digital thieves claimed they stole information and technical data from the German sportswear giant.
agreed
CarGurus allegedly suffered a data breach with 1.7 million corporate records stolen, according to a notorious cybercrime crew that posted the online vehicle marketplace on its leak site on Wednesday.
Your supervisor may like using employee monitoring apps to keep tabs on you, but crims like the snooping software even more. Threat actors are now using legit bossware to blend into corporate networks and attempt ransomware deployment.
HT: @huntress.com security operations analyst Michael Tigges
EXCLUSIVE: I spoke with Binary Defense lead threat hunter John Dwyer about a new type of payroll scam where attackers call the help desk, force an MFA token reset, and use the org's own VDI to access HR platforms and reroute paychecks. As John told me: "Every employee on earth becomes a target."
