Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture that could pave the way for remote code execution and have a cascading effect on the artificial intelligence (AI) supply chain. "This flaw enables Arbitrary Command Execution (RCE) on any system running a vulnerable MCP implementation, granting attackers direct access to

iT4iNT SERVER Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain VDS VPS Cloud #Cybersecurity #AI #RemoteCodeExecution #MCPVulnerability #ArtificialIntelligence

Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems Cybersecurity researchers have flagged a new malware called ZionSiphon that appears to be specifically designed to target Israeli water treatment and desalination systems. The malware has been codenamed ZionSiphon by Darktrace, highlighting its ability to set up persistence, tamper with local configuration files, and scan for operational technology (OT)-relevant services on the local subnet.

iT4iNT SERVER Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems VDS VPS Cloud #CyberSecurity #Malware #ZionSiphon #IsraeliWaterSystems #Desalination

Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to "certain" internal Vercel systems. The incident stemmed from the compromise of Context.ai, a third-party artificial intelligence (AI) tool, that was used by an employee at the company. "The attacker used that access to take over the employee's Vercel Google Workspace account,

iT4iNT SERVER Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials VDS VPS Cloud #VercelBreach #CyberSecurity #DataProtection #AIBreach #InfoSec

$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it's suspending operations after it blamed Western intelligence agencies for a $13.74 million hack. The exchange said it fell victim to what it described as a large-scale cyber attack that bore hallmarks of foreign intelligence agency involvement. This attack led to the theft of over 1

iT4iNT SERVER $13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims VDS VPS Cloud #CyberSecurity #Cryptocurrency #Grinex #Hacking #CryptoNews

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires GitHub sign-in), RedSun, and UnDefend, all of which were released as zero-days by a researcher known as Chaotic Eclipse (

iT4iNT SERVER Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched VDS VPS Cloud #MicrosoftDefender #CyberSecurity #ZeroDay #Vulnerability #Malware

Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic Cybersecurity researchers have warned of an active malicious campaign that's targeting the workforce in the Czech Republic with a previously undocumented botnet dubbed PowMix since at least December 2025. "PowMix employs randomized command-and-control (C2) beaconing intervals, rather than persistent connection to the C2 server, to evade the network signature detections," Cisco Talos

iT4iNT SERVER Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic VDS VPS Cloud #Cybersecurity #Botnet #CzechRepublic #PowMix #C2Traffic

ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories You know that feeling when you open your feed on a Thursday morning and it's just... a lot? Yeah. This week delivered. We've got hackers getting creative in ways that are almost impressive if you ignore the whole "crime" part, ancient vulnerabilities somehow still ruining people's days, and enough supply chain drama to fill a season of television nobody asked for. Not all bad though. Some 

iT4iNT SERVER ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories VDS VPS Cloud #CyberSecurity #Hacking #ZeroDay #Ransomware #SupplyChainAttack

[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching. For every employee in your org, there are 40 to 50 automated credentials: service accounts, API tokens, AI agent connections, andOAuth grants. When projects end or employees leave, most

iT4iNT SERVER [Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment VDS VPS Cloud #Webinar #CyberSecurity #CloudSecurity #API #IdentityManagement

n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails. "By leveraging trusted infrastructure, these attackers bypass traditional security filters, turning productivity tools into delivery

iT4iNT SERVER n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails VDS VPS Cloud #n8n #Phishing #Malware #CyberSecurity #AI

Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is CVE-2026-33032 (CVSS score: 9.8), an authentication bypass vulnerability that enables threat actors to seize control of the Nginx service. It has been codenamed MCPwn by Pluto Security. "

iT4iNT SERVER Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover VDS VPS Cloud #Nginx #CyberSecurity #CVE2026 #MCPwn #Vulnerability

Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities Microsoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability that has been actively exploited in the wild. Of these 169 vulnerabilities, 157 are rated Important, eight are rated Critical, three are rated Moderate, and one is rated Low in severity. Ninety-three of the flaws are

iT4iNT SERVER Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities VDS VPS Cloud #Microsoft #SecurityPatches #Vulnerability #CyberSecurity #InfoSec

Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security Google has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware as part of its ongoing efforts to beef up the security of Pixel devices and push memory-safe code at a more foundational level. "The new Rust-based DNS parser significantly reduces our security risk by mitigating an entire class of vulnerabilities in a risky area, while also laying

iT4iNT SERVER Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security VDS VPS Cloud #Google #Rust #DNS #Pixel10 #CyberSecurity

Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report) OX Security recently analyzed 216 million security findings across 250 organizations over a 90-day period. The primary takeaway: while raw alert volume grew by 52% year-over-year, prioritized critical risk grew by nearly 400%. The surge in AI-assisted development is creating a "velocity gap" where the density of high-impact vulnerabilities is scaling faster than

iT4iNT SERVER Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report) VDS VPS Cloud #CyberSecurity #DataAnalysis #AI #VulnerabilityManagement #RiskAssessment

ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0520 (aka CNVD-2020-26585), which carries a CVSS score of 9.4 out of 10.0. It relates to a case of unrestricted file upload that stems from improper validation of

iT4iNT SERVER ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers VDS VPS Cloud #ShowDoc #CVE2025 #RCEFlaw #CyberSecurity #Vulnerability

⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More Monday is back, and the weekend’s backlog of chaos is officially hitting the fan. We are tracking a critical zero-day that has been quietly living in your PDFs for months, plus some aggressive state-sponsored meddling in infrastructure that is finally coming to light. It is one of those mornings where the gap between a quiet shift and a full-blown incident response is basically

iT4iNT SERVER ⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More VDS VPS Cloud #CyberSecurity #ZeroDay #VulnerabilityHunting #AI #HackerNews

North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends on the social media platform, turning the trust-building exercise into a delivery channel for a remote access trojan called RokRAT. "The threat actor used two Facebook

iT4iNT SERVER North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware VDS VPS Cloud #NorthKorea #APT37 #RokRAT #CyberSecurity #Malware

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident OpenAI revealed a GitHub Actions workflow used to sign its macOS apps, which downloaded the malicious Axios library on March 31, but noted that no user data or internal system was compromised. "Out of an abundance of caution, we are taking steps to protect the process that certifies our macOS applications are legitimate OpenAI apps," OpenAI said in a post last week. "We found

iT4iNT SERVER OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident VDS VPS Cloud #OpenAI #macOS #SupplyChainAttack #Cybersecurity #SoftwareSecurity

CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads Unknown threat actors compromised CPUID ("cpuid[.]com"), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and deploy a remote access trojan called STX RAT. The incident lasted from approximately April 9, 15:00 UTC, to about April 10, 10:00 UTC, with

iT4iNT SERVER CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads VDS VPS Cloud #CyberSecurity #MalwareAlert #STXRAT #CPUIDBreach #Trojan

Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data Hungarian domestic intelligence, the national police in El Salvador, and several U.S. law enforcement and police departments have been attributed to the use of an advertising-based global geolocation surveillance system called Webloc. The tool was developed by Israeli company Cobwebs Technologies and is now sold by its successor Penlink after the two firms merged in July 2023

iT4iNT SERVER Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data VDS VPS Cloud #Privacy #Surveillance #LawEnforcement #DataPrivacy #AdTech

GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily infect all integrated development environments (IDEs) on a developer's machine. The technique has been discovered in an Open VSX extension named "specstudio.code-wakatime-activity-tracker," which masquerades as WakaTime, a

iT4iNT SERVER GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs VDS VPS Cloud #Cybersecurity #GlassWorm #DataProtection #Hackers #Malware

UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental organizations (NGOs) and suspected universities to deploy a new Lua-based malware called LucidRook. "LucidRook is a sophisticated stager that embeds a Lua interpreter and Rust-compiled libraries within a dynamic-link library (DLL) to download and

iT4iNT SERVER UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns VDS VPS Cloud #CyberSecurity #Malware #Phishing #Taiwan #NGOs

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories Thursday. Another week, another batch of things that probably should've been caught sooner but weren't. This one's got some range — old vulnerabilities getting new life, a few "why was that even possible" moments, attackers leaning on platforms and tools you'd normally trust without thinking twice. Quiet escalations more than loud zero-days, but the kind that matter more in

iT4iNT SERVER ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories VDS VPS Cloud #Cybersecurity #Botnets #RCE #AIattacks #ThreatsDay

The Hidden Security Risks of Shadow AI in Enterprises As AI tools become more accessible, employees are adopting them without formal approval from IT and security teams. While these tools may boost productivity, automate tasks, or fill gaps in existing workflows, they also operate outside the visibility of security teams, bypassing controls and creating new blind spots in what is known as shadow AI. While similar to the phenomenon of

iT4iNT SERVER The Hidden Security Risks of Shadow AI in Enterprises VDS VPS Cloud #ShadowAI #CyberSecurity #DataProtection #AIrisks #EnterpriseSecurity

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP) The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems.  The result is Identity Dark Matter: identity activity that sits outside the visibility of centralized IAM and

iT4iNT SERVER Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP) VDS VPS Cloud #IAM #CyberSecurity #IdentityManagement #DataProtection #RiskManagement

Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems Artificial Intelligence (AI) company Anthropic announced a new cybersecurity initiative called Project Glasswing that will use a preview version of its new frontier model, Claude Mythos, to find and address security vulnerabilities. The model will be used by a small set of organizations, including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike,&

iT4iNT SERVER Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems VDS VPS Cloud #ArtificialIntelligence #Cybersecurity #ZeroDay #ProjectGlasswing #ClaudeMythos

Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs Iran-affiliated cyber actors are targeting internet-facing operational technology (OT) devices across critical infrastructures in the U.S., including programmable logic controllers (PLCs), cybersecurity and intelligence agencies warned Tuesday. "These attacks have led to diminished PLC functionality, manipulation of display data and, in some cases, operational disruption and financial

iT4iNT SERVER Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs VDS VPS Cloud #CyberSecurity #Hacking #CriticalInfrastructure #IranCyberThreats #OTSecurity

New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips New academic research has identified multiple RowHammer attacks against high-performance graphics processing units (GPUs) that could be exploited to escalate privileges and, in some cases, even take full control of a host. The efforts have been codenamed GPUBreach, GDDRHammer, and GeForge. GPUBreach goes a step further than GPUHammer, demonstrating for the first time that

iT4iNT SERVER New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips VDS VPS Cloud #GPUBreach #CyberSecurity #RowHammer #DataProtection #AIThreats

China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate "high-velocity" attacks and break into susceptible internet-facing systems. "The threat actor's high operational tempo and proficiency in identifying exposed perimeter assets have proven successful, with recent

iT4iNT SERVER China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware VDS VPS Cloud #CyberSecurity #Ransomware #MedusaRansomware #ZeroDayExploits #Vulnerabilities

Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations An Iran-nexus threat actor is suspected to be behind a password-spraying campaign targeting Microsoft 365 environments in Israel and the U.A.E. amid ongoing conflict in the Middle East. The activity, assessed to be ongoing, was carried out in three distinct attack waves that took place on March 3, March 13, and March 23, 2026, per Check Point. "The campaign is primarily

iT4iNT SERVER Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations VDS VPS Cloud #CyberSecurity #IranThreat #Microsoft365 #IsraelCyberAttack #PasswordSpraying

Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools Threat actors associated with Qilin and Warlock ransomware operations have been observed using the bring your own vulnerable driver (BYOVD) technique to silence security tools running on compromised hosts, according to findings from Cisco Talos and Trend Micro. Qilin attacks analyzed by Talos have been found to deploy a malicious DLL named "msimg32.dll,"

iT4iNT SERVER Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools VDS VPS Cloud #Ransomware #CyberSecurity #EDR #ThreatHunting #Malware