Aggregator

A few months ago I was looking at the filesystem MCP server from Anthropic.

The server allows to give an AI, like Claude Desktop, access to the local filesystem to read files or edit them and so forth.

I was curious about access control and in the documentation there is a configuration setting to set allowedDirectories, which the AI should be allowed access to:

As you can see the example shows two folders being allowlisted for access.

A critical vulnerability has been discovered in the Cursor source code editor, an AI-powered tool designed to assist programmers. The flaw, identified as CVE-2025-54135 and dubbed CurXecute, affects nearly all versions of the IDE...

The post Critical Flaw in Cursor AI: Prompt Injection Allows Remote Code Execution appeared first on Penetration Testing Tools.

I've listened to a few industry podcasts discussing the Tea app breach since recording, and the thing that really struck me was the lack of discussion around the privacy implications of the service before the breach. Here was a tool where people were non-consensually uploading photos of others

Since mid-July, a surge in ransomware attacks leveraging the Akira strain has been observed, specifically targeting SonicWall devices. According to cybersecurity firm Arctic Wolf, threat actors have been actively exploiting SSL VPN connections on...

The post New Akira Ransomware Wave Hits SonicWall Devices, Zero-Day Vulnerability Suspected appeared first on Penetration Testing Tools.

Email protection mechanisms, originally conceived as a bulwark against malicious links, have ironically become unwitting allies to cybercriminals. Researchers have uncovered a troubling trend: threat actors are increasingly exploiting “link wrappers” provided by platforms...

The post Phishing Attacks Weaponize Security Tools by Abusing Proofpoint & Intermedia Link Wrapping appeared first on Penetration Testing Tools.

Choosing the right dark web monitoring tool is a critical decision for both individuals and organizations seeking to protect their digital assets and identity. With the dark web serving as a hub for illegal data trading, from leaked credentials to intellectual property, a robust monitoring solution is essential for proactive defense. The best tool for […]

The post 10 Best Dark Web Monitoring Tools in 2025 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In the autumn of 2024, the InfoSect bug hunting team prepared a remote code execution attack targeting the Synology TC500 IP camera for entry in the Pwn2Own Ireland competition. The exploitation hinged on a...

The post The Pwn2Own Exploit That Never Was: A Format String Flaw in Synology IP Cameras Allowed Remote Code Execution appeared first on Penetration Testing Tools.