Ancient telnet bug happily hands out root to attackers
Critical vuln flew under the radar for a decade A recently disclosed critical vulnerability in the GNU InetUtils telnet daemon (telnetd) is “trivial” to exploit, experts say.… READ MORE HERE…
The Register
Davos discussion mulls how to keep AI agents from running wild
Where the shiny new FOMO object collides with insider-threat reality AI agents arrived in Davos this week with the question of how to secure them – and prevent agents from becoming the ultimate insider threat – taking center stage during a panel discussion on cyber threats.… READ MORE HERE…
Ireland wants to give its cops spyware, ability to crack encrypted messages
Its very own Snooper’s Charter comes a month after proposed biometric tech expansion The Irish government is planning to bolster its police’s ability to intercept communications, including encrypted messages, and provide a legal basis for spyware use.… READ MORE HERE…
Cloudflare whacks WAF bypass bug that opened side door for attackers
ACME validation had a challenge-request hole Cloudflare has fixed a flaw in its web application firewall (WAF) that allowed attackers to bypass security rules and directly access origin servers, which could lead to data theft or full server takeover.… READ MORE HERE…
Anthropic quietly fixed flaws in its Git MCP server that allowed for remote code execution
Prompt injection for the win Anthropic has fixed three bugs in its official Git MCP server that researchers say can be chained with other MCP tools to remotely execute malicious code or overwrite files via prompt injection.… READ MORE HERE…
Broker who sold malware to the FBI set for sentencing
Feras Albashiti faces 10 years after $20,000 in sales to undercover agent exposed ransomware ties A Jordanian national faces sentencing in the US after pleading guilty to acting as an initial access broker (IAB) for various cyberattacks.… READ MORE HERE…
Ingram Micro admits summer ransomware raid exposed thousands of staff records
Maine filing confirms July attack affected 42,521 employees and job applicants Ingram Micro disclosed that a July 2025 ransomware attack compromised the personal data of tens of thousands of employees.… READ MORE HERE…
Mandiant releases quick credential cracker, to hasten the death of a bad protocol
PLUS: Navy spy sent to brig for 200 months in brig; Black Axe busted again; Bill aims to crimp ICE apps; and more Infosec In Brief PLUS: Google’s security outfit Mandiant last week released tools that can crack credentials in 12 hours, in the hope that doing so will accelerate the death of an ancient Microsoft security protocol.… READ MORE HERE…
Fast Pair, loose security: Bluetooth accessories open to silent hijack
Sloppy implementation of Google spec leaves ‘hundreds of millions’ of devices vulnerable Hundreds of millions of wireless earbuds, headphones, and speakers are vulnerable to silent hijacking due to a flaw in Google’s Fast Pair system that allows attackers to seize control without the owner ever touching the pairing button.… READ MORE HERE…
Sorry Dave, I’m afraid I can’t do that! PCs refuse to shut down after Microsoft patch
Microsoft claims it’s a Secure Launch bug We’re not saying Copilot has become sentient and decided it doesn’t want to lose consciousness. But if it did, it would create Microsoft’s January Patch Tuesday update, which has made it so that some PCs flat-out refuse to shut down or hibernate, no matter how many times you try.… READ MORE HERE…