Security Boulevard

Redis Lua Code Execution Vulnerability (CVE-2025-49844) Notice

Overview Recently, NSFOCUS CERT detected that Redis issued a security bulletin and fixed the Redis Lua code execution vulnerability (CVE-2025-49844); Because Redis’s Lua script engine has a ...

MCP stacks have a 92% exploit probability: How 10 plugins became enterprise security's biggest blind spot

Ten MCP plugins are all attackers need to achieve a 92% exploit success rate, putting thousands of enterprise AI servers at immediate risk. CISOs and SOC leaders need to secure MCP now, before trivial ...

GitHub Copilot Chat turns blabbermouth with crafty prompt injection attack

Researcher Omer Mayraz of Legit Security disclosed a critical vulnerability, dubbed CamoLeak, that could be used to trick ...
SecurityWeek

GitHub Copilot Chat Flaw Leaked Data From Private Repositories

A vulnerability in the GitHub Copilot Chat AI assistant led to sensitive data leakage and full control over Copilot’s ...

RondoDox botnet targets 56 n-day flaws in worldwide attacks

A new large-scale botnet called RondoDox is targeting 56 vulnerabilities in more than 30 distinct devices, including flaws ...

Hacktivists target critical infrastructure, hit decoy plant

A pro-Russian hacktivist group called TwoNet pivoted in less than a year from launching distributed denial-of-service (DDoS) ...

AI models can acquire backdoors from surprisingly few malicious documents

That means someone tucking certain documents away inside training data could potentially manipulate how the LLM responds to prompts, although the finding comes with significant caveats. The research ...