Tag
#ios
Palo Alto, California, 30th June 2025, CyberNewsWire
We've seen several spikes in Android threats since the start of 2025. Here's how to protect yourself.
Plus: US feds charge alleged masterminds behind infamous forum, Scattered Spider targets airlines, and hackers open a valve at a Norwegian dam.
Cybercriminals use malicious AI models to write malware and phishing scams Cisco Talos warns of rising threats from uncensored and custom AI tools.
An invitation to sign a DocuSign document went through mysterious ways and a way-too-easy Captcha to fingerprint the target.
# Command Injection in MCP Server The MCP Server at https://github.com/joshuayoes/ios-simulator-mcp/ is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. ## Vulnerable tool The MCP Server exposes the tool `ui_tap` which relies on Node.js child process API `exec` which is an unsafe and vulnerable API if concatenated with untrusted user input. LLM exposed user input for `duration`, `udid`, and `x` and `y` args can be replaced with shell meta-characters like `;` or `&&` or others to change the behavior from running the expected command `idb` to another command. Vulnerable line of code: https://github.com/joshuayoes/ios-simulator-mcp/blob/main/src/index.ts#L166-L207 ```js server.tool( "ui_tap", "Tap on the screen in the iOS Simulator", { duration: z.string().optional().describe("Press duration"), udid: z .string() .optional() .describe("...
ZURICH, Switzerland – Zurich-based automation platform Flowable has been recognized as a Representative Vendor in the Gartner newly released…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added three security flaws, each impacting AMI MegaRAC, D-Link DIR-859 router, and Fortinet FortiOS, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2024-54085 (CVSS score: 10.0) - An authentication bypass by spoofing
Records of hundreds of emergency calls from ICE detention centers obtained by WIRED—including audio recordings—show a system inundated by life-threatening incidents, delayed treatment, and overcrowding.
As attackers continue to evolve, Microsoft is committed to staying ahead by not only responding to vulnerabilities, but also by anticipating and mitigating entire classes of threats. One such threat, filesystem redirection attacks, has been a persistent vector for privilege escalation. In response, we’ve developed and deployed a new mitigation in Windows 11 called RedirectionGuard.