The Hacker News

Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now

Cybersecurity company Imperva, which discovered and reported the problem in July 2025, described CVE-2025-53967 as a "design ...

MCP stacks have a 92% exploit probability: How 10 plugins became enterprise security's biggest blind spot

Ten MCP plugins are all attackers need to achieve a 92% exploit success rate, putting thousands of enterprise AI servers at immediate risk. CISOs and SOC leaders need to secure MCP now, before trivial ...
CSO Online

GitHub Copilot prompt injection flaw leaked sensitive data from private repos

Hidden comments in pull requests analyzed by Copilot Chat leaked AWS keys from users’ private repositories, demonstrating yet ...

Oracle links Clop extortion attacks to July 2025 vulnerabilities

Oracle has linked an ongoing extortion campaign claimed by the Clop ransomware gang to E-Business Suite (EBS) vulnerabilities that were patched in July 2025.
PCQuest on MSN

Inside Oracle's zero-day chaos: how Clop rewrote the ransomware rulebook

In August 2023 a zero day was dropped by one of the most functional ransomware gangs and wasand was unknown to most, including security researchers and journalists. CVE-2023-21839, a vulnerability in ...