Go hack more MCP shit.
Unit 42
New Prompt Injection Attack Vectors Through MCP Sampling
Model Context Protocol connects LLM apps to external data sources or tools. We examine its security implications through various attack vectors.
RE:
Infosec Exchange
myron aub (@h2onolan@infosec.exchange)
Absolutely not. Terrible idea.
 Agreed. But a terrible idea does sound fun... :brdThink: View quoted note β†’
RE: https://infosec.exchange/@cR0w/115663720460315600 Still nothing from Cisco... View quoted note β†’
Cisco published a placeholder advisory for the React vuln CVE-2025-55182. They have not finished analyzing any of their products yet so impact has not been determined.
Remote Code Execution Vulnerability in React and Next.js Frameworks: December 2025
On December 3, 2025, the React team released a security advisory regarding a vulnerability, CVE-2025-55182, in the React server that could allow an...
UAF in ImageMagick.
GitHub
[Security] Use-after-free/double-free risk in Options::fontFamily when clearing family
We believe that we have discovered a potential security vulnerability in ImageMagick’s Magick++ layer that manifests when `Options::fontFamily` i...
A hearty middle finger ( and not in the fun way ) to vendors who still use the passive aggressive language in their advisories like "$vulnerableVendor would like to thank $researcher for reporting this vulnerability under responsible disclosure." Especially when you see that it was left vulnerable for a year or two before customers were even made available. Seems pretty irresponsible to me when the fix would be pushed sooner with full disclosure, but what do I know?
Security product vulns are maddening but will also never not be funny to me. > Heap-based Buffer Overflow, Out-of-bounds Write vulnerability in Avast Antivirus on MacOS of a crafted Mach-O file may allow Local Execution of Code or Denial of Service of antivirus protection.\nThis issue affects Antivirus: from 15.7 before 3.9.2025. https://www.cve.org/CVERecord?id=CVE-2025-10101