Cloud Security Alliance, News

MCP, OAuth 2.1, PKCE, and the Future of AI Authorization

Posted on by [email protected]
Originally published by Aembit.

Written by Kevin Sapp.

 

How the MCP Authorization Spec reshapes security for LLM-powered autonomous agents.

 

Agentic AI systems – where large language models (LLMs) power autonomous, goal-driven agents – are rapidly transitioning from experimental prototypes to production-ready services. These agents read databases, trigger API calls, write to Software-as-a-Service (SaaS) platforms, and stitch together workflows across systems that weren’t…

Continue reading
Hacker News, News

Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware

Posted on by [email protected]
A financially motivated threat actor has been observed exploiting a recently disclosed remote code execution flaw affecting the Craft Content Management System (CMS) to deploy multiple payloads, including a cryptocurrency miner, a loader dubbed Mimo Loader, and residential proxyware.
The vulnerability in question is CVE-2025-32432, a maximum severity flaw in Craft CMS that was patched in
Continue reading
Hacker News, News

How ‘Browser-in-the-Middle’ Attacks Steal Sessions in Seconds

Posted on by [email protected]
Would you expect an end user to log on to a cybercriminal’s computer, open their browser, and type in their usernames and passwords? Hopefully not! But that’s essentially what happens if they fall victim to a Browser-in-the-Middle (BitM) attack.
Like Man-in-the-Middle (MitM) attacks, BiTM sees criminals look to control the data flow between the victim’s computer and the target service, as
Continue reading
Hacker News, News

251 Amazon-Hosted IPs Used in Exploit Scan Targeting ColdFusion, Struts, and Elasticsearch

Posted on by [email protected]
Cybersecurity researchers have disclosed details of a coordinated cloud-based scanning activity that targeted 75 distinct “exposure points” earlier this month.
The activity, observed by GreyNoise on May 8, 2025, involved as many as 251 malicious IP addresses that are all geolocated to Japan and hosted by Amazon.
“These IPs triggered 75 distinct behaviors, including CVE exploits,
Continue reading
Hacker News, News

Apple Blocks $9 Billion in Fraud Over 5 Years Amid Rising App Store Threats

Posted on by [email protected]
Apple on Tuesday revealed that it prevented over $9 billion in fraudulent transactions in the last five years, including more than $2 billion in 2024 alone.
The company said the App Store is confronted by a wide range of threats that seek to defraud users in various ways, ranging from “deceptive apps designed to steal personal information to fraudulent payment schemes that attempt to exploit
Continue reading
This site uses cookies to offer you a better browsing experience. By browsing this website, you agree to our use of cookies. Click More Info to view Privacy Policy.
More info Accept