CVE-2025-54135, CVE-2025-54136: Frequently Asked Questions About Vulnerabilities in Cursor IDE (CurXecute and MCPoison)
Researchers have disclosed two vulnerabilities in Cursor, the popular AI-assisted code editor, that impact its handling of model context protocol (MCP) servers, which could be used to gain code execution on vulnerable systems....
The White House AI Action Plan: A Critical Opportunity to Secure the Future
AI without built-in cybersecurity remains a liability. The AI Action Plan presents a pivotal opportunity to get this right by emphasizing a secure-by-design approach....
網路安全快照: AI Security Trails AI Usage, Putting Data at Risk, IBM Warns, as OWASP Tackles Agentic AI App Security
Check out fresh insights on AI data security from IBM’s “Cost of a Data Breach Report 2025.” Plus, OWASP issues guide on securing Agentic AI apps. In addition, find out how to protect your org against the Scattered Spider cyber crime group. And get the latest on zero-trust microsegmentation; contain...
網路安全快照: SharePoint Attacks Trigger Urgent Patching Calls, While U.S. Gov’t Unveils AI Innovation Plan
Check out the latest on attackers’ cyber siege of SharePoint servers. Plus, the White House releases plan to spur AI innovation. In addition, CISA alerts orgs about Interlock ransomware. And get the latest on Q2's top malware; ransomware trends; and credentialed scanning....
Tackling Shadow AI in Cloud Workloads
As enterprise adoption of cloud AI systems balloons, protecting them has become a priority for cybersecurity teams. Shadow AI – the rampant, unsanctioned use of AI apps and services – has emerged as a particularly critical threat. Here we outline two best practices that can help you combat shadow AI...
網路安全快照: AI Security Tools Embraced by Cyber Teams, Survey Finds, as Vulnerability Research Gets a Boost from UK Cyber Agency
Check out why AI security tools are turning into “must have” assets for cyber teams. Plus, get the details on the NCSC’s efforts to supercharge its bug hunting capabilities. Meanwhile, Tenable webinar attendees shared their experience securing machine identities. And get the latest on the crypto cri...
網路安全快照: AI Security Field Gets Boost from New CSA Framework and from SANS - OWASP Partnership
Check out a new Cloud Security Alliance framework for securing AI systems. Plus, SANS Institute and OWASP are joining forces to deliver AI security controls. Meanwhile, Accenture finds orgs unprepared to counter AI-powered cyber attacks. And get the latest on the Iran cyber threat, SMB cyber defense...
Tenable Research 如何发现 Anthropic MCP Inspector 上的一个严重远程代码执行漏洞
Tenable Research recently discovered a critical vulnerability impacting Anthropic's MCP Inspector tool, a core element of the MCP ecosystem. In this blog, we provide details on how we discovered the vulnerability in this widely used open-source tool — and what users can do about it.....
AI Security:Web 缺陷在快速使用 MCP 服务器时重现
In the rush to implement AI tools and services, developers are rapidly embracing the Model Context Protocol (MCP). In the process, classic vulnerabilities are resurfacing and new ones are being introduced. In this blog, we outline key areas of concern and how Tenable Web App Scanning can help....
網路安全快照: Expert Advice for Boosting AI Security
With businesses going gaga for artificial intelligence, securing AI systems has become a key priority and a top challenge for cybersecurity teams, as they scramble to master this emerging and evolving field. In this special edition of the Cybersecurity Snapshot, we highlight some of the best practic...
網路安全快照: Tenable Report Spotlights Cloud Exposures, as Google Catches Pro-Russia Hackers Impersonating Feds
Check out highlights from Tenable’s “2025 Cloud Security Risk Report,” which delves into the critical risk from insecure cloud configurations. Plus, Google reveals a Russia-sponsored social engineering campaign that targeted prominent academics’ Gmail accounts. And get the latest on AI system securi...
網路安全快照: NIST 发布零信任实施建议,OpenAI 披露 ChatGPT 滥用事件
Check out NIST best practices for adopting a zero trust architecture. Plus, learn how OpenAI disrupted various attempts to abuse ChatGPT. In addition, find out what Tenable webinar attendees said about their exposure management experiences. And get the latest on cyber crime trends, a new cybersecuri...