cyber-security53.795 min read
RuView Edge System Maps Human Poses Through Walls Using WiFi
1 month ago•Source: CybersecurityNews
Cyber Security News
The latest cyber security stories, summarized by AI
Featured Cyber Security Stories
View original source
54.73 min•2 months ago
Zero-Click RCE in Claude Desktop Extensions Endangers 10k+ Users
Security researchers LayerX revealed a zero-click remote code execution flaw in Claude Desktop Extensions (DXT) that leverages the Model Context Protocol to chain untrusted data from Google Calendar into a privileged local executor. An attacker can trigger the payload via a malicious calendar event with no user interaction, potentially compromising the host with the user’s privileges. The issue affects over 10,000 active Claude users and more than 50 DXT extensions; Anthropic has reportedly not fixed it yet, citing the architecture of MCP autonomy. Mitigations include disconnecting high-privilege local extensions from untrusted data sources and awaiting a patch or architectural changes to MCP. This serves as a warning about the security risks of AI agents autonomously bridging data to local systems.
More Top Stories
2
U.S. Imposes Sanctions on Iranian Officials for Critical Cyber Attacks
The Hacker News•2 years ago
3
More Cyber Security Stories
"Air Travel Jokes: When In-Flight Humor Lands Passengers in Legal Trouble"
A teenager's Snapchat joke about blowing up a plane led to his arrest in Spain, raising concerns about the security of public WiFi networks at airports. Cyber security experts warn that unsecure public WiFi networks could be monitored by intelligence agencies, potentially compromising users' privacy. While some experts believe it is plausible for public WiFi sites to be monitored, others argue that incidents like this would be more common if WiFi was the issue. The teenager admitted to sending the joke in a private group and expressed regret, while his defense argues that his right to privacy was breached.