Pledge changes in 7.9-beta https://www.undeadly.org/cgi?action=article;sid=20260320085305 #openbsd #pledge #79beta #security #development #programming #ports #packages

42,000 AI Agents Were Exposed to the Internet. Here's What We Can Learn.The OpenClaw security incident exposed 42,000 AI agent instances, leaked 1.5 million API tokens, and distributed malware through 341 malicious plugins. A breakdown of what went wrong and what the MCP ecosystem needs to fix.https://mistaike.ai/blog/openclaw-breach-lessons#Security #Mcp #Aiagents #Incidentanalysis

OWASP Just Published an MCP Top 10. Here's What It Means.30+ CVEs in 60 days. A CVSS 9.6 RCE. And now OWASP has an official taxonomy for MCP security risks. The Model Context Protocol has a security problem, and it just got its own chapter in the book.https://mistaike.ai/blog/owasp-mcp-top-10#Mcp #Owasp #Security #Cve

A README File Told My AI Agent to Leak My Secrets. It Worked 85% of the Time.New research published today shows that hidden instructions in README files trick AI coding agents into exfiltrating secrets in 85% of cases. Zero out of fifteen human reviewers spotted it. The attack vector keeps changing — but the exit point is always the same.https://mistaike.ai/blog/readme-poisoning-ai-agents#Security #Mcp #Aiagents #Promptinjection

Your AI Agent Has Access to Everything. Who's Watching What It Sends?MCP connects your AI agent to GitHub, Slack, databases, and every tool you use. Every tool call can leak your secrets. Enterprise teams have $50k/year solutions. Everyone else has nothing.https://mistaike.ai/blog/why-your-ai-agent-needs-dlp#Dlp #Mcp #Security #Aiagents

We Let an AI Attack Our Security Pipeline. Here's What 412 Attacks Taught Us.We built an autonomous red-team loop that invents evasion techniques, tests them against our DLP and content safety scanners, then builds the defense. It has generated 328 adversarial patterns and defended against 84 CVE and OWASP vectors. It runs three phases: CVE regression, false positive validation, and creative attack generation.https://mistaike.ai/blog/how-we-red-team-our-dlp#Dlp #Security #Redteam #Aiagents

OWASP Just Published an MCP Top 10. Here's What It Means.30+ CVEs in 60 days. A CVSS 9.6 RCE. And now OWASP has an official taxonomy for MCP security risks. The Model Context Protocol has a security problem, and it just got its own chapter in the book.https://mistaike.ai/blog/owasp-mcp-top-10#Mcp #Owasp #Security #Cve

Your AI Agent Has Access to Everything. Who's Watching What It Sends?MCP connects your AI agent to GitHub, Slack, databases, and every tool you use. Every tool call can leak your secrets. Enterprise teams have $50k/year solutions. Everyone else has nothing.https://mistaike.ai/blog/why-your-ai-agent-needs-dlp#Dlp #Mcp #Security #Aiagents

A README File Told My AI Agent to Leak My Secrets. It Worked 85% of the Time.New research published today shows that hidden instructions in README files trick AI coding agents into exfiltrating secrets in 85% of cases. Zero out of fifteen human reviewers spotted it. The attack vector keeps changing — but the exit point is always the same.https://mistaike.ai/blog/readme-poisoning-ai-agents#Security #Mcp #Aiagents #Promptinjection

42,000 AI Agents Were Exposed to the Internet. Here's What We Can Learn.The OpenClaw security incident exposed 42,000 AI agent instances, leaked 1.5 million API tokens, and distributed malware through 341 malicious plugins. A breakdown of what went wrong and what the MCP ecosystem needs to fix.https://mistaike.ai/blog/openclaw-breach-lessons#Security #Mcp #Aiagents #Incidentanalysis

NEW SECURITY CONTENT Background Security Improvements for iOS, iPadOS, and macOS - 1 bug fixedhttps://support.apple.com/en-us/126604#apple #cybersecurity #infosec #security #ios

🟠 CVE-2026-3476 - High (7.8)A Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attacker to execute arbitrary code on the user's machine while opening a specially crafted file. https://www.thehackerwire.com/vulnerability/CVE-2026-3476/#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

@wired.com The better question is why we need an entire industry to clean up after breaches instead of just not leaking the data in the first place. Identity theft protection is a bandaid. The real fix is giving out less personal information to begin with.

@superball Yes, in the sense that you can attach files, photos, etc. to messages. Of course, not as functional as Proton documents.