ITWire

From path traversal to supply chain compromise: breaking MCP server hosting

COMPANY NEWS: We found a path traversal vulnerability in Smithery.ai that compromised over 3,000 MCP servers and exposed thousands of API keys. Here's how a single Docker build bug nearly triggered ...
CSOonline

Mitel MiCollab VoIP authentication bypass opens new attack paths

Researchers released a proof-of-concept exploit for a path traversal flaw in the enterprise VoIP suite that, coupled with an arbitrary file read issue, can give attackers access to protected files, ...
CSOonline

CISA, FBI urge developers to patch path traversal bugs before shipping

US Cybersecurity Infrastructure and Security Agency (CISA) and the FBI have issued a joint advisory to developers, urging them to check for path traversal vulnerabilities before shipping a software.