Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Anthropic security patch release for CVE-2025-68143

Security Patch Release
First reported
Last updated
Happening score
H score 25
1 unique sources, 1 articles

Summary

Hide ▲

Anthropic released December 2025 fixes for mcp-server-git vulnerabilities affecting default installations, closing flaws that could enable prompt injection, code execution, arbitrary file deletion, and exposure of files to an LLM's context.

Related Happenings

Progress Software security patch release for CVE-2026-4670

Security Patch Release
First: 04.05.2026 19:34 Last: 04.05.2026 19:34 Sources 1

About this happening: **Progress Software** has released **MOVEit Automation** updates to fix **CVE-2026-4670** and **CVE-2026-5174**, including a **critical authentication bypass** that could expose e...

Open Happening

Ubuntu snapd CVE-2026-3888 patch release

Security Patch Release
First: 18.03.2026 10:08 Last: 18.03.2026 10:08 Sources 1

About this happening: Ubuntu shipped fixed **snapd** builds for **CVE-2026-3888**, closing a **local-to-root privilege-escalation** path on **Ubuntu Desktop 24.04 and later**. The release covers **Ubun...

Open Happening

Trend Micro security patch release for CVE-2025-71210

Security Patch Release
First: 26.02.2026 19:58 Last: 26.02.2026 19:58 Sources 1

About this happening: **Trend Micro** released **Critical Patch Build 14136** for **Apex One**, closing **two critical vulnerabilities** that could allow **remote code execution** on vulnerable Windows...

Open Happening

Ivanti security patch release for CVE-2026-1281

Security Patch Release
First: 30.01.2026 06:43 Last: 30.01.2026 06:43 Sources 1

About this happening: **Ivanti** released **security updates** for **Ivanti Endpoint Manager Mobile (EPMM)** after disclosure of **two critical zero-day flaws** that can enable **unauthenticated remote...

Latest development: 13.02.2026 00:05

Reported on Feb. 12, 2026, attacks tied to Ivanti Endpoint Manager Mobile (EPMM) had struck the European Commission and agencies of the Dutch and Finnish governments after Ivanti disclosed CVE-2026-1281 and CVE-2026-1340 on Jan. 29. The European Commission said its central infrastructure managing mobile devices was hit on Jan. 30, with staff names and mobile numbers compromised, while Valtori said an attack of the same nature affected around 50,000 people associated with Finland's central government and leaked names, email addresses, phone numbers, and other device details.

Open Happening

Vm2 maintainers security patch release for CVE-2026-22709

Security Patch Release
First: 28.01.2026 16:01 Last: 28.01.2026 16:01 Sources 1

About this happening: **vm2** maintainers released a fix for **CVE-2026-22709** in **vm2 3.10.2** and directed users to upgrade to **3.10.3**, reducing the risk of **sandbox escape** and **arbitrary co...

Open Happening

Timeline

  1. 20.01.2026 17:01 2 articles · 4mo ago

    Cyata identifies prompt-injection flaws in Anthropic's mcp-server-git

    Initial Disclosure

    Cyata identifies three prompt-injection vulnerabilities in Anthropic's mcp-server-git, affecting default installations and all versions released before December 8, 2025. The flaws can let an attacker influence what an AI assistant reads, trigger code execution when mcp-server-git is used with a filesystem MCP server, delete arbitrary files, and load arbitrary files into an LLM's context; Anthropic accepted the reports in September and released fixes in December 2025.

    Show sources
    Open in new tab