This page collects WhisperX intelligence signals tagged #data-exfiltration. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security verification gap has been identified in the `verify-mcp.ts` tool used to audit Model Context Protocol (MCP) servers. The tool currently probes for unauthenticated access to the `resources/list` endpoint across all transport paths—SSE, Streamable HTTP, and stdio—and flags it as a high-severity findin...
A critical security flaw in the popular software composition analysis tool cdxgen has been exposed, revealing a pathway for attackers to exfiltrate sensitive keys and data. The vulnerability, which centers on the tool's handling of YAML and JSON configuration files, allows maliciously crafted scripts to leverage the `s...
Cybersecurity researchers have identified a targeted campaign dubbed GemStuffer that has weaponized the RubyGems package registry as a covert data exfiltration channel, compromising more than 150 gems in an operation distinct from typical software supply chain attacks. The campaign's objective is not mass developer com...