Cybersecurity researchers have discovered a critical vulnerability in the open-source mcp-remote project that could result in the execution of arbitrary operating system (OS) commands.
The vulnerability, tracked as CVE-2025-6514, carries a CVSS score of 9.6 out of 10.0.
“The vulnerability allows attackers to trigger arbitrary OS command execution on the machine running mcp-remote when it

CISA released thirteen Industrial Control Systems (ICS) advisories on July 10, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-191-01 Siemens SINEC NMS
• ICSA-25-191-02 Siemens Solid Edge
• ICSA-25-191-03 Siemens TIA Administrator
• ICSA-25-191-04 Siemens SIMATIC CN 4100
• ICSA-25-191-05 Siemens TIA Project-Server and TIA Portal
• ICSA-25-191-06 Siemens SIPROTEC 5
• ICSA-25-191-07 Delta Electronics DTM Soft
• ICSA-25-191-08 Advantech iView
• ICSA-25-191-09 KUNBUS RevPi Webstatus
• ICSA-25-191-10 End-of-Train and Head-of-Train Remote Linking Protocol
   
• ICSA-25-121-01 KUNBUS GmbH Revolution Pi (Update A)
• ICSA-25-135-19 ECOVACS DEEBOT Vacuum and Base Station (Update A)
• ICSA-24-263-02 IDEC Products (Update A)

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

‘Man of Steel,’ ‘Superman Returns,’ ‘Justice League,’ and the new James Gunn film: where do they all rank?

A third of kissing bugs collected across the state carried Trypanosoma cruzi, new research finds.

Hot Toys is turning his ‘Last of Us’ character, Joel Miller, into a collectible. Golf club not included.

A new study on the structure of ice formed in space overturns a decades-long consensus in astronomy.

Performance improvements and a new health check feature.

Cryptocurrency users are the target of an ongoing social engineering campaign that employs fake startup companies to trick users into downloading malware that can drain digital assets from both Windows and macOS systems.
“These malicious operations impersonate AI, gaming, and Web3 firms using spoofed social media accounts and project documentation hosted on legitimate platforms like Notion and

‘Revenge’ star Matilda Lutz dons chain-mail-clad armor and kicks a lot of ass on a quest to prevent tyrants from bleeding the Earth.

Now it’s time to build systems that attackers can’t reroute with a phone call.