https://www.ipa.go.jp/jinzai/ics/core_human_resource/final_project/2025/Vulnerability-assessment.html

• https://discord.com/press-releases/update-on-security-incident-involving-third-party-customer-service
• https://www.youtube.com/watch?v=BAjaQjsfI9A

• https://www.npa.go.jp/publications/statistics/cybersecurity/data/R7kami/R07_kami_cyber_jyosei.pdf
• https://www.bbc.com/news/articles/cn4w0d8zz22o
• https://www.helpnetsecurity.com/2025/08/27/ai-security-map-linking-vulnerabilities-real-world-impact/
• https://www.darkreading.com/cloud-security/cloud-edge-new-attack-surface

• https://www.anthropic.com/news/detecting-countering-misuse-aug-2025
• https://github.com/nrwl/nx/security/advisories/GHSA-cxm3-wv7p-598c?s=31
• https://arcticwolf.com/resources/blog/wormable-malware-causing-supply-chain-compromise-of-npm-code-packages/

• https://www.securityweek.com/hackers-target-popular-nx-build-system-in-first-ai-weaponized-supply-chain-attack/
• https://www.wiz.io/blog/s1ngularitys-aftermath
• https://www.wiz.io/blog/s1ngularity-supply-chain-attack
• https://www.itnews.com.au/news/travel-esims-secretly-route-traffic-over-chinese-and-undisclosed-networks-study-619659
• https://cloud.google.com/blog/topics/threat-intelligence/data-theft-salesforce-instances-via-salesloft-drift

• https://futurism.com/hackers-trick-chatgpt-personal-data
• https://www.prnewswire.com/news-releases/zenity-labs-exposes-widespread-agentflayer-vulnerabilities-allowing-silent-hijacking-of-major-enterprise-ai-agents-circumventing-human-oversight-302523580.html
• https://gbhackers.com/nist-releases-new-control-overlays/#google_vignette

• https://github.com/microsoft/wassette
• https://thenewstack.io/python-exposes-phantom-dependencies-with-sbom-screening/
• https://thenewstack.io/experts-split-on-ai-reviewing-its-own-code-for-security/

• https://www.aim.security/lp/aim-labs-curxecute-blogpost
• https://support.microsoft.com/en-us/topic/external-workbook-links-to-blocked-file-types-will-be-disabled-by-default-6dd12903-0592-463d-9e68-0741cf62ee58
• https://isc.sans.edu/diary/32166

https://www.livescience.com/technology/artificial-intelligence/ai-hallucinates-more-frequently-as-it-gets-more-advanced-is-there-any-way-to-stop-it-from-happening-and-should-we-even-try

https://securelist.com/open-source-package-for-cursor-ai-turned-into-a-crypto-heist/116908/

https://www.theregister.com/2025/07/03/lets_encrypt_rolls_out_free/

https://cloud.google.com/blog/topics/threat-intelligence/voice-phishing-data-extortion?hl=en

- https://security.googleblog.com/2025/06/mitigating-prompt-injection-attacks.html

- https://blog.flatt.tech/entry/passkey_security?s=31

• https://security.googleblog.com/2025/06/mitigating-prompt-injection-attacks.html
• https://blog.flatt.tech/entry/prompt_injection

• Outlook comments abused to deliver malware
• Be Careful With Fake Zoom Client Downloads
• The Cost of a Call: From Voice Phishing to Data Extortion
• 日本を狙う新手のサイバー攻撃、空白の履歴書に要注意

1. 増大するサイバー攻撃の脅威に対応するための能動的サイバー防御の導入と法整備
2. サイバーセキュリティ能力向上のための主要な3つの柱（官民連携、通信情報利用、アクセス・無害化）

References:

• https://www.cas.go.jp/jp/seisaku/cyber_anzen_hosyo_torikumi/pdf/setsumei.pdf
• https://www.nikkei.com/article/DGXZQOUA1335S0T10C25A5000000/

• トランプ政権下の予算削減と非営利化
• トランプ政権下におけるサイバーセキュリティ予算削減の影響と非営利団体の台頭
• 米国サイバーセキュリティの変革期：予算削減と非営利イニシアチブの出現

https://www.cisa.gov/news-events/news/statement-matt-hartman-cve-program

近年におけるAI、特に大規模言語モデル（LLM）がソフトウェア開発やセキュリティ報告の分野に与えている影響、特にバグレポートに関連する課題と、その一方で示唆されるポテンシャルについての状況について取り上げます。

MCP サーバに対する具体的な攻撃手法を説明します。

また、MCPサーバの脆弱性を見つける MCPスキャナーを紹介します。