Category: Uncategorized

Australia’s parliament has voted for sweeping gun law reforms and a crackdown on hate speech, a month after two attackers shot 15 people dead at a Jewish festival at Bondi Beach.

Both bills passed the House of Representatives and Senate at a special sitting late on Tuesday. The gun reform measures include a national gun buyback scheme and new checks on firearm licence applications.

Home Affairs Minister Tony Burke said the Bondi gunmen would not legally have had access to firearms if such a law had been in place prior to the attack, the country’s worst mass shooting in decades.

Governing Labor senators were backed on the anti-hate bill by Liberal lawmakers, whose coalition partners abstained.

After last month’s mass shooting, Prime Minister Anthony Albanese came under huge pressure for not having done enough to prevent the attack in the first place, amid growing fears of antisemitism in the Jewish community.

Politicians were recalled two weeks early to debate the legislation. Introducing the reforms, Burke said individuals with “hate in their hearts and guns in their hands” had carried out the 14 December attack.

The father in the father-son duo allegedly behind the attack legally owned six firearms, while his son had been on the radar of intelligence agencies.

The gun reform bill, which cleared the House of Representatives by 96 votes to 45, includes stricter firearm import controls and provisions to improve information sharing between intelligence agencies on people trying to obtain gun licences.

The buyback scheme will target “surplus and newly restricted firearms”, Burke said, reducing the country’s four million registered guns.

Burke added that it “comes as a shock to most Australians” to know that the country has more firearms that it did before the 1996 Port Arthur attack, in which a gunman killed 35 people in Tasmania.

That attack, the country’s worst mass shooting, had prompted the then government to introduce some of the world’s strictest gun controls. The new law will bring in some of the most significant changes to Australia’s guns laws since then.

The hate speech reforms had originally been included in an omnibus bill with the gun reforms but the government split the legislation last week after both the Liberal-National opposition coalition and the Greens said they would vote against.

While the Labor government has a comfortable majority in the lower house, it needs the support of other parties in the Senate.

Coalition MPs cited concerns about free speech and said the legislation was not clearly defined, among other things, while the Greens said they could not support it unless changes were made to protect all minorities and legitimate protest.

But on Tuesday, Liberals leader Sussan Ley, who last week said the bill was “unsalvageable”, said her party had reached agreement with the government on a watered-down version.

The Liberals had “stepped up to fix legislation” that the government had “mishandled”, she said in a statement, adding that the bill had been “narrowed, strengthened and properly focused on keeping Australians safe”.

The bill includes provisions that will ban groups deemed to spread hate and introduce tougher penalties for preachers who advocate violence. It will be subject to a review every two years by a parliamentary joint committee. The opposition will also be consulted on the listing and delisting of extremist organisations.

The bill was passed by the lower house and late in the evening it cleared the Senate – by 38 votes to 22 – after the National Party abstained while their Liberal coalition partners voted in favour. The Greens voted against, saying it would have a “chilling effect” on political debate and protest.

Ravie LakshmananJan 20, 2026Vulnerability / Artificial Intelligence

A set of three security vulnerabilities has been disclosed in mcp-server-git, the official Git Model Context Protocol (MCP) server maintained by Anthropic, that could be exploited to read or delete arbitrary files and execute code under certain conditions.

“These flaws can be exploited through prompt injection, meaning an attacker who can influence what an AI assistant reads (a malicious README, a poisoned issue description, a compromised webpage) can weaponize these vulnerabilities without any direct access to the victim’s system,” Cyata researcher Yarden Porat said in a report shared with The Hacker News.

Mcp-server-git is a Python package and an MCP server that provides a set of built-in tools to read, search, and manipulate Git repositories programmatically via large language models (LLMs).

The security issues, which have been addressed in versions 2025.9.25 and 2025.12.18 following responsible disclosure in June 2025, are listed below –

• CVE-2025-68143 (CVSS score: 8.8 [v3] / 6.5 [v4]) – A path traversal vulnerability arising as a result of the git_init tool accepting arbitrary file system paths during repository creation without validation (Fixed in version 2025.9.25)
• CVE-2025-68144 (CVSS score: 8.1 [v3] / 6.4 [v4]) – An argument injection vulnerability arising as a result of git_diff and git_checkout functions passing user-controlled arguments directly to git CLI commands without sanitization (Fixed in version 2025.12.18)
• CVE-2025-68145 (CVSS score: 7.1 [v3] / 6.3 [v4]) – A path traversal vulnerability arising as a result of a missing path validation when using the –repository flag to limit operations to a specific repository path (Fixed in version 2025.12.18)

Successful exploitation of the above vulnerabilities could allow an attacker to turn any directory on the system into a Git repository, overwrite any file with an empty diff, and access any repository on the server.

In an attack scenario documented by Cyata, the three vulnerabilities could be chained with the Filesystem MCP server to write to a “.git/config” file (typically located within the hidden .git directory) and achieve remote code execution by triggering a call to git_init by means of a prompt injection.

• Use git_init to create a repo in a writable directory
• Use the Filesystem MCP server to write a malicious .git/config with a clean filter
• Write a .gitattributes file to apply the filter to certain files
• Write a shell script with the payload
• Write a file that triggers the filter
• Call git_add, which executes the clean filter, running the payload

In response to the findings, the git_init tool has been removed from the package and adds extra validation to prevent path traversal primitives. Users of the Python package are recommended to update to the latest version for optimal protection.

“This is the canonical Git MCP server, the one developers are expected to copy,” Shahar Tal, CEO and co-founder of Agentic AI security company Cyata, said. “If security boundaries break down even in the reference implementation, it’s a signal that the entire MCP ecosystem needs deeper scrutiny. These are not edge cases or exotic configurations, they work out of the box.”