AnonymousMedia.org

Category: Uncategorized

  • Ukraine’s parliament and half of Kyiv with no heating after Russian strikes

    Ukraine’s parliament and half of Kyiv with no heating after Russian strikes


    Reuters A missile is shot down over residential buildings in KyivReuters

    Zelensky said repelling Monday night’s attack had cost Ukraine about €80m (£69m) just in terms of air defence missiles

    A large Russian aerial strike on Ukraine has left the Ukrainian parliament and half of Kyiv’s residential buildings without heating or power as temperatures across the country continue to hover around -10C.

    Drones, ballistic and cruise missiles targeted several locations in Ukraine, including Kyiv, Dnipro in the centre and Odesa in the south.

    Air raid alerts in Kyiv lasted most of the night. Sirens rang out later as Russian drones and cruise missiles approached the capital.

    President Volodymyr Zelensky said a “significant number” of targets had been intercepted. But he also said that, in terms of air defence missile prices alone, repelling that attack had cost Ukraine about €80m (£69m).

    Between Monday and Tuesday, at least four people died and 33 others were injured in strikes across Ukraine.

    On Tuesday morning, more than 5,600 residential buildings – each with dozens of flats – in Kyiv woke up to no heating. A large part of the capital also has no water.

    Mayor Vitalii Klitschko said almost 80% of those buildings had just had their heating restored following the large-scale attack on 9 January, which knocked out power for much of the city. Since then, relentless efforts by technicians had managed to reinstate electricity and gas for thousands – only for that work to be undone overnight.

    “I have no electricity and no water,” Oleksandr Palii, a 29-year-old veteran, told the BBC. “I didn’t sleep until 3am because of the strikes either – there were explosions all night.”

    Parliament speaker Ruslan Stefanchuk said that, just like Ukrainian cities, the Verkhovna Rada was also without basic services of electricity, water and heating, and he called other parliaments not to remain silent.

    The Ukrainian president had been due to travel to the World Economic Forum in Davos, Switzerland, on Tuesday but, in the wake of the overnight strikes, he said he had decided to stay in Kyiv.

    He would travel to Davos only if documents on security guarantees with the United States and a prosperity plan were ready to be signed, he added.

    Temperatures have stayed well below freezing since the start of the year.

    Ukrainian media has reported instances of radiators bursting due to the water in them freezing, leading to flooding in entire buildings. There have also been reports of fires starting due to people using gas heaters indoor.

    As the power cuts continue, Kyiv residents are finding innovative solutions to carry on living. Many now use portable stoves to cook, and entire buildings chip in to buy generators. But much depends on individual financial capacities.

    “I think people who are less well-off are coping much worse,” says Olha Zasiadvovk, who has a young child. She and other parents have bought lamps and thermal containers for their children’s kindergarten “so that when the kitchen has no electricity they can cook all the meals at once and store them.”

    But if electricity is only available sporadically, she says, “the food doesn’t keep very well. There were cases when food was cooked in the morning and by dinner the porridge had become completely solid.”

    In recent days, videos have circulated on social media showing Ukrainians barbecuing in snowy yards and dancing to keep warm in the face of continued power cuts and freezing temperatures. But many say this is the worst winter since the start of the full-scale war in 2022, and with no end to hostilities in sight, nerves are frayed.

    Reuters People sleeping in a metro station in KyivReuters

    Around 10,000 people sought shelter in Kyiv’s metro stations overnight

    “The resilience of the Ukrainian people cannot be an excuse for this war to continue. It must end as soon as possible,” said Foreign Minister Andrii Sybiha‎ on Tuesday.

    The Kyiv city administration said more than 10,000 people, including nearly 800 children, took refuge in the city’s metro stations on Monday night.

    Many of the high-rise buildings that are often hit by drones do not have shelters, so the deep metro system is still the only place people can seek safety as the thudding sounds of air defence systems ring overhead.

    President Zelensky said Ukraine had received missiles to repel the overnight attack on Monday, and added they had helped significantly.

    But he also emphasised the need for air defence systems was still critical. In a call with reporters, he said Russia was using “far more” ballistic missiles in its attacks and that Moscow’s capacity to produce them had not been dented.

    “So far, this has not happened. That is why we need more missiles and more air defence systems,” he said.

    A flurry of diplomatic activity in late 2025 gave rise to hope that progress was being made towards a peace deal with Russia.

    But on Tuesday Zelensky hinted at concerns that growing tensions between the US and Europe could be detrimental to Ukraine’s ability to defend itself. As it stands, Kyiv’s European partners are buying missiles from the US on Ukraine’s behalf.

    “When it comes to [protection from] ballistic missiles, for now the key is in the hands of the United States of the America,” he said.

    “It is very important that deliveries are timely, that production works, and that partners help us purchase the necessary missiles,” Zelensky stressed. “In other words, a great deal in the security of Ukrainians depends on the unity of Europe and America.”

    Additional reporting by Liubov Sholudko.



    Source link

  • Australia parliament passes gun reform and anti-hate bills after Bondi shooting

    Australia parliament passes gun reform and anti-hate bills after Bondi shooting


    Australia’s parliament has voted for sweeping gun law reforms and a crackdown on hate speech, a month after two attackers shot 15 people dead at a Jewish festival at Bondi Beach.

    Both bills passed the House of Representatives and Senate at a special sitting late on Tuesday. The gun reform measures include a national gun buyback scheme and new checks on firearm licence applications.

    Home Affairs Minister Tony Burke said the Bondi gunmen would not legally have had access to firearms if such a law had been in place prior to the attack, the country’s worst mass shooting in decades.

    Governing Labor senators were backed on the anti-hate bill by Liberal lawmakers, whose coalition partners abstained.

    After last month’s mass shooting, Prime Minister Anthony Albanese came under huge pressure for not having done enough to prevent the attack in the first place, amid growing fears of antisemitism in the Jewish community.

    Politicians were recalled two weeks early to debate the legislation. Introducing the reforms, Burke said individuals with “hate in their hearts and guns in their hands” had carried out the 14 December attack.

    The father in the father-son duo allegedly behind the attack legally owned six firearms, while his son had been on the radar of intelligence agencies.

    The gun reform bill, which cleared the House of Representatives by 96 votes to 45, includes stricter firearm import controls and provisions to improve information sharing between intelligence agencies on people trying to obtain gun licences.

    The buyback scheme will target “surplus and newly restricted firearms”, Burke said, reducing the country’s four million registered guns.

    Burke added that it “comes as a shock to most Australians” to know that the country has more firearms that it did before the 1996 Port Arthur attack, in which a gunman killed 35 people in Tasmania.

    That attack, the country’s worst mass shooting, had prompted the then government to introduce some of the world’s strictest gun controls. The new law will bring in some of the most significant changes to Australia’s guns laws since then.

    The hate speech reforms had originally been included in an omnibus bill with the gun reforms but the government split the legislation last week after both the Liberal-National opposition coalition and the Greens said they would vote against.

    While the Labor government has a comfortable majority in the lower house, it needs the support of other parties in the Senate.

    Coalition MPs cited concerns about free speech and said the legislation was not clearly defined, among other things, while the Greens said they could not support it unless changes were made to protect all minorities and legitimate protest.

    But on Tuesday, Liberals leader Sussan Ley, who last week said the bill was “unsalvageable”, said her party had reached agreement with the government on a watered-down version.

    The Liberals had “stepped up to fix legislation” that the government had “mishandled”, she said in a statement, adding that the bill had been “narrowed, strengthened and properly focused on keeping Australians safe”.

    The bill includes provisions that will ban groups deemed to spread hate and introduce tougher penalties for preachers who advocate violence. It will be subject to a review every two years by a parliamentary joint committee. The opposition will also be consulted on the listing and delisting of extremist organisations.

    The bill was passed by the lower house and late in the evening it cleared the Senate – by 38 votes to 22 – after the National Party abstained while their Liberal coalition partners voted in favour. The Greens voted against, saying it would have a “chilling effect” on political debate and protest.



    Source link

  • Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution

    Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution


    Ravie LakshmananJan 20, 2026Vulnerability / Artificial Intelligence

    A set of three security vulnerabilities has been disclosed in mcp-server-git, the official Git Model Context Protocol (MCP) server maintained by Anthropic, that could be exploited to read or delete arbitrary files and execute code under certain conditions.

    “These flaws can be exploited through prompt injection, meaning an attacker who can influence what an AI assistant reads (a malicious README, a poisoned issue description, a compromised webpage) can weaponize these vulnerabilities without any direct access to the victim’s system,” Cyata researcher Yarden Porat said in a report shared with The Hacker News.

    Mcp-server-git is a Python package and an MCP server that provides a set of built-in tools to read, search, and manipulate Git repositories programmatically via large language models (LLMs).

    Cybersecurity

    The security issues, which have been addressed in versions 2025.9.25 and 2025.12.18 following responsible disclosure in June 2025, are listed below –

    • CVE-2025-68143 (CVSS score: 8.8 [v3] / 6.5 [v4]) – A path traversal vulnerability arising as a result of the git_init tool accepting arbitrary file system paths during repository creation without validation (Fixed in version 2025.9.25)
    • CVE-2025-68144 (CVSS score: 8.1 [v3] / 6.4 [v4]) – An argument injection vulnerability arising as a result of git_diff and git_checkout functions passing user-controlled arguments directly to git CLI commands without sanitization (Fixed in version 2025.12.18)
    • CVE-2025-68145 (CVSS score: 7.1 [v3] / 6.3 [v4]) – A path traversal vulnerability arising as a result of a missing path validation when using the –repository flag to limit operations to a specific repository path (Fixed in version 2025.12.18)

    Successful exploitation of the above vulnerabilities could allow an attacker to turn any directory on the system into a Git repository, overwrite any file with an empty diff, and access any repository on the server.

    In an attack scenario documented by Cyata, the three vulnerabilities could be chained with the Filesystem MCP server to write to a “.git/config” file (typically located within the hidden .git directory) and achieve remote code execution by triggering a call to git_init by means of a prompt injection.

    • Use git_init to create a repo in a writable directory
    • Use the Filesystem MCP server to write a malicious .git/config with a clean filter
    • Write a .gitattributes file to apply the filter to certain files
    • Write a shell script with the payload
    • Write a file that triggers the filter
    • Call git_add, which executes the clean filter, running the payload
    Cybersecurity

    In response to the findings, the git_init tool has been removed from the package and adds extra validation to prevent path traversal primitives. Users of the Python package are recommended to update to the latest version for optimal protection.

    “This is the canonical Git MCP server, the one developers are expected to copy,” Shahar Tal, CEO and co-founder of Agentic AI security company Cyata, said. “If security boundaries break down even in the reference implementation, it’s a signal that the entire MCP ecosystem needs deeper scrutiny. These are not edge cases or exotic configurations, they work out of the box.”



    Source link