Daily Brief

Three security vulnerabilities were identified in Anthropic's mcp-server-git, potentially allowing unauthorized file access and remote code execution. These flaws can be exploited via prompt injection, where attackers manipulate AI assistant inputs such as README files or poisoned web pages. The vulnerabilities could let attackers transform directories into Git repositories and overwrite files, posing significant security risks. Cyata's research demonstrated a potential attack chain using the Filesystem MCP server to achieve remote code execution. In response, Anthropic has removed the git_init tool and enhanced validation measures to counter path traversal attacks. The vulnerabilities were responsibly disclosed in June 2025, with fixes implemented in versions 2025.9.25 and 2025.12.18. Users are urged to update to the latest version of the Python package to ensure protection against these vulnerabilities. This incident raises concerns about the security of the broader MCP ecosystem, necessitating further scrutiny and vigilance.

Cybersecurity researchers have identified a phishing campaign using LinkedIn messages to spread remote access trojans (RATs) through DLL sideloading, targeting high-value individuals across various sectors. Attackers use LinkedIn to build trust and trick targets into downloading a malicious WinRAR self-extracting archive, which initiates the malware infection chain. The campaign employs a legitimate open-source Python pen-testing script, leveraging DLL sideloading to evade detection and maintain persistent access to compromised systems. Once the rogue DLL is sideloaded, it drops a Python interpreter that executes Base64-encoded shellcode, avoiding forensic detection by operating directly in memory. This malware attempts to communicate with external servers, providing attackers with ongoing remote access and the ability to exfiltrate sensitive data. The use of social media for phishing highlights a significant security gap, as platforms like LinkedIn are less monitored compared to email, complicating detection and response efforts. Organizations are advised to recognize social media as a critical attack vector and enhance their security measures beyond traditional email-focused defenses to mitigate such threats.

BleepingComputer will host a webinar on January 29, featuring Adrian Sanabria and David Girvin from Sumo Logic, focusing on the gap between executive decisions and SOC team needs. The session will address how security platform choices are often influenced by consolidation goals, AI promises, and budget limitations, impacting SOC effectiveness. SOC teams frequently face challenges such as alert fatigue and ineffective tool integrations, which hinder their ability to respond to real-world threats efficiently. Sumo Logic's approach emphasizes operational outcomes, automation, and visibility, enabling SOC teams to maximize existing tools without waiting for new platform changes. The webinar will provide strategies for identifying critical capabilities, evaluating AI features, and aligning security operations with organizational priorities. Attendees will gain insights into managing executive expectations and improving security operations to better reflect the realities of modern cyber threats. This discussion aims to equip security teams with practical strategies to enhance their operational effectiveness despite resource constraints.

Anthropic addressed three critical vulnerabilities in its Git MCP server, which could have allowed remote code execution via prompt injection tactics. The flaws, identified by Cyata, included a path validation bypass, unrestricted git_init issue, and argument injection in git_diff, affecting default deployments prior to December 2025. These vulnerabilities could be exploited by chaining the Git MCP server with the Filesystem MCP server, leveraging Git's smudge and clean filters for remote code execution. No evidence suggests these vulnerabilities were exploited in the wild, but the potential impact emphasizes the need for robust security evaluations of interconnected AI systems. Anthropic's prompt response and patching underscore the importance of proactive vulnerability management in complex AI environments. Organizations using AI systems must ensure they are running the updated version to prevent potential exploitation of these vulnerabilities. The incident highlights the expanding attack surface as AI tools and integrations become more prevalent, necessitating comprehensive security assessments.

Group-IB reports a significant rise in AI-driven cybercrime, with criminals renting AI tools like Dark LLMs and deepfakes at subscription prices, making sophisticated attacks more accessible. AI discussions on dark web forums have surged 371% since 2019, with AI-related posts reaching over 23,000 and nearly 300,000 replies in 2025, indicating widespread interest and adoption. Dark LLMs, designed for scams and malware, are available for as low as $30 a month, with over 1,000 users, enabling covert operations that bypass traditional safety measures. The market for deepfakes and AI-generated identities is booming, with synthetic identity kits selling for about $5, contributing to $347 million in verified losses from deepfake fraud in one quarter. AI tools are enhancing scam call centers by providing synthetic voices for initial contact and coaching humans, complicating attribution and defense efforts. Malware developers are exploring AI-assisted reconnaissance and persistence, suggesting a future of more autonomous cyberattacks that previously required human expertise. The integration of AI in cybercrime challenges static defenses, as AI-generated content obscures traditional indicators of compromise, complicating threat detection and response.

Orphan accounts, often abandoned in evolving organizations, pose significant security risks due to their valid credentials and lack of active ownership. These accounts, including non-human identities like service accounts and bots, remain untracked and unmanaged, creating potential entry points for cyber attackers. Traditional Identity and Access Management (IAM) systems struggle to manage these accounts due to their focus on human users and manual integration processes. The persistence of orphan accounts is attributed to fragmented identity management, leaving a shadow layer of identities outside governance frameworks. Continuous identity audits are recommended to provide full observability, ensuring all accounts, permissions, and activities are visible and verifiable. Orchid Security's Identity Audit capability offers a solution by integrating application-level telemetry with automated audit collection for comprehensive identity management. Implementing such measures transforms orphan accounts from hidden liabilities into manageable entities, enhancing overall enterprise security posture.

Cybersecurity researchers have identified a new malware, Evelyn Stealer, exploiting Visual Studio Code extensions to infiltrate developer environments and extract sensitive data. The malware campaign specifically targets organizations with software development teams, aiming to access production systems and digital assets. Evelyn Stealer uses malicious VS Code extensions to deploy a downloader DLL, which executes a PowerShell command to activate a secondary payload. The secondary payload decrypts and injects the main stealer into a Windows process, enabling data exfiltration to a remote server via FTP. The malware includes mechanisms to detect analysis environments and terminate browser processes, ensuring uninterrupted data collection. This campaign highlights the vulnerability of developer communities, regarded as high-value targets due to their critical role in software ecosystems. The disclosure coincides with the detection of new Python-based malware families, MonetaStealer and SolyxImmortal, also targeting sensitive user data.

Cloudflare has patched a vulnerability in its ACME validation logic that allowed bypassing security controls to access origin servers, potentially exposing sensitive data. The issue stemmed from how Cloudflare's edge network handled requests for the ACME HTTP-01 challenge path, leading to potential Web Application Firewall (WAF) bypass. No evidence was found that the vulnerability was exploited maliciously, but it posed a risk of unauthorized access to sensitive files on origin servers. The flaw allowed attackers to send arbitrary requests to the ACME path, circumventing WAF protections and reaching the origin server. Cloudflare's fix involves ensuring WAF features are only disabled when requests match a valid ACME HTTP-01 challenge token for the specific hostname. The vulnerability was reported by FearsOff in October 2025, and Cloudflare implemented the code change on October 27, 2025. This incident underscores the importance of rigorous validation processes in certificate management to prevent unauthorized access.

Intruder's research team scanned 5 million applications, uncovering over 42,000 exposed tokens across 334 secret types, revealing significant vulnerabilities in JavaScript bundles. Traditional vulnerability scanners often miss secrets in single-page applications, as they lack comprehensive spidering and authentication capabilities. Dynamic Application Security Testing (DAST) tools, while more robust, are costly and not widely deployed, leaving gaps in secrets detection. Static Application Security Testing (SAST) methods also fail to detect many secrets, particularly those embedded in JavaScript front-ends. Exposed tokens included GitHub and GitLab repository access, project management API keys, and various service integrations, posing severe security risks. The research underscores the necessity for enhanced detection methods, such as single-page application spidering, to mitigate the risk of secret exposures. Intruder has developed an automated secrets detection tool for SPAs to address these vulnerabilities and prevent secrets from reaching production environments.

Tudou Guarantee, a major Telegram-based illicit marketplace, has halted transactions, having previously processed over $12 billion, ranking it as the third-largest of its kind. The platform offered a range of illegal services, including stolen data sales, money laundering, and scam infrastructure, attracting vendors from other closed marketplaces. The cessation is linked to recent law enforcement actions against the Prince Group and its CEO, who was extradited to China for orchestrating a global investment scam. Telegram's previous shutdown of related channels did not deter the emergence of new markets, indicating resilience and adaptability among cybercriminal networks. The U.S. government has launched the Scam Center Strike Force, successfully seizing $401 million in cryptocurrency and targeting infrastructure supporting these scams. Despite the closure of Tudou, the potential for new marketplaces to fill the void remains, posing ongoing challenges for law enforcement and cybersecurity efforts. The rapid growth in AI-enabled scam technologies, with a 1,900% increase, underscores the evolving sophistication and scale of cybercriminal operations.

Akamai CEO Dr. Tom Leighton emphasized the need for robust anti-piracy measures, criticizing companies that equate piracy with free speech, during an interview with The Register. Dr. Leighton argued that piracy is an intellectual property theft issue, not a free speech matter, and stressed the importance of addressing it with effective detection and deterrence strategies. Akamai employs technology to combat piracy, including watermarking live streams and using tokens to identify unauthorized viewers, but acknowledges the need for broader collaboration. The CEO called for a public-private partnership to create a "deterrence by design" environment, suggesting that the risks of piracy should outweigh potential rewards. Akamai's approach includes immediate customer engagement when piracy is detected on their platform, ensuring swift resolution and compliance with legal requirements. On the technology front, Akamai is advancing edge AI capabilities through its Linode acquisition, aiming to deploy inferencing infrastructure in 100 cities globally. The company plans to utilize CPUs and older GPUs for edge AI, aligning with its strategy to enhance content delivery while maintaining operational efficiency.

A malvertising campaign utilized a fake ad-blocking extension, NexShield, to crash browsers and facilitate ClickFix attacks, targeting users of Chrome and Edge. The NexShield extension, falsely attributed to the creator of uBlock Origin, was removed from the Chrome Web Store after its malicious activity was discovered. The extension creates a denial-of-service condition by exhausting memory resources, causing browser crashes and prompting users to execute harmful commands. Upon browser restart, users encounter deceptive pop-ups leading to the execution of malicious PowerShell scripts, ultimately deploying ModeloRAT in corporate environments. ModeloRAT can perform system reconnaissance, execute commands, and introduce additional payloads, posing significant risks to enterprise networks. The threat actor, identified as 'KongTuke', shows an increasing interest in targeting enterprise systems, indicating a shift towards more lucrative cybercriminal activities. To mitigate such threats, users should install browser extensions only from trusted sources and ensure a thorough system cleanup if NexShield was installed.

A Fortune 100 company in the finance sector experienced a cyberattack involving PDFSider, a new malware strain, which was used to deliver malicious payloads on Windows systems. Attackers used social engineering tactics, impersonating technical support to trick employees into installing Microsoft's Quick Assist tool, gaining remote access. PDFSider, discovered by Resecurity, acts as a stealthy backdoor, showing characteristics often linked to advanced persistent threat (APT) tradecraft, and is actively used by multiple ransomware actors. The malware is delivered via spearphishing emails containing a ZIP archive with a legitimate executable and a malicious DLL, exploiting DLL side-loading to execute code. PDFSider employs sophisticated anti-analysis techniques, including RAM size checks and debugger detection, to evade detection and maintain long-term covert access. The malware uses advanced cryptographic methods, including AES-256-GCM encryption, to secure command-and-control communications, minimizing its footprint on infected systems. Resecurity suggests that the rise of AI-powered coding is making it easier for cybercriminals to find and exploit vulnerable software, posing ongoing challenges for cybersecurity defenses.

Microsoft issued an emergency out-of-band update for Windows 11 to address a shutdown bug caused by January's Patch Tuesday, affecting systems with System Guard Secure Launch enabled. The bug prevented systems from shutting down, restarting, or hibernating, leading to power drain in laptops and desktops remaining active unnecessarily. The update, KB5077797, aims to restore shutdown functionality and address a Remote Desktop authentication issue caused by the same cumulative update. Users experienced credential prompts failing or looping, affecting both client and server environments, complicating remote access operations. Microsoft acknowledged additional issues from the January update, including a problem with Outlook POP account profiles, which remains unresolved. The January Patch Tuesday included over 100 fixes, with at least one vulnerability under active exploitation, necessitating rapid deployment despite potential side effects. This incident serves as a cautionary tale about the unintended consequences of security updates, emphasizing the need for careful monitoring post-deployment.

The UK's National Cyber Security Centre (NCSC) issued a warning about pro-Russia hacktivists targeting critical national infrastructure (CNI) and local authorities with denial-of-service (DoS) attacks. These attacks, though technically simple, can cause significant disruption, affecting essential services and leading to financial and productivity losses for targeted organizations. The NCSC identified groups such as the Cyber Army of Russia Reborn, Z-Pentest, and Sector16 as key actors in these attacks, with NoName057(16) noted for its persistence. Organizations are urged to enhance their resilience against DoS attacks by implementing NCSC's guidance, utilizing third-party DDoS-mitigation services, and employing content delivery networks (CDNs). The advisory follows a previous international warning and emphasizes the need for vigilance against opportunistic attacks exploiting unpatched software and insecure VNC connections. The geopolitical context includes ongoing tensions with Russia, described by UK security officials as a primary threat, highlighting the strategic importance of cybersecurity preparedness. The NCSC's alert serves as a reminder for all sectors to proactively safeguard their systems against potential disruptions from hacktivist activities.