Threat Alerts

Researchers have issued a warning about the potential for full system compromise through a vulnerability in Anthropic’s MCP Inspector tool — a popular open-source utility used by developers to test Model Context Protocol (MCP) servers. While a patch is available, this case highlights a wider risk: attackers can abuse poorly secured developer tools, local proxies, and open ports to escalate from simple web-based lures to full remote code execution.

Organizations adopting AI tools, agentic applications, or MCP frameworks should treat local development and testing environments as part of their attack surface. Validate that any MCP Inspector installations are updated to version 0.14.1 or later, review exposed network interfaces, restrict CORS settings, and apply strict least privilege. This serves as a broader reminder that open-source AI integration tools can introduce overlooked supply chain threats if not deployed securely.

Microsoft’s July 2025 Patch Tuesday fixes 130 vulnerabilities, including 14 critical and 41 remote code execution flaws. Notably, it includes a publicly disclosed zero-day, CVE-2025-49719 (CVSS 7.5), an information disclosure bug in SQL Server that allows unauthenticated access to uninitialized memory over the network. Although exploitation is rated as “less likely,” the early disclosure increases risk. The most critical flaw, CVE-2025-47981 (CVSS 9.8), is a pre-authentication RCE in the Windows NEGOEX mechanism, posing a high risk of wormable attacks similar to WannaCry.

Other major fixes include RCE vulnerabilities in Microsoft Office and SharePoint (CVE-2025-49695 to CVE-2025-49704) and critical issues in Windows KDC Proxy, Connected Devices Platform, and Hyper-V components.

A targeted in-memory attack campaign has been attributed to Gold Melody (UNC961 / Prophet Spider), an initial access broker known for its opportunistic targeting across Europe and the United States. The campaign focuses on exploiting leaked ASP.NET Machine Keys—cryptographic keys intended to protect the integrity of ViewState data—allowing the threat actor to achieve remote code execution on vulnerable IIS servers without authentication. By using tools like ysoserial. net and the XamlAssemblyLoadFromFile gadget, attackers craft malicious deserialization payloads embedded in Base64-encoded HTTP requests. These payloads enable .NET assemblies to be executed directly in memory, bypassing disk-based detection and leaving minimal forensic evidence.

Once access is established, Gold Melody deploys a modular toolset designed to operate entirely in memory. These include modules for command execution, file transfer, system enumeration, and vulnerability probing—each obfuscated using XOR encryption and engineered to terminate HTTP responses immediately after execution. Post-exploitation activity is staged under C:\Windows\Temp\111t, where the actor deploys a custom privilege escalation tool disguised as a PDF editor. This tool abuses the GodPotato vulnerability to gain SYSTEM-level privileges and establish persistent local administrator accounts. Internal reconnaissance is conducted using TxPortMap, a lightweight port scanner written in Go, along with standard enumeration commands to map the compromised environment.

The campaign highlights the growing adoption of fileless attack techniques by financially motivated threat actors. Gold Melody’s use of publicly leaked cryptographic material, combined with advanced in-memory execution chains and privilege escalation, reflects a mature and low-noise intrusion strategy designed for long-term persistence and evasion.

A critical vulnerability in ServiceNow’s enterprise platform has been discovered that allows attackers to extract sensitive data including personally identifiable information, credentials, and financial records from organizations.
The vulnerability CVE-2025-3648 (CVSS:8.2) exploits a fundamental weakness in ServiceNow’s record count UI element on list pages, enabling attackers to use enumeration techniques and query filters to systematically infer sensitive data from database tables. The attack requires only minimal access privileges, making it particularly dangerous as it can be executed by users with basic table access or even self-registered anonymous accounts. Attackers can leverage ServiceNow’s Access Control List implementation weaknesses, where the platform displays different responses depending on which ACL conditions are unmet – crucially revealing total record counts when access is denied due to data conditions rather than role restrictions.
The attack process involves automated scripts that extract data character-by-character through query parameter manipulation, with the vulnerability further amplified by ServiceNow’s “dot-walking” feature that allows access to related table data through reference fields.

A growing turf war between two major ransomware groups—DragonForce and RansomHub—is intensifying competition within the cybercriminal ecosystem, raising the risk of overlapping extortion campaigns and retaliatory attacks on corporate victims.

The conflict centers on affiliate recruitment and dominance in the ransomware-as-a-service (RaaS) market. DragonForce, known for its cartel-style model and recent attacks on UK retailers, has seen its affiliates increasingly targeted by RansomHub, a fast-growing rival that has aggressively courted defectors. Leaked communications from underground forums suggest that RansomHub is offering more favorable revenue splits and faster payouts, prompting tension and accusations of “affiliate poaching.”

This rivalry represents more than just underground drama—it has real-world consequences. Victims may now face multiple ransom demands from competing groups targeting the same networks or engaging in disruptive follow-on attacks. As both operations escalate, organizations could become entangled in crossfire between ransomware crews vying for visibility, profits, and credibility in a saturated extortion market.

Atomic macOS Stealer (AMOS), a well-known threat targeting Apple users, has evolved into a significantly more dangerous tool. No longer limited to credential theft and data exfiltration, the latest version of the malware now includes a backdoor, allowing persistent access to infected devices. This shift transforms the malware from a one-time data stealer into a platform for long-term control over macOS systems, increasing the risk of continuous surveillance and deeper compromise across thousands of devices globally.

The infection typically begins with trojanized software or spear phishing campaigns aimed at cryptocurrency holders and high-value targets. Once the user is tricked into executing the malware and entering their password, the malicious installer uses scripts and binary payloads to extract sensitive data and establish persistence through system configuration changes. A secondary payload is then downloaded, configured to run at startup, and kept alive via system services, ensuring the malware remains active after reboots. The backdoor communicates with remote infrastructure, receives unique identifiers for tracking, and periodically fetches commands such as shell execution or self-deletion routines.

The addition of this backdoor marks a strategic shift in malware distribution, mimicking tactics previously observed in other state-linked operations. Its modular structure allows operators to expand functionality over time, blending traditional data theft with extended access capabilities. As the stealer landscape continues to merge with long-term access strategies, this development signals an escalation in intent and technical reach by macOS-targeting threat actors.