CyberAlerts

Description: We are on a path to where social media will feed you hyperpersonalized AI slop about anything and everything.

Source: 404 Media

July 15th, 2025 (about 2 hours ago)

Google says ‘Big Sleep’ AI tool found bug hackers planned to use

Description: On Tuesday, Google said Big Sleep managed to discover CVE-2025-6965 — a critical security flaw that Google said was “only known to threat actors and was at risk of being exploited.”

CVSS: HIGH (7.2)

Source: The Record

July 15th, 2025 (about 2 hours ago)

[@sunwood-ai-labs/github-kanban-mcp-server] GitHub Kanban MCP Server vulnerable to Command Injection

Description: The MCP Server at https://github.com/Sunwood-ai-labs/github-kanban-mcp-server/ is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. Vulnerable tool The MCP Server exposes the tool add_comment which relies on Node.js child process API exec to execute the GitHub (gh) command, is an unsafe and vulnerable API if concatenated with untrusted user input. Data flows from the tool definition here which takes in args.issue_number and calls handleAddComment() in this definitino that uses exec in an insecure way. Vulnerable line of code: https://github.com/Sunwood-ai-labs/github-kanban-mcp-server/blob/main/src/handlers/comment-handlers.ts#L8-L23 export async function handleAddComment(args: { repo: string; issue_number: string; body: string; state?: 'open' | 'closed'; }): Promise { const tempFile = 'comment_body.md'; try { // ステータスの変更が指定されている場合は先に処理 if (args.state) { try { const command = args.state === 'closed' ? 'close' : 'reopen'; await execAsync( `gh issue ${command} ${args.issue_number} --repo ${args.repo}` ); Exploitation Proof of Concept When LLMs are tricked through prompt injection (and other techniques and attack vectors) to call the tool with input that uses special shell characters such as ; rm -rf /tmp;# (be careful actually executing this payload) and other payload variations, the full command-line text will be in...

CVSS: HIGH (8.9)

Source: Github Advisory Database (NPM)

July 15th, 2025 (about 2 hours ago)

North Korean XORIndex malware hidden in 67 malicious npm packages

Description: North Korean threat actors planted 67 malicious packages in the Node Package Manager (npm) online repository to deliver a new malware loader called XORIndex to developer systems. [...]

Source: BleepingComputer

July 15th, 2025 (about 3 hours ago)

🏴‍☠️ Dragonforce has just published a new victim : Mausolff Immobilien

Description: Selling and renting real estate is a matter of absolute trust. With over 35 years of experience and numerous continuing education courses, I am confident that I am the right partner for your project as a real estate agent in Moers.

Source: Ransomware.live

July 15th, 2025 (about 3 hours ago)

🏴‍☠️ Lynx has just published a new victim : Inside One

Description: InsideOne specializes in digital transformation solutions aimed at enhancing business operations through innovative technology. Their services include consulting, implementation, and support for various digital tools and systems. The company targets businesses looking to adopt digital strategies to improve efficiency and customer engagement. With a focus on tailored solutions, InsideOne caters to a diverse range of industries seeking to navigate the complexities of digital change.

Source: Ransomware.live

July 15th, 2025 (about 3 hours ago)

CVE-2025-53959

In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible

Description: In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible

CVSS: HIGH (7.6)

Source: CVE

July 15th, 2025 (about 3 hours ago)

CVE-2025-53895

ZITADEL has broken authN and authZ in session API and resulting session tokens

Description: ZITADEL is an open source identity management system. Starting in version 2.53.0 and prior to versions 4.0.0-rc.2, 3.3.2, 2.71.13, and 2.70.14, vulnerability in ZITADEL's session management API allows any authenticated user to update a session if they know its ID, due to a missing permission check. This flaw enables session hijacking, allowing an attacker to impersonate another user and access sensitive resources. Versions prior to `2.53.0` are not affected, as they required the session token for updates. Versions 4.0.0-rc.2, 3.3.2, 2.71.13, and 2.70.14 fix the issue.

CVSS: HIGH (7.7)

Source: CVE

July 15th, 2025 (about 3 hours ago)

CVE-2025-26186

SQL Injection vulnerability in openSIS v.9.1 allows a remote attacker to execute arbitrary code via the id parameter in Ajax.php

Description: SQL Injection vulnerability in openSIS v.9.1 allows a remote attacker to execute arbitrary code via the id parameter in Ajax.php

Source: CVE

July 15th, 2025 (about 3 hours ago)

Hyper-Volumetric DDoS Attacks Reach Record 7.3 Tbps, Targeting Key Global Sectors

Description: Cloudflare on Tuesday said it mitigated 7.3 million distributed denial-of-service (DDoS) attacks in the second quarter of 2025, a significant drop from 20.5 million DDoS attacks it fended off the previous quarter. "Overall, in Q2 2025, hyper-volumetric DDoS attacks skyrocketed," Omer Yoachimik and Jorge Pacheco said. "Cloudflare blocked over 6,500 hyper-volumetric DDoS attacks, an average of 71

Source: TheHackerNews

July 15th, 2025 (about 3 hours ago)

Threat and Vulnerability Intelligence Database

Example Searches:

	The AI Slop Niche Machine Is Here Description: We are on a path to where social media will feed you hyperpersonalized AI slop about anything and everything. Source: 404 Media July 15th, 2025 (about 2 hours ago)
	Google says ‘Big Sleep’ AI tool found bug hackers planned to use Description: On Tuesday, Google said Big Sleep managed to discover CVE-2025-6965 — a critical security flaw that Google said was “only known to threat actors and was at risk of being exploited.” CVSS: HIGH (7.2) Source: The Record July 15th, 2025 (about 2 hours ago)
	[@sunwood-ai-labs/github-kanban-mcp-server] GitHub Kanban MCP Server vulnerable to Command Injection Description: The MCP Server at https://github.com/Sunwood-ai-labs/github-kanban-mcp-server/ is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. Vulnerable tool The MCP Server exposes the tool add_comment which relies on Node.js child process API exec to execute the GitHub (gh) command, is an unsafe and vulnerable API if concatenated with untrusted user input. Data flows from the tool definition here which takes in args.issue_number and calls handleAddComment() in this definitino that uses exec in an insecure way. Vulnerable line of code: https://github.com/Sunwood-ai-labs/github-kanban-mcp-server/blob/main/src/handlers/comment-handlers.ts#L8-L23 export async function handleAddComment(args: { repo: string; issue_number: string; body: string; state?: 'open' \| 'closed'; }): Promise { const tempFile = 'comment_body.md'; try { // ステータスの変更が指定されている場合は先に処理 if (args.state) { try { const command = args.state === 'closed' ? 'close' : 'reopen'; await execAsync( `gh issue ${command} ${args.issue_number} --repo ${args.repo}` ); Exploitation Proof of Concept When LLMs are tricked through prompt injection (and other techniques and attack vectors) to call the tool with input that uses special shell characters such as ; rm -rf /tmp;# (be careful actually executing this payload) and other payload variations, the full command-line text will be in... CVSS: HIGH (8.9) Source: Github Advisory Database (NPM) July 15th, 2025 (about 2 hours ago)
	North Korean XORIndex malware hidden in 67 malicious npm packages Description: North Korean threat actors planted 67 malicious packages in the Node Package Manager (npm) online repository to deliver a new malware loader called XORIndex to developer systems. [...] Source: BleepingComputer July 15th, 2025 (about 3 hours ago)
	🏴‍☠️ Dragonforce has just published a new victim : Mausolff Immobilien Description: Selling and renting real estate is a matter of absolute trust. With over 35 years of experience and numerous continuing education courses, I am confident that I am the right partner for your project as a real estate agent in Moers. Source: Ransomware.live July 15th, 2025 (about 3 hours ago)
	🏴‍☠️ Lynx has just published a new victim : Inside One Description: InsideOne specializes in digital transformation solutions aimed at enhancing business operations through innovative technology. Their services include consulting, implementation, and support for various digital tools and systems. The company targets businesses looking to adopt digital strategies to improve efficiency and customer engagement. With a focus on tailored solutions, InsideOne caters to a diverse range of industries seeking to navigate the complexities of digital change. Source: Ransomware.live July 15th, 2025 (about 3 hours ago)
CVE-2025-53959	In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible Description: In JetBrains YouTrack before 2025.2.86069, 2024.3.85077, 2025.1.86199 email spoofing via an administrative API was possible CVSS: HIGH (7.6) Source: CVE July 15th, 2025 (about 3 hours ago)
CVE-2025-53895	ZITADEL has broken authN and authZ in session API and resulting session tokens Description: ZITADEL is an open source identity management system. Starting in version 2.53.0 and prior to versions 4.0.0-rc.2, 3.3.2, 2.71.13, and 2.70.14, vulnerability in ZITADEL's session management API allows any authenticated user to update a session if they know its ID, due to a missing permission check. This flaw enables session hijacking, allowing an attacker to impersonate another user and access sensitive resources. Versions prior to `2.53.0` are not affected, as they required the session token for updates. Versions 4.0.0-rc.2, 3.3.2, 2.71.13, and 2.70.14 fix the issue. CVSS: HIGH (7.7) Source: CVE July 15th, 2025 (about 3 hours ago)
CVE-2025-26186	SQL Injection vulnerability in openSIS v.9.1 allows a remote attacker to execute arbitrary code via the id parameter in Ajax.php Description: SQL Injection vulnerability in openSIS v.9.1 allows a remote attacker to execute arbitrary code via the id parameter in Ajax.php Source: CVE July 15th, 2025 (about 3 hours ago)
	Hyper-Volumetric DDoS Attacks Reach Record 7.3 Tbps, Targeting Key Global Sectors Description: Cloudflare on Tuesday said it mitigated 7.3 million distributed denial-of-service (DDoS) attacks in the second quarter of 2025, a significant drop from 20.5 million DDoS attacks it fended off the previous quarter. "Overall, in Q2 2025, hyper-volumetric DDoS attacks skyrocketed," Omer Yoachimik and Jorge Pacheco said. "Cloudflare blocked over 6,500 hyper-volumetric DDoS attacks, an average of 71 Source: TheHackerNews July 15th, 2025 (about 3 hours ago)