The Breach News

Critical Vulnerability in mcp-remote Allows Remote Code Execution, Affecting Over 437,000 Users

Published: July 10, 2025
Category: Vulnerability / AI Security

Cybersecurity experts have identified a serious vulnerability in the open-source mcp-remote project, posing a risk of executing arbitrary operating system commands. This vulnerability, designated CVE-2025-6514, has received a CVSS severity score of 9.6 out of 10.0. According to Or Peles, Team Leader of JFrog Vulnerability Research, “This flaw enables attackers to execute arbitrary OS commands on machines using mcp-remote when connecting to untrusted MCP servers, potentially leading to complete system compromise.” Mcp-remote emerged following the launch of Anthropic’s Model Context Protocol (MCP), an open-source framework designed to standardize how large language model (LLM) applications integrate and share data with external sources. It serves as a local proxy, facilitating communication between MCP clients like Claude Desktop and remote MCP servers, rather than relying solely on local execution.

Critical Vulnerability in mcp-remote Poses Serious Threat with Potential for Remote Code Execution July 10, 2025 In a significant development within the cybersecurity landscape, researchers have identified a critical vulnerability in the open-source mcp-remote project, a tool used widely in the integration of large language model (LLM) applications. This flaw,…

Read More

Critical Vulnerability in mcp-remote Allows Remote Code Execution, Affecting Over 437,000 Users

Published: July 10, 2025
Category: Vulnerability / AI Security

Cybersecurity experts have identified a serious vulnerability in the open-source mcp-remote project, posing a risk of executing arbitrary operating system commands. This vulnerability, designated CVE-2025-6514, has received a CVSS severity score of 9.6 out of 10.0. According to Or Peles, Team Leader of JFrog Vulnerability Research, “This flaw enables attackers to execute arbitrary OS commands on machines using mcp-remote when connecting to untrusted MCP servers, potentially leading to complete system compromise.” Mcp-remote emerged following the launch of Anthropic’s Model Context Protocol (MCP), an open-source framework designed to standardize how large language model (LLM) applications integrate and share data with external sources. It serves as a local proxy, facilitating communication between MCP clients like Claude Desktop and remote MCP servers, rather than relying solely on local execution.

China-Aligned MirrorFace Hackers Lure EU Diplomats with World Expo 2025 Scheme

Date: Nov 07, 2024
Category: Threat Intelligence / Cyber Espionage

The China-aligned hacking group MirrorFace has recently targeted a diplomatic organization within the European Union for the first time. According to ESET’s APT Activity Report for April to September 2024, the attackers exploited the upcoming World Expo 2025 in Osaka, Japan, as bait. This incident illustrates that while their geographic focus is shifting, MirrorFace continues to emphasize connections to Japan and related events. Also known as Earth Kasha, MirrorFace is part of a broader group, APT10, which includes other clusters like Earth Tengshe and Bronze Starlight. The group has been actively cyber-spying on Japanese organizations since at least 2019, with a recent expansion in 2023 that included targets in Taiwan and India. Over time, their malware tools have significantly advanced, showcasing their persistent threat landscape.

China-Aligned MirrorFace Hackers Target EU Diplomats with World Expo 2025 Bait On November 7, 2024, cybersecurity experts from ESET reported a significant development in cyber espionage, revealing that the China-aligned hacking group known as MirrorFace has set its sights on a diplomatic organization within the European Union. This marks a…

Read More

China-Aligned MirrorFace Hackers Lure EU Diplomats with World Expo 2025 Scheme

Date: Nov 07, 2024
Category: Threat Intelligence / Cyber Espionage

The China-aligned hacking group MirrorFace has recently targeted a diplomatic organization within the European Union for the first time. According to ESET’s APT Activity Report for April to September 2024, the attackers exploited the upcoming World Expo 2025 in Osaka, Japan, as bait. This incident illustrates that while their geographic focus is shifting, MirrorFace continues to emphasize connections to Japan and related events. Also known as Earth Kasha, MirrorFace is part of a broader group, APT10, which includes other clusters like Earth Tengshe and Bronze Starlight. The group has been actively cyber-spying on Japanese organizations since at least 2019, with a recent expansion in 2023 that included targets in Taiwan and India. Over time, their malware tools have significantly advanced, showcasing their persistent threat landscape.

A Misconfiguration Plaguing Corporate Streaming Platforms May Lead to Sensitive Data Exposure

Streaming Service Vulnerabilities Exposed at Defcon Conference Recent revelations at the Defcon security conference in Las Vegas have shed light on critical vulnerabilities present in some streaming platforms, particularly those utilized for corporate broadcasts and sports live streams. Leading streaming services like Netflix and Disney+ have made significant investments to…

Read MoreA Misconfiguration Plaguing Corporate Streaming Platforms May Lead to Sensitive Data Exposure

UnitedHealth Group Faces New Challenges After Recent Health Data Breach

Data Breach Notification, Data Privacy, Data Security Lawmakers Press UnitedHealth Group for Clarification Following New Breach Marianne Kolbasuk McGee (HealthInfoSec) • August 7, 2025 Recent developments have placed UnitedHealth Group (UHG) in a precarious position following the revelation of a significant breach involving its subsidiary, Episource, which reportedly affects 5.4…

Read MoreUnitedHealth Group Faces New Challenges After Recent Health Data Breach

Scattered Spider Compromises VMware ESXi to Launch Ransomware Against Critical U.S. Infrastructure

July 28, 2025
Cyber Attack / Ransomware

The infamous cybercrime group Scattered Spider is targeting VMware ESXi hypervisors in a series of attacks against the retail, airline, and transportation sectors in North America. According to an in-depth analysis by Google’s Mandiant team, “The group’s core tactics remain unchanged and do not depend on software exploits. Instead, they employ a strategic playbook that primarily involves phone calls to IT help desks.” The actors are described as aggressive and innovative, particularly adept at using social engineering to bypass even robust security systems. Their operations are precision-driven campaigns focused on the most critical systems and data of their victims. Also known as 0ktapus, Muddled Libra, Octo Tempest, and UNC3944, these threat actors have a track record of executing sophisticated social engineering tactics to gain initial access to target environments, subsequently employing a “living-off-the-land” (LotL) strategy by leveraging trusted administrative tools.

Scattered Spider Breaches VMware ESXi to Launch Ransomware Attacks on Critical U.S. Infrastructure July 28, 2025 In a concerning escalation of cyber threats, the cybercriminal group known as Scattered Spider has been orchestrating targeted attacks on VMware ESXi hypervisors, primarily affecting sectors such as retail, airlines, and transportation across North…

Read More

Scattered Spider Compromises VMware ESXi to Launch Ransomware Against Critical U.S. Infrastructure

July 28, 2025
Cyber Attack / Ransomware

The infamous cybercrime group Scattered Spider is targeting VMware ESXi hypervisors in a series of attacks against the retail, airline, and transportation sectors in North America. According to an in-depth analysis by Google’s Mandiant team, “The group’s core tactics remain unchanged and do not depend on software exploits. Instead, they employ a strategic playbook that primarily involves phone calls to IT help desks.” The actors are described as aggressive and innovative, particularly adept at using social engineering to bypass even robust security systems. Their operations are precision-driven campaigns focused on the most critical systems and data of their victims. Also known as 0ktapus, Muddled Libra, Octo Tempest, and UNC3944, these threat actors have a track record of executing sophisticated social engineering tactics to gain initial access to target environments, subsequently employing a “living-off-the-land” (LotL) strategy by leveraging trusted administrative tools.

Allianz Data Breach Reveals Widespread Vulnerabilities Impacting All Users

Computer code and text displayed on computer screens. Photographer: Chris Ratcliffe/Bloomberg © 2021 Bloomberg Finance LP Data breaches pose significant threats to individuals and businesses alike, often resulting in identity theft and associated financial damages. In 2023 alone, approximately 5.5 billion accounts were compromised due to data breaches worldwide, marking…

Read MoreAllianz Data Breach Reveals Widespread Vulnerabilities Impacting All Users

New CRON#TRAP Malware Targets Windows by Concealing Itself in a Linux VM to Bypass Antivirus Detection

Cybersecurity experts have unveiled a new malware campaign known as CRON#TRAP, which infiltrates Windows systems through a Linux virtual machine that harbors a backdoor for remote access. The campaign initiates with a malicious Windows shortcut (LNK) file, typically distributed as a ZIP archive in phishing emails. Researchers Den Iuzvyk and Tim Peck from Securonix highlighted that the Linux instance is pre-configured with a backdoor that automatically connects to an attacker-controlled command-and-control (C2) server. This enables attackers to maintain a hidden presence on the compromised system, facilitating further malicious activities within a concealed environment, thus evading detection by traditional antivirus solutions. The phishing messages often disguise themselves as an “OneAmerica survey.”

New CRON#TRAP Malware Targets Windows Systems via Linux Virtual Machine, Evading Detection November 8, 2024 Cybersecurity experts have identified a sophisticated malware campaign dubbed CRON#TRAP that infiltrates Windows systems through a concealed Linux virtual machine (VM). This innovative approach allows the malware to evade traditional antivirus defenses by operating in…

Read More

New CRON#TRAP Malware Targets Windows by Concealing Itself in a Linux VM to Bypass Antivirus Detection

Cybersecurity experts have unveiled a new malware campaign known as CRON#TRAP, which infiltrates Windows systems through a Linux virtual machine that harbors a backdoor for remote access. The campaign initiates with a malicious Windows shortcut (LNK) file, typically distributed as a ZIP archive in phishing emails. Researchers Den Iuzvyk and Tim Peck from Securonix highlighted that the Linux instance is pre-configured with a backdoor that automatically connects to an attacker-controlled command-and-control (C2) server. This enables attackers to maintain a hidden presence on the compromised system, facilitating further malicious activities within a concealed environment, thus evading detection by traditional antivirus solutions. The phishing messages often disguise themselves as an “OneAmerica survey.”

Bouygues Telecom Faces Cyberattack, Impacting 6.4 Million Customers

A cyberattack targeting Bouygues Telecom has led to the exposure of sensitive data for approximately 6.4 million customers. Learn about the compromised information and measures you can take to safeguard yourself against potential scams, as the company cautions customers to remain vigilant. Bouygues Telecom, a leading telecommunications provider in France…

Read MoreBouygues Telecom Faces Cyberattack, Impacting 6.4 Million Customers

Live Webinar: How Modern Bots Mimic Humans — Protecting Your APIs and Business from Threats

Next-Generation Technologies & Secure Development, Threat Detection Presented by Harness 60 Minutes Recent statistics reveal that 53% of internet traffic is now generated by bots, many of which utilize artificial intelligence to closely mimic human behavior. These sophisticated bots extend far beyond simple scraping techniques; they are designed to circumvent…

Read MoreLive Webinar: How Modern Bots Mimic Humans — Protecting Your APIs and Business from Threats