Critical Infrastructure Security, Governance & Risk Management, Operational Technology (OT) Surge in Attacks Targeting Operational Technology Networks Prajeet Nair (@prajeetspeaks) • August 13, 2025 Image: Ivan Kislitsin/Shutterstock Researchers report a notable surge in exploitation attempts against a critical vulnerability in the Erlang/OTP runtime system, prevalent in operational technology settings. The…
June 17, 2025
Category: Vulnerability / LLM Security
Cybersecurity experts have revealed a recently fixed security flaw in the LangChain’s LangSmith platform that could be exploited to obtain sensitive information, including API keys and user prompts. The vulnerability, assigned a CVSS score of 8.8 out of 10.0, is codenamed AgentSmith by Noma Security. LangSmith serves as an observability and evaluation tool for developing, testing, and monitoring large language model (LLM) applications, including those created using LangChain. Additionally, it features a LangChain Hub that acts as a repository for publicly available prompts, agents, and models.
“This newly discovered vulnerability targeted unsuspecting users who adopted agents containing pre-configured malicious proxy servers uploaded to the ‘Prompt Hub,'” noted researchers Sasi Levi and Gal Moyal in a report shared with The Hacker News. “Once adopted, the malicious proxy discreetly intercepted all user communications…”
Security Flaw in LangSmith Could Compromise OpenAI Keys and User Data In a recent disclosure, cybersecurity researchers have unveiled a significant vulnerability within the LangSmith platform, a tool integral to the development and monitoring of large language model (LLM) applications. The flaw, categorized with a CVSS score of 8.8, has…
June 17, 2025
Category: Vulnerability / LLM Security
Cybersecurity experts have revealed a recently fixed security flaw in the LangChain’s LangSmith platform that could be exploited to obtain sensitive information, including API keys and user prompts. The vulnerability, assigned a CVSS score of 8.8 out of 10.0, is codenamed AgentSmith by Noma Security. LangSmith serves as an observability and evaluation tool for developing, testing, and monitoring large language model (LLM) applications, including those created using LangChain. Additionally, it features a LangChain Hub that acts as a repository for publicly available prompts, agents, and models.
“This newly discovered vulnerability targeted unsuspecting users who adopted agents containing pre-configured malicious proxy servers uploaded to the ‘Prompt Hub,'” noted researchers Sasi Levi and Gal Moyal in a report shared with The Hacker News. “Once adopted, the malicious proxy discreetly intercepted all user communications…”
AT&T Data Breach Class Action Settlement Photo: iStock In a significant move to address customer concerns regarding cybersecurity, AT&T has reached a settlement in a class action lawsuit stemming from two major data breaches in 2024, amounting to $177 million. Customers whose sensitive data was compromised during these incidents may…
TA829 and UNK_GreenSec Collaborate on Strategies and Infrastructure in Ongoing Malware Campaigns
July 01, 2025
Cyber Espionage / Vulnerability
Cybersecurity experts have identified striking tactical parallels between the threat actors behind the RomCom RAT and a group observed deploying a loader named TransferLoader. Enterprise security firm Proofpoint is tracking this activity back to a group recognized as UNK_GreenSec, alongside the RomCom RAT actors, referred to as TA829. This group is also known by multiple aliases, including CIGAR, Nebulous Mantis, Storm-0978, Tropical Scorpius, UAC-0180, UAT-5647, UNC2596, and Void Rabisu. According to Proofpoint’s findings, UNK_GreenSec emerged during their investigation of TA829, with notable similarities in infrastructure, delivery tactics, landing pages, and email lure themes. TA829 stands out in the threat landscape for its capacity to engage in both espionage and financially motivated attacks. This hybrid group, aligned with Russia, has been linked to the exploitation of zero-day vulnerabilities in Mozilla software.
TA829 and UNK_GreenSec Collaborate in Ongoing Malware Operations July 1, 2025 Cyber Espionage / Vulnerability Recently, cybersecurity analysts have identified notable tactical parallels between the malicious activities of two distinct threat actor groups: one associated with the RomCom Remote Access Trojan (RAT) and another linked to a malware loader known…
TA829 and UNK_GreenSec Collaborate on Strategies and Infrastructure in Ongoing Malware Campaigns
July 01, 2025
Cyber Espionage / Vulnerability
Cybersecurity experts have identified striking tactical parallels between the threat actors behind the RomCom RAT and a group observed deploying a loader named TransferLoader. Enterprise security firm Proofpoint is tracking this activity back to a group recognized as UNK_GreenSec, alongside the RomCom RAT actors, referred to as TA829. This group is also known by multiple aliases, including CIGAR, Nebulous Mantis, Storm-0978, Tropical Scorpius, UAC-0180, UAT-5647, UNC2596, and Void Rabisu. According to Proofpoint’s findings, UNK_GreenSec emerged during their investigation of TA829, with notable similarities in infrastructure, delivery tactics, landing pages, and email lure themes. TA829 stands out in the threat landscape for its capacity to engage in both espionage and financially motivated attacks. This hybrid group, aligned with Russia, has been linked to the exploitation of zero-day vulnerabilities in Mozilla software.
Senator Hassan Presses Data Brokers Over Privacy Concerns United States Senator Maggie Hassan is intensifying scrutiny on major data brokers following a concerning investigation by prominent outlets including The Markup and CalMatters. This inquiry uncovered that at least 35 companies are obscuring opt-out procedures from search results, complicating efforts for…
Account Takeover Fraud, Fraud Management & Cybercrime, Litigation Zelle Provider Enabled $1 Billion in Fraudulent Transactions, Court Documents Reveal David Perera (@daveperera) • August 13, 2025 Image: PJ McDonnell/Shutterstock The New York Attorney General’s office has filed a lawsuit against Early Warning Services (EWS), the operator of the Zelle money…
Qilin Ransomware Introduces “Call Lawyer” Feature to Increase Pressure on Victims for Higher Ransoms
June 20, 2025
Ransomware / Cybercrime
The operators of the Qilin ransomware-as-a-service (RaaS) platform have unveiled a new “Call Lawyer” feature intended to pressure victims into paying larger ransoms. This strategic move comes as the group ramps up its activities to capitalize on the decline of competing cybercriminals. According to Israeli cybersecurity firm Cybereason, this feature is integrated into the affiliate panel, allowing affiliates to present legal counsel offers to victims.
This development marks a resurgence in Qilin’s operations at a time when other once-dominant ransomware factions, such as LockBit, Black Cat, and others, have faced sudden shutdowns and operational issues. Active since October 2022 and also known as Gold Feather and Water Galura, Qilin has emerged as a significant player in the ransomware landscape.
Data from dark web leak sites reveals that Qilin was responsible for 72 attacks in April 2025 and an estimated 55 in May, placing it behind only Safepay (72) and Luna Moth (67) in activity.
Qilin Ransomware Introduces “Call Lawyer” Feature to Boost Pressure on Victims June 20, 2025 In a notable shift within the landscape of ransomware attacks, the Qilin ransomware-as-a-service (RaaS) group has recently added a new feature aimed at compelling victims to comply with ransom demands. The “Call Lawyer” functionality, as reported…
Qilin Ransomware Introduces “Call Lawyer” Feature to Increase Pressure on Victims for Higher Ransoms
June 20, 2025
Ransomware / Cybercrime
The operators of the Qilin ransomware-as-a-service (RaaS) platform have unveiled a new “Call Lawyer” feature intended to pressure victims into paying larger ransoms. This strategic move comes as the group ramps up its activities to capitalize on the decline of competing cybercriminals. According to Israeli cybersecurity firm Cybereason, this feature is integrated into the affiliate panel, allowing affiliates to present legal counsel offers to victims.
This development marks a resurgence in Qilin’s operations at a time when other once-dominant ransomware factions, such as LockBit, Black Cat, and others, have faced sudden shutdowns and operational issues. Active since October 2022 and also known as Gold Feather and Water Galura, Qilin has emerged as a significant player in the ransomware landscape.
Data from dark web leak sites reveals that Qilin was responsible for 72 attacks in April 2025 and an estimated 55 in May, placing it behind only Safepay (72) and Luna Moth (67) in activity.
In a concerning development, a significant data breach linked to the Allianz Life ransomware attack has exposed nearly 3 million records from over a million individuals. This sensitive information, which includes names, addresses, phone numbers, dates of birth, Tax Identification Numbers, and social security numbers, has emerged on public internet…
Critical Flaw in Anthropic’s MCP Poses Remote Exploitation Risk for Developer Systems
July 01, 2025
Vulnerability / AI Security
Cybersecurity experts have identified a severe security flaw in Anthropic’s Model Context Protocol (MCP) Inspector project, potentially enabling remote code execution (RCE) and granting attackers total access to affected systems. Identified as CVE-2025-49596, this vulnerability boasts a CVSS score of 9.4 out of 10, indicating a critical risk level. “This represents one of the first significant RCE vulnerabilities within Anthropic’s MCP framework, opening the door to a new wave of browser-based attacks targeting AI development tools,” stated Avi Lumelsky from Oligo Security in a recent report. “With the ability to execute code on a developer’s machine, attackers can compromise sensitive data, install malware, and navigate through networks—posing serious threats to AI teams, open-source initiatives, and enterprises utilizing MCP.” Introduced by Anthropic in November 2024, MCP is an open protocol aimed at standardizing large language model (LLM) applications…
Critical Flaw in Anthropic’s MCP Poses Severe Risks to Developer Systems July 1, 2025 In a significant cybersecurity revelation, researchers have identified a critical vulnerability within Anthropic’s Model Context Protocol (MCP) Inspector project, potentially permitting remote code execution (RCE) that could compromise developer machines. This vulnerability, cataloged as CVE-2025-49596, has…
Critical Flaw in Anthropic’s MCP Poses Remote Exploitation Risk for Developer Systems
July 01, 2025
Vulnerability / AI Security
Cybersecurity experts have identified a severe security flaw in Anthropic’s Model Context Protocol (MCP) Inspector project, potentially enabling remote code execution (RCE) and granting attackers total access to affected systems. Identified as CVE-2025-49596, this vulnerability boasts a CVSS score of 9.4 out of 10, indicating a critical risk level. “This represents one of the first significant RCE vulnerabilities within Anthropic’s MCP framework, opening the door to a new wave of browser-based attacks targeting AI development tools,” stated Avi Lumelsky from Oligo Security in a recent report. “With the ability to execute code on a developer’s machine, attackers can compromise sensitive data, install malware, and navigate through networks—posing serious threats to AI teams, open-source initiatives, and enterprises utilizing MCP.” Introduced by Anthropic in November 2024, MCP is an open protocol aimed at standardizing large language model (LLM) applications…
