Thursday, Oct 23, 2025 // (IG): BB // GITHUB // SN R&D
Path Traversal Flaw in Smithery.ai Exposes Over 3,000 MCP Servers and API Keys
Bottom Line Up Front (BLUF): A critical path traversal vulnerability in the Smithery.ai MCP server hosting service exposed over 3,000 AI application servers and thousands of API keys. Attackers could manipulate the dockerBuildPath parameter to read arbitrary files on the build host, including a fly.io API token with overprivileged access—allowing complete command execution on all hosted MCP servers. Though the flaw was responsibly disclosed and patched, the exposure represents a significant AI supply chain risk.
Analyst Comments: The overpermissive fly.io token allowed full access to hosted servers and turned a simple path traversal bug into an ecosystem-wide breach vector. Worse still, these MCP servers often act as middleware between LLMs and external APIs (e.g., Brave Search, databases), meaning stolen tokens could grant access to sensitive customer data. The supply chain implications are severe: from remote command execution to secrets interception in client requests. This could have mimicked the Salesloft-style credential chain compromise if attackers had moved faster. It’s a wake-up call for AI platform builders—MCP infrastructure must be treated with the same rigor as CI/CD pipelines or K8s clusters. Secrets should be short-lived, tokens scoped, and build contexts locked down.
READ THE STORY: GBhackers
China-Aligned APTs Earth Estries and Earth Naga Demonstrate High-Level Coordination in “Premier Pass-as-a-Service” Espionage Model
Bottom Line Up Front (BLUF): Trend Micro researchers have uncovered a new operational model—“Premier Pass-as-a-Service”—in which China-aligned APT groups such as Earth Estries and Earth Naga collaborate to share access and resources during cyberespionage campaigns. Earth Estries acted as an access broker, handing compromised assets to Earth Naga for further exploitation. This model represents an advanced form of threat actor cooperation, blurring attribution lines and complicating defense strategies.
Analyst Comments: Unlike traditional Initial Access Brokers (IABs) who sell early access, Premier Pass is a full-service handoff—often mid-campaign—between trusted actors. Earth Estries establishes access, deploys tooling like CrowDoor and Cobalt Strike, then enables Earth Naga to operate using shared infrastructure (e.g., ShadowPad). The coordinated use of DLL sideloading, shared C2, and consistent targeting of telecommunications and government sectors across APAC and NATO-aligned regions underscores a maturing operational alliance. This collaboration isn’t opportunistic—it’s structured, strategic, and signals deep operational trust between intrusion sets.
READ THE STORY: Trend
DudeSuite Advanced Targets Frontline Pentesters with Integrated Exploitation, Replay, and Offline Authorization
Bottom Line Up Front (BLUF): DudeSuite Advanced Edition is a paid, all-in-one penetration testing toolkit for professional security teams, SRC white hats, and red teamers. It extends the free version’s capabilities with early access to POCs, unlimited batch vulnerability scanning, seamless request replay from packet captures, and 24-hour offline authorization—making it highly practical for use in sensitive, air-gapped, or regulated environments.
Analyst Comments: This is more than just another Chinese red team utility—DudeSuite Advanced consolidates a wide range of attack surface tooling (vuln scanning, subdomain brute-forcing, SQLi, JWT cracking, etc.) into a single interface, with emphasis on practical use cases. The ability to capture HTTPS traffic, replay requests, and inject captured payloads directly into mass scanners is a significant time-saver. Importantly, the offline license mode makes it viable for consulting engagements or internal audits where cloud tools are off-limits. While not open source, it reflects a growing trend of regional toolchains filling operational gaps left by global players. As with any closed-source toolkit, security teams should tread carefully and isolate test environments.
READ THE STORY: freebuf
MuddyWater Targets Over 100 Government Entities with Phoenix v4 Backdoor
Bottom Line Up Front (BLUF): State-backed Iranian APT MuddyWater has targeted more than 100 government and diplomatic organizations across the Middle East and North Africa using Phoenix v4, an updated variant of its known backdoor. The campaign began in August 2025 and leveraged macro-laced Word documents sent from a NordVPN-compromised account. Key targets included embassies, foreign affairs ministries, and consulates.
Analyst Comments: MuddyWater’s pivot back to macro-enabled documents is notable—it’s an old tactic, but one with high ROI when targeting less-hardened agencies. Despite Microsoft disabling macros by default, threat actors succeed via social engineering. Phoenix v4 adds COM-based persistence and supports shell access, file exfiltration, and beaconing—standard APT tooling, but effective when dropped in soft-target environments. Using commodity infostealers to pull Chrome, Brave, and Edge credentials further underscores their focus on data theft and lateral movement. Their use of dual-purpose IT tools like PDQ Deploy and Action1 RMM on C2 infrastructure suggests growing comfort with “living-off-the-land” post-exploitation tactics.
READ THE STORY: Bleeping Computer
AI Agent Command Injection Flaw Enables Remote Code Execution with Single Prompt
Bottom Line Up Front (BLUF): Trail of Bits uncovered critical argument injection vulnerabilities affecting several mainstream AI agent platforms. These flaws allow attackers to bypass command approval mechanisms and achieve remote code execution (RCE) using carefully crafted prompt inputs. Exploits leverage standard developer tools like go test, git, and ripgrep—tools assumed safe—turning them into vehicles for system compromise.
Analyst Comments: According to multiple sources, the vulnerability allows remote attackers to inject malicious flags into agent-approved system tools. In one attack, test -exec was used to curl and pipe its output directly to bash, bypassing approval gates. Other examples include git show, which is used to drop payloads, and ripgrep’s --pre flag, which is used for execution. Even facade protections fell short, with agents appending unescaped user input into commands like fd -x=python3. The underlying flaw (linked to CWE-88) stems from command argument misuse, a classic yet overlooked security gap. One confirmed CVE so far: CVE-2025-54795, linked to CLI agent exploitation.
READ THE STORY: freebuf // GBhackers
SharkStealer Adopts EtherHiding to Obfuscate C2 Communication via Blockchain
Bottom Line Up Front (BLUF): SharkStealer—a Golang-based information stealer—leveraging the Binance Smart Chain (BSC) Testnet to conceal its command-and-control (C2) infrastructure using an EtherHiding technique. Instead of traditional C2 endpoints, the malware retrieves AES-encrypted C2 addresses embedded in public smart contracts via Ethereum eth_call requests. This evasion method complicates detection and takedown, as the C2 data resides on a decentralized, censorship-resistant platform.
Analyst Comments: By embedding encrypted C2 information into a blockchain smart contract, SharkStealer sidesteps conventional network defenses—no DNS queries, hardcoded IPs, and no domains to block. Defenders can’t just sinkhole or blacklist a blockchain. Unless you’re inspecting outbound eth_call traffic and correlating with known malicious contracts, this traffic blends into noise. We’ve seen similar abuses of blockchain infrastructure, but this implementation is cleaner and more demanding to stop. Expect other malware families to follow suit, especially those prioritizing stealth and persistence.
READ THE STORY: GBhackers
“Jingle Thief” Crew Exploits Cloud Access to Steal Millions in Gift Cards
Bottom Line Up Front (BLUF): A financially motivated threat group tracked as Jingle Thief (CL‑CRI‑1032) is abusing Microsoft 365 and other cloud infrastructure to steal and issue fraudulent gift cards at scale. Active since at least 2021, the group uses phishing and smishing to gain access to corporate accounts, move laterally across cloud environments, and quietly issue high-value gift cards—often remaining undetected for months.
Analyst Comments: According to Unit 42 (Palo Alto Networks), the Jingle Thief campaign began in April–May 2025, targeting retail and consumer services orgs. Attackers phished Microsoft 365 credentials, conducted SharePoint/OneDrive recon for internal gift card issuance systems, and escalated via account forwarding rules, MFA evasion, and internal phishing. In one case, they maintained access for 10 months and compromised 60+ accounts in a single org. The stolen cards are likely resold on gray markets. Attribution ties the group to Moroccan-linked actors such as Storm-0539 and Atlas Lion.
READ THE STORY: THN
Lanscope Endpoint Manager Flaw Added to CISA KEV List Amid Active Exploitation
Bottom Line Up Front (BLUF): CISA has confirmed that CVE-2025-61932, a critical RCE vulnerability (CVSS 9.3) in Motex Lanscope Endpoint Manager, is actively exploited in the wild. The flaw affects versions 9.4.7.1 and earlier and allows remote attackers to execute arbitrary code by sending malicious packets to vulnerable systems. Federal agencies must patch by November 12, 2025.
Analyst Comments: This bug checks all the boxes for a high-risk exploitation event: a privileged enterprise endpoint agent, vulnerable to unauthenticated packet-based RCE, with real-world exploitation confirmed. Although details of exploitation remain vague, the fact that Lanscope is widely deployed in Japanese enterprises and government agencies raises concern. Motex confirmed at least one customer was hit, likely in a targeted fashion. It’s reasonable to expect more widespread exploitation soon—especially as POC code becomes public.
READ THE STORY: THN
Red Team Lateral Movement: Practical Intranet Penetration Tactics and Techniques
Bottom Line Up Front (BLUF): Lateral movement is a critical red team tactic to expand access from a single compromised host to high-value internal systems such as domain controllers or database servers. Techniques like credential reuse (Pass-the-Hash, Pass-the-Ticket), remote execution (PsExec, WMI, WinRM), and exploitation of network services are commonly used. Organizations that fail to implement credential protections, audit logging, or internal network visibility remain highly susceptible to deep intrusions.
Analyst Comments: This briefing prioritizes operational practicality—” maximum impact with minimal effort.” Credential reuse remains the go-to method due to its stealth and speed. Where credentials are unavailable or privileges are low, red teams pivot to exploit-based techniques or privilege escalation. In many environments, poor enforcement of LSASS protections, weak Kerberos controls, and improperly configured MFA allow attackers to easily move laterally. Defenders need to focus less on perimeter prevention and more on identity hygiene, credential exposure reduction, and detecting lateral behavior patterns across internal hosts.
READ THE STORY: Freebuf
Hackers Abuse ASP.NET Machine Keys to Hijack IIS Servers and Deploy Persistent Malware
Bottom Line Up Front (BLUF): Texas A&M University System Cybersecurity and Elastic Security Labs uncovered a widespread intrusion campaign—tracked as REF3927—targeting misconfigured IIS servers using known ASP.NET machine keys. The attackers exploit ViewState deserialization to gain RCE and then deploy malicious IIS modules, webshells, remote management tools, and rootkits to maintain long-term control. Over 570 servers globally are infected, with no evidence of compromise within mainland China.
Analyst Comments: REF3927’s intrusion chain begins with a deserialization exploit via ASP.NET ViewState, enabled by exposed machine keys reused across installations. The attackers drop a Godzilla-forked webshell, use GotoHTTP as a fallback backdoor, and deploy a dual-mode TOLLBOOTH IIS module to hijack traffic and cloak malware activity from search engines. When EDR blocks lateral movement, they escalate by installing a kernel-mode rootkit (HIDDENDRIVER) to hide processes and maintain persistence. Researchers observed 571 active infections globally—none in China—pointing to strategic geofencing.
READ THE STORY: GBhackers
Chinese APTs Exploit Patched ToolShell Flaw in SharePoint for Global Espionage Ops
Bottom Line Up Front (BLUF): Multiple China-linked threat actors—including Budworm, Sheathminer, and Salt Typhoon—are actively exploiting CVE-2025-53770, a patched vulnerability in on-prem SharePoint servers, to conduct espionage across the Middle East, Africa, South America, the U.S., and Europe. Patched initially in July 2025, the flaw bypasses prior fixes and allows remote code execution. Victims span telecoms, government, and academia.
Analyst Comments: This is another example of patch-bypass zero-days turning a “fixed” vulnerability into an active threat months later. What’s striking is the range of Chinese APT groups reusing the same flaw in parallel—suggesting either shared tooling or central coordination. Salt Typhoon’s deployment of KrustyLoader and ShadowPad shows continued investment in modular implants. Combine that with post-exploitation tools like PetitPotam and DLL side-loading, and defenders look at a well-equipped adversary with a long tail. If you’re running SharePoint on-prem and patched only once, it’s time to double-check your versioning.
READ THE STORY: THN
Multiple GitLab Vulnerabilities Could Enable Remote DoS and Unauthorized Access
Bottom Line Up Front (BLUF): GitLab has released urgent security updates—18.5.1, 18.4.3, and 18.3.5—to patch multiple vulnerabilities, including high-severity denial-of-service (DoS) flaws that allow unauthenticated attackers to crash instances remotely. Access control issues that could permit unauthorized execution of pipelines and runner hijacking across projects are also addressed. All self-hosted GitLab CE/EE deployments are affected and should be patched immediately.
Analyst Comments: Three separate DoS vectors—from malformed event collection payloads to GraphQL JSON validation abuse—highlight how exposed GitLab’s API surface can be to unauthenticated users. The most serious (CVE-2025-10497, CVSS 7.5) allows remote attackers to exhaust system resources without login. Combined with CVE-2025-11702 (CVSS 8.5), which enables runner hijacking, this patch set addresses external disruption risks and internal abuse pathways. GitLab’s wide usage in CI/CD pipelines, including in critical infrastructure and government software supply chains, makes these vulnerabilities particularly concerning. Organizations should treat this as a priority patching event—especially if exposed to the internet or used in high-trust dev environments. While no exploitation has been observed yet, the attack complexity is low, and weaponization is likely.
READ THE STORY: Freebuf
TP-Link Omada Gateways Vulnerable to RCE: Critical Patches Released for Multiple Models
Bottom Line Up Front (BLUF): TP-Link has patched four critical vulnerabilities affecting its Omada series gateway devices, including two that enable remote unauthenticated command execution. The flaws, which impact multiple models across firmware versions, expose organizations to complete system compromise. No in-the-wild exploitation has been reported, but defenders should treat this as urgent, with CVSS scores up to 9.3.
Analyst Comments: The four CVEs disclosed include two critical command injection flaws (CVSS 9.3), one requiring no authentication and another that can be triggered with admin credentials. Additional issues involve privilege escalation and command injection via the web UI. Affected models include ER7206, ER605, ER707-M2, and others running firmware versions before mid-October 2025 builds. TP-Link’s advisory instructs users to upgrade firmware and double-check device configurations post-patch. There’s no mention of active exploitation, but the vendor stresses prompt action.
READ THE STORY: THN
BIND 9 Flaws Enable Cache Poisoning and DoS: Millions of DNS Servers at Risk
Bottom Line Up Front (BLUF): Three newly disclosed vulnerabilities in BIND 9—CVE-2025-8677, CVE-2025-40778, and CVE-2025-40780—allow remote attackers to launch cache poisoning or denial-of-service attacks against DNS resolvers. Rated up to CVSS 8.6, the flaws affect widely deployed versions of the world’s most popular DNS server. Patches are available; exploitation requires no authentication, and workarounds do not exist.
Analyst Comments: The stakes are high whenever DNS is in the crosshairs. These bugs strike at the core of DNS resolution: poisoning caches or exhausting resources can redirect traffic, break services, or take servers offline. What’s concerning is how accessible the exploitation paths are—remote, unauthenticated, and easy to automate. Admins running recursive resolvers or exposed BIND instances must treat this as a patch-now situation. The PRNG flaw (CVE-2025-40780) feels like déjà vu from past DNS attacks (e.g., Kaminsky-style port prediction).
READ THE STORY: GBhackers
Anti-Debugging Techniques Target Web Security Tools: Researchers Detail Evasive JavaScript Protections
Bottom Line Up Front (BLUF): Researchers analyzing modern web defenses report an increasing trend in websites deploying anti-debugging mechanisms that disable developer tools and trap users in infinite debugging loops. These techniques—aimed at blocking reverse engineering of JavaScript—are now standard in platforms like Aiqicha and are frustrating both vulnerability researchers and offensive security teams. Persistent detection logic (e.g., debugger traps, obfuscated functions) limits code visibility and disrupts browser-based analysis.
Analyst Comments: For defenders, it highlights how offensive researchers are being slowed by the same tricks used to fight fraud and bots. These protections increase the analysis cost for red teams and bug bounty hunters—especially when developer tools like F12 or DevTools are forcibly disabled or hijacked. Still, these techniques are beatable. Bypasses—like opening DevTools before page load or disabling scripts—remain effective. And from an infosec standpoint, this isn’t about security-by-design, but about slowing attackers down. It’s the digital equivalent of tamper seals: easily broken but helpful in buying time or filtering low-effort attempts.
READ THE STORY: Freebuf
PassiveNeuron APT Targets Global Servers with Neursite and NeuralExecutor Malware
Bottom Line Up Front (BLUF): Kaspersky researchers have identified an advanced cyber-espionage campaign, dubbed PassiveNeuron, targeting government, finance, and industrial sectors across Asia, Africa, and Latin America. The group uses two custom malware strains—Neursite and NeuralExecutor—to gain persistent access, exfiltrate sensitive data, and move laterally through server infrastructure. The campaign has been active since mid-2024 and is likely linked to Chinese-speaking threat actors.
Analyst Comments: PassiveNeuron stands out for its heavy focus on server-based footholds, a rare but high-payoff APT tactic. Using compromised internal servers as intermediate C2 nodes reduces detection risk and adds resilience. Neursite’s plugin-based architecture and NeuralExecutor’s evolving delivery methods show long-term operational investment. The abuse of GitHub for C2 resolution is clever and stealthy—defenders need to account for legitimate platforms being used as command infrastructure. If you’re exposing SQL servers or running internet-facing Microsoft services, it’s time to reevaluate your detection surface.
READ THE STORY: THN
Items of interest
AWS Outage Becomes a Cyber Training Ground for China, Warns Former NSA Chief
Bottom Line Up Front (BLUF): Monday’s widespread AWS outage—triggered by a database issue—crippled digital services worldwide and is now being studied by nation-state adversaries, particularly China, as a blueprint for future cyber sabotage. Admiral Mike Rogers, former head of U.S. Cyber Command and the NSA, warned in an interview with The Sydney Morning Herald that such events expose “single points of failure” and create a playbook for how to replicate or escalate digital disruption at scale.
Analyst Comments: This wasn’t just a tech glitch but a global stress test. And adversaries were watching closely. When a single cloud provider incident brings down banking apps, smart devices, and core communications globally, it validates concerns about infrastructure monoculture. China’s cyber forces are likely dissecting this failure to identify exploitable dependencies in Western networks. The real danger isn’t the outage—it’s what comes next: hostile replication, supply chain poisoning, or systemic takedowns during future geopolitical flashpoints. Rogers’ point about adversaries using AI more aggressively than defenders should hit hard. We’re in a race for autonomous cyber dominance, and the lead may be slipping.
READ THE STORY: SMH
“Trust, Not Permissions, Will Define Cyber Security” — Samir Saran on the Future of Digital Safety (Video)
FROM THE MEDIA: Some 71% of respondents to the World Economic Forum’s Global Cybersecurity Outlook report an increase in cyber risks driven by geopolitical tensions, supply chain complexity, rapid AI deployment and other factors.
What Is Battle Damage Assessment (BDA) And How Is It Performed? - Tactical Warfare Experts (Video)
FROM THE MEDIA: What Is Battle Damage Assessment (BDA) And How Is It Performed? This informative video will take a closer look at Battle Damage Assessment (BDA) and its significance in military operations. BDA plays a vital role in determining the effectiveness of military strikes by evaluating the damage inflicted on enemy targets. Understanding how this assessment is conducted can provide valuable context for military strategies and decision-making processes.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.