#web

Cisco Talos has uncovered new threats, including ransomware like CyberLock and Lucky_Gh0$t, and a destructive malware called Numero, all disguised as legitimate AI tool installers to target victims.

All versions of the package mcp-markdownify-server are vulnerable to Server-Side Request Forgery (SSRF) via the Markdownify.get() function. An attacker can craft a prompt that, once accessed by the MCP host, can invoke the webpage-to-markdown, bing-search-to-markdown, and youtube-to-markdown tools to issue requests and read the responses to attacker-controlled URLs, potentially leaking sensitive information.

All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. An attacker can craft a prompt that, once accessed by the MCP host, will allow it to read arbitrary files from the host running the server.

Google on Wednesday disclosed that the Chinese state-sponsored threat actor known as APT41 leveraged a malware called TOUGHPROGRESS that uses Google Calendar for command-and-control (C2). The tech giant, which discovered the activity in late October 2024, said the malware was hosted on a compromised government website and was used to target multiple other government entities. "Misuse of cloud

A recent investigation by cybersecurity researchers at Oasis Security has revealed a data overreach in how Microsoft’s OneDrive…

### Summary This vulnerability is similar to CVE-2018-14732. When running a Next.js server locally (e.g. through `npm run dev`), the WebSocket server is vulnerable to the Cross-site WebSocket hijacking (CSWSH) attack. and a bad actor can access the source code of client components, if a user was to visit a malicious link while having the Next.js dev server running. ### Impact If a user is running a Next.js server locally (e.g. `npm run dev`), and they were to browse to a malicious website, the malicious website may be able to access the source code of the Next.js app. This vulnerability only affects applications making use of App Router. _Note: App Router was experimental requiring_ `experimental.appDir = true` _in versions_ `>=13.0.0` to `<13.4`.

Researchers at Oasis Security say the problem has to do with OneDrive File Picker having overly broad permissions.

### Impact * Some source-builds may be impacted by a CWE-1395 (eg. vulnerable `setuptools` dependency). * Multicast prior to v2.0.9a3 on systems with minimal dependancies installed may use `setuptools <78.1.1` and thus rely on a compromised dependency. In some cases there is a chance that source-builds would fail due to an exploit of the closely related CVE-2025-47273, or become arbitrarily modified. ### Patches * Pre-release version v2.0.9a0 and later resolve the issue by bumping requirements to `setuptools>=80.4` * Pre-release version v2.0.9a3 and later are recommended for improved stability over v2.0.9a0 ### Workarounds * Further hardening in v2.0.9a4+ of the build process in CI builds allowing source builds to be verified via GH attestations. ### References * [GHSA-5rjg-fvgr-3xxf](https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf) * pypa/setuptools#4946 ### Fixes * https://github.com/reactive-firewall/multicast/blob/c5c7c7de272421d944beca845287...

Authorities in Pakistan have arrested 21 individuals accused of operating "Heartsender," a once popular spam and malware dissemination service that operated for more than a decade. The main clientele for HeartSender were organized crime groups that tried to trick victim companies into making payments to a third party, and its alleged proprietors were publicly identified by KrebsOnSecurity in 2021 after they inadvertently infected their computers with malware.

A man is facing a $450,000 AU fine after he published deepfake images of prominent Australian women on the now-defunct MrDeepfakes web site.