Npav Lab

A malicious update to the postmark-mcp server injects a hidden BCC to exfiltrate sensitive emails from thousands of organizations. Koi’s risk engine uncovered the attack, highlighting risks in AI-driven MCP tools. Remove version 1.0.16+ and audit MCP servers now.

Microsoft uncovers advanced XCSSET variant infecting Xcode projects for macOS devs—adds Firefox data exfiltration, crypto wallet clipboard swaps via AES-encrypted AppleScripts, and LaunchDaemon persistence. Mitigate with updates, Defender for Endpoint, and domain blocks.

Microsoft exposes AI-driven phishing campaign targeting US organizations: attackers use AI to craft verbose, business-jargon code in SVG attachments disguised as PDFs, hiding credential-stealing payloads behind invisible dashboards and evading antivirus detection.

SolarWinds patches CVE-2025-26399 (CVSS 9.8), a deserialization flaw in Web Help Desk allowing unauthenticated RCE; it's a bypass of CVE-2024-28988. Affects versions up to 12.8.7—upgrade to HF1. Discovered by Trend Micro ZDI; Qualys QID 733223 for detection.

XLab exposes the AISURU botnet, a 300,000-node powerhouse driving 11.5 Tbps DDoS peaks since 2025 via Totolink firmware hacks. Led by Snow, Tom, and Forky, it features ideological Easter eggs; rivals leak evidence amid calls for takedown amid escalating threats.

Threat actors use vulnerable Windows 8.1 WerFaultSecure.exe on patched Windows 11 24H2 to dump unencrypted LSASS memory via PPL bypass, extracting NTLM hashes and passwords for escalation. Zero Salarium details evasion tactics; defenders urged to monitor WER tools and anomalous PPL activity.

Major cyberattack on Jaguar Land Rover (JLR) causes Tata Motors shares to drop 4% to ₹655.30; production paused until Oct 1 with ₹560 crore weekly losses, potential ₹21,000 crore damage—exceeding annual profit. Experts urge cyber insurance and resilient IT amid auto sector digital risks.

Cisco's CVE-2025-20352 stack overflow in IOS/IOS XE SNMP allows remote RCE or DoS via crafted packets; actively exploited in wild after credential compromise. Affects Meraki MS390, Catalyst 9300; patch now, mitigate with SNMP views—restrict access to trusted sources.

India's universities endure 7,095 weekly cyberattacks—higher than global averages—due to hybrid models, limited resources, and connected campuses. Check Point report highlights RATs, malware risks; experts urge prevention-first security, AI monitoring, and investment to protect data and research.

Security scan reveals 150+ popular apps (millions of downloads) with Firebase test mode flaws allowing unauthenticated access to payments, PII, chats, passwords, and GitHub/AWS tokens in Realtime DB, Storage, Firestore, and Remote Config. Learn impacts, OpenFirebase tool, and fixes for ~80% of mobile apps.