Search results for mcp-server-fetch | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers have disclosed a now-patched, high-severity security flaw in Cursor, a popular artificial intelligence (AI) code editor, that could result in remote code execution (RCE). The vulnerability, tracked as CVE-2025-54135 (CVSS score: 8.6), has been addressed in version 1.3 released on July 29, 2025. It has been codenamed CurXecute by Aim Labs, which previously disclosed EchoLeak . "Cursor runs with developer‑level privileges, and when paired with an MCP server that fetches untrusted external data, that data can redirect the agent's control flow and exploit those privileges," the Aim Labs Team said in a report shared with The Hacker News. "By feeding poisoned data to the agent via MCP, an attacker can gain full remote code execution under the user privileges, and achieve any number of things, including opportunities for ransomware, data theft, AI manipulation and hallucinations, etc." In other words, the remote code execution can trigg...

Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol ( MCP ) server that could allow attackers to achieve code execution. The vulnerability, tracked as CVE-2025-53967 (CVSS score: 7.5), is a command injection bug stemming from the unsanitized use of user input, opening the door to a scenario where an attacker can send arbitrary system commands. "The server constructs and executes shell commands using unvalidated user input directly within command-line strings. This introduces the possibility of shell metacharacter injection (|, >, &&, etc.)," according to a GitHub advisory for the flaw. "Successful exploitation can lead to remote code execution under the server process's privileges." Given that the Framelink Figma MCP server exposes various tools to perform operations in Figma using artificial intelligence (AI)-powered coding agents like Cursor, an attacker co...

Cybersecurity researchers have disclosed details of a new attack method dubbed Reprompt that could allow bad actors to exfiltrate sensitive data from artificial intelligence (AI) chatbots like Microsoft Copilot in a single click, while bypassing enterprise security controls entirely. "Only a single click on a legitimate Microsoft link is required to compromise victims," Varonis security researcher Dolev Taler said in a report published Wednesday. "No plugins, no user interaction with Copilot." "The attacker maintains control even when the Copilot chat is closed, allowing the victim's session to be silently exfiltrated with no interaction beyond that first click." Following responsible disclosure, Microsoft has addressed the security issue. The attack does not affect enterprise customers using Microsoft 365 Copilot. At a high level, Reprompt employs three techniques to achieve a data‑exfiltration chain - Using the "q" URL parameter in...

Cyber threats are no longer coming from just malware or exploits. They’re showing up inside the tools, platforms, and ecosystems organizations use every day. As companies connect AI, cloud apps, developer tools, and communication systems, attackers are following those same paths. A clear pattern this week: attackers are abusing trust. Trusted updates, trusted marketplaces, trusted apps, even trusted AI workflows. Instead of breaking security controls head-on, they’re slipping into places that already have access. This recap brings together those signals — showing how modern attacks are blending technology abuse, ecosystem manipulation, and large-scale targeting into a single, expanding threat surface. ⚡ Threat of the Week OpenClaw announces VirusTotal Partnership — OpenClaw has announced a partnership with Google's VirusTotal malware scanning platform to scan skills that are being uploaded to ClawHub as part of a defense-in-depth approach to improve the security of the agen...

Malware isn’t just trying to hide anymore—it’s trying to belong. We’re seeing code that talks like us, logs like us, even documents itself like a helpful teammate. Some threats now look more like developer tools than exploits. Others borrow trust from open-source platforms, or quietly build themselves out of AI-written snippets. It’s not just about being malicious—it’s about being believable. In this week’s cybersecurity recap, we explore how today’s threats are becoming more social, more automated, and far too sophisticated for yesterday’s instincts to catch. ⚡ Threat of the Week Secret Blizzard Conduct ISP-Level AitM Attacks to Deploy ApolloShadow — Russian cyberspies are abusing local internet service providers' networks to target foreign embassies in Moscow and likely collect intelligence from diplomats' devices. The activity has been attributed to the Russian advanced persistent threat (APT) known as Secret Blizzard (aka Turla). It likely involves using an adversary-...

Cybersecurity researchers from  SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads. The packages in question are listed below - eslint-config-airbnb-compat (676 Downloads) ts-runtime-compat-check (1,588 Downloads) solders (983 Downloads) @mediawave/lib (386 Downloads) All the identified npm packages have since been taken down from npm, but not before they were downloaded hundreds of times from the package registry.  SafeDep's analysis of eslint-config-airbnb-compat found that the JavaScript library has ts-runtime-compat-check listed as a dependency, which, in turn, contacts an external server defined in the former package ("proxy.eslint-proxy[.]site") to retrieve and execute a Base64-encoded string. The exact nature of the payload is unknown. "It implements a multi-stage remote code execution attack using a transitive dependency to hide the malicious code,"...

Cybersecurity researchers have discovered three malicious Go modules that include obfuscated code to fetch next-stage payloads that can irrevocably overwrite a Linux system's primary disk and render it unbootable. The names of the packages are listed below - github[.]com/truthfulpharm/prototransform github[.]com/blankloggia/go-mcp github[.]com/steelpoor/tlsproxy "Despite appearing legitimate, these modules contained highly obfuscated code designed to fetch and execute remote payloads," Socket researcher Kush Pandya said . The packages are designed to check if the operating system on which they are being run is Linux, and if so retrieve a next-stage payload from a remote server using wget. The payload is a destructive shell script that overwrites the entire primary disk (" /dev/sda ") with zeroes, effectively preventing the machine from booting up. "This destructive method ensures no data recovery tool or forensic process can restore the data, as...

The year opened without a reset. The same pressure carried over, and in some places it tightened. Systems people assume are boring or stable are showing up in the wrong places. Attacks moved quietly, reused familiar paths, and kept working longer than anyone wants to admit. This week’s stories share one pattern. Nothing flashy. No single moment. Just steady abuse of trust — updates, extensions, logins, messages — the things people click without thinking. That’s where damage starts now. This recap pulls those signals together. Not to overwhelm, but to show where attention slipped and why it matters early in the year. ⚡ Threat of the Week RondoDox Botnet Exploits React2Shell Flaw — A persistent nine-month-long campaign has targeted Internet of Things (IoT) devices and web applications to enroll them into a botnet known as RondoDox. As of December 2025, the activity has been observed leveraging the recently disclosed React2Shell (CVE-2025-55182, CVSS score: 10.0) flaw as an initial...

Cybersecurity researchers have discovered a set of 11 malicious Go packages that are designed to download additional payloads from remote servers and execute them on both Windows and Linux systems. "At runtime the code silently spawns a shell, pulls a second-stage payload from an interchangeable set of .icu and .tech command-and-control (C2) endpoints, and executes it in memory," Socket security researcher Olivia Brown said . The list of identified packages is below - github.com/stripedconsu/linker github.com/agitatedleopa/stm github.com/expertsandba/opt github.com/wetteepee/hcloud-ip-floater github.com/weightycine/replika github.com/ordinarymea/tnsr_ids github.com/ordinarymea/TNSR_IDS github.com/cavernouskina/mcp-go github.com/lastnymph/gouid github.com/sinfulsky/gouid github.com/briefinitia/gouid

Misconfigured Docker instances are the target of a campaign that employs the Tor anonymity network to stealthily mine cryptocurrency in susceptible environments. "Attackers are exploiting misconfigured Docker APIs to gain access to containerized environments, then using Tor to mask their activities while deploying crypto miners," Trend Micro researchers Sunil Bharti and Shubham Singh said in an analysis published last week. In using Tor, the idea is to anonymize their origins during the installation of the miner on compromised systems. The attacks, per the cybersecurity company, commence with a request from the IP address 198.199.72[.]27 to obtain a list of all containers on the machine. If no containers are present, the attacker proceeds to create a new one based on the "alpine" Docker image and mounts the "/hostroot" directory – i.e., the root directory ("/") of the physical or virtual host machine – as a volume inside it. This behavior p...