In today’s cybersecurity news…
Foxconn confirms North American factory attack
Foxconn said that several North American factories were hit by a cyberattack claimed by the Nitrogen ransomware group, which says it stole 8TB of data including confidential files tied to customers like Apple, Intel, Google, Dell, and NVIDIA. Foxconn said it activated incident response measures and is restoring affected operations. The ransomware group continues to pressure victims through data theft and file encryption. (SecurityWeek)
BitLocker zero-day accesses protected drives
A researcher known as Chaotic Eclipse or Nightmare Eclipse released proof-of-concept exploits for two unpatched Windows zero-days dubbed YellowKey and GreenPlasma, including a BitLocker bypass that can expose encrypted drives through the Windows Recovery Environment. Security researchers confirmed parts of the YellowKey exploit, which abuses NTFS transaction logs to launch a command shell with access to unlocked BitLocker volumes on TPM-only systems. The disclosure follows earlier leaked Windows exploits from the same researcher. (BleepingComputer)
MDASH patches 16 Windows flaws
Microsoft unveiled MDASH, a multi-model AI system that uses more than 100 specialized agents to discover and validate software vulnerabilities in Windows codebases. The company said MDASH identified 16 flaws patched in this month’s Patch Tuesday release, including two critical remote code execution bugs affecting Windows networking and authentication components. This follows similar AI-driven cybersecurity efforts from Anthropic and OpenAI. (The Hacker News)
Mistral develops new AI model for banks
Bloomberg’s sources say Mistral AI is developing a cybersecurity-focused AI model for European banks looking for alternatives to Anthropic’s restricted-access Mythos system. The company has reportedly been in talks with financial institutions concerned about AI-driven cyber threats and Europe’s limited access to advanced US security models. Mistral CEO Arthur Mensch also argued that Europe needs domestic AI security tools to avoid dependence on foreign systems. (Bloomberg)
Huge thanks to our episode sponsor, Doppel
But Doppel sees through the disguise. Our AI-native platform detects and disrupts attacks across every channel, while training employees to recognize deepfakes and deception.
We fight relentlessly to protect your business, brand, and people.
Doppel. Outpacing what’s next in social engineering.
Learn more at doppel.com
Exim mailer flaw allows remote code execution
A critical remote code execution flaw was disclosed in the Exim mail server, affecting versions 4.97 through 4.99.2 compiled with GnuTLS and certain SMTP features enabled. The vulnerability stems from a use-after-free bug during TLS shutdown that could let unauthenticated attackers execute commands, access emails, and potentially access compromised environments. Researchers at XBOW said AI-assisted tools helped accelerate exploit development, though a human researcher ultimately produced the successful exploit. (BleepingComputer)
Bug hunter tracks down three massive MCP flaws
An Akamai researcher uncovered three major vulnerabilities in Model Context Protocol (MCP) servers tied to Apache Software Foundation Doris, Apache Pinot, and Alibaba RDS that could allow SQL injection, sensitive data theft, or full database compromise through AI-connected systems. Apache patched an SQL injection flaw in Doris. Pinot added optional OAuth protections but still has unresolved issues. Alibaba reportedly declined to patch its RDS MCP vulnerability, which researchers said could expose sensitive metadata through unauthenticated requests. (The Register)
Attackers weaponize RubyGems
Socket researchers uncovered a campaign dubbed “GemStuffer” that abuses the RubyGems package registry as a dead-drop system for exfiltrated data rather than traditional malware delivery. More than 100 malicious gems scraped public-facing UK government websites and uploaded the collected data back to RubyGems using embedded API keys, letting attackers retrieve the information without dedicated command-and-control infrastructure. Researchers warned it highlights how software package registries could increasingly be abused as covert data transport layers in future supply chain attacks. (Dark Reading)
Tables turn on ‘The Gentlemen’
Check Point analyzed leaked internal data from the ransomware group “The Gentlemen” after unknown hackers breached the gang’s backend systems and began selling 16GB of stolen data. The leak revealed a structured ransomware-as-a-service operation led by an operator known as “zeta88,” with specialized members handling reconnaissance, credential access, negotiations, and malware development with a 90/10 affiliate payout model. The group is said to rely on known vulnerabilities, common ransomware tooling, and some AI-assisted development. (Dark Reading)