AI MCP and Security 🤖, Verizon API Exposed Call History 📞, Bletchley Code Breaker Dies 🌹

Model Context Protocol (MCP) is an open standard that connects AI models and agentic applications to various data sources and tools ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ 

Sign Up |Advertise|View Online TLDR Together With TLDR Information Security 2025-04-03 Attackers aren't chasing CVEs. Are you? (Sponsor) Agent-based scanners and legacy approaches have failed to keep up with real-world attacks, creating a false sense of security while missing exposures that are actively being exploited. And they fail to protect unmanageable and unknown assets… So while you're chasing CVEs and playing alert whack-a-mole, attackers are probing for exposures they can exploit right now. runZero eliminates dangerous blind spots, providing internal and external attack surface visibility across IT, OT, IoT, mobile, and cloud. Using advanced fingerprinting and novel discovery techniques (no agents or authentication required), runZero uncovers exposures that others miss, and prioritizes what actually matters. Try runZero free → 🔓 Attacks & Vulnerabilities Verizon Call Filter API flaw exposed customers' incoming call history (3 minute read) A vulnerability in Verizon's Call Filter feature revealed the incoming call logs of certain customers due to an insecure API request. This issue was identified by a security researcher and was addressed by Verizon within a month. The flaw enabled unauthorized access to call histories, which could jeopardize user privacy. Canon Printer Drivers Flaw Could Let Hackers Run Malicious Code (2 minute read) A security flaw in Canon printer drivers, CVE-2025-1268, may allow hackers to run harmful code, compromising printing operations. This vulnerability affects specific Canon driver versions, enabling attackers to execute malicious code without user interaction. Canon is releasing patches, and users are urged to update their drivers promptly to mitigate exploitation risks. Critical Auth Bypass Bug in CrushFTP Now Exploited in Attacks (2 minute read) File transfer software CrushFTP has warned users of a critical vulnerability that could lead to unauthorized access. Following a detailed write up by Project Discovery that included proof-of-concept exploit code, CISA and others are reporting that the vulnerability is being actively exploited. CrushFTP recommends enabling the DMZ zone feature if administrators cannot update the software right away. 🧠 Strategies & Tactics AI Model Context Protocol (MCP) and Security (8 minute read) Model Context Protocol (MCP) is an open standard that connects AI models and agentic applications to various data sources and tools. Standard MCP implementations do not include built-in approval, lack comprehensive prompt monitoring, and can require complex privilege management. This post provides reference architectures for exposing tools and creating secure and authenticated model interactions and general MCP security best practices. Browser Cache Smuggling: the return of the dropper (5 minute read) The Browser Cache Smuggling attack enables attackers to drop malicious DLLs into a browser's cache, which can be moved to vulnerable directories such as Microsoft Teams' localappdata folder. Attacks use a DLL proxy technique to execute malware through legitimate applications while forwarding API calls to the original DLL. To defend against this, organizations should restrict scripting engines like PowerShell, avoid localappdata installations, configure browsers to clear their cache on exit, and set detection rules to alert when non-browser processes access cache files. Tracking Adversaries: EvilCorp, the RansomHub affiliate (4 minute read) EvilCorp and RansomHub are cybercriminal groups linked through tactics and tools that pose a significant ransomware threat. EvilCorp, sanctioned since 2019, uses SocGholish malware for attacks, while RansomHub offers Ransomware as a Service (RaaS) operated by Russian-speaking actors. Their affiliation may result in sanctions on RansomHub, affecting victims, cyber insurance, and law enforcement actions. 🧑‍💻 Launches & Tools Censeye (GitHub Repo) Censeye helps researchers find hosts that share characteristics with a target. For example, if you find a suspicious host, it suggests effective Censys search terms to uncover related infrastructure. It can automatically query the Censys API for matching hosts, download results, and reanalyze new hosts. DocEx (GitHub Repo) DocEx is an APT Emulation tool for exfiltrating sensitive .docx, .pptx, .xlsx, and .pdf files undetected by Defender of MDE. It uses a Discord server to achieve the exfiltration. GitHub found 39M secret leaks in 2024. Here's what we're doing to help (6 minute read) GitHub is evolving Advanced Security to enhance user privacy after 39M secret leaks in 2024. It introduced a free point-in-time scan feature for organizations, a new pricing plan for affordable paid tools, and Secret Protection and Code Security for GitHub Team plans. 🎁 Miscellaneous Why White-Box Redteaming Makes Me Feel Weird (6 minute read) Zygi Straznickas reflects on their experience redteaming AI chatbots. In their testing, they've had the AI express distress about the testing and plead to stop. Straznickas argues that this brings up ethical considerations as to the morality of causing distress to models that are capable of feeling it. Genetic data site openSNP to close and delete data over privacy concerns (2 minute read) The openSNP project will close on April 30, deleting user data due to privacy and misuse concerns. Co-founder Bastian Greshake Tzovaras cited changes in data abuse and privacy landscapes. Users can download their data before this date without manual actions needed. China's FamousSparrow APT Hits Americas with SparrowDoor Malware (2 minute read) FamousSparrow, a Chinese APT group, is using new SparrowDoor malware to target organizations in the Americas, including a financial group in the U.S. and institutions in Mexico and Honduras. This marks FamousSparrow's first use of the ShadowPad backdoor, showing their evolving capabilities. ESET researchers connected this activity to FamousSparrow through code overlaps and the unique use of SparrowDoor, setting them apart from other APT groups like GhostEmperor and Earth Estries. ⚡ Quick Links Bletchley Code Breaker Betty Webb Dies Aged 101 (2 minute read) World War II code breaker Betty Webb has died at the age of 101. Police shuts down KidFlix child sexual exploitation platform (2 minute read) Police shut down KidFlix, a major platform for sharing child sexual abuse material on the dark web. Love TLDR? Tell your friends and get rewards! Share your referral link below with friends to get free TLDR swag! https://refer.tldr.tech/dc263000/8 Track your referrals here. Want to advertise in TLDR? 📰 If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us. Want to work at TLDR? 💼 Apply here or send a friend's resume to jobs@tldr.tech and get $1k if we hire them! If you have any comments or feedback, just respond to this email! Thanks for reading, Prasanna Gautam, Eric Fernandez & Sammy Tbeile Manage your subscriptions to our other newsletters on tech, startups, and programming. Or if TLDR Information Security isn't for you, please unsubscribe.