DJBSEC's CyberNews 2026-01-22

1. Vulnerabilities Found in Anthropic Git MCP Server

Security researchers have identified multiple vulnerabilities in Anthropic’s Git-based Model Context Protocol (MCP) server implementation. The flaws could allow attackers to gain unauthorized access to repositories, execute commands, or pivot into connected AI workflows. Because MCP servers often run with elevated privileges to support AI tooling, exploitation could have serious downstream impact. Anthropic has issued guidance and updates to mitigate the risks. Organizations using MCP integrations are urged to audit exposure and apply fixes immediately.

2. NVIDIA Nsight Graphics Vulnerability Affects Linux Systems

A vulnerability has been discovered in NVIDIA Nsight Graphics on Linux systems that could allow local attackers to escalate privileges. The issue stems from improper handling of certain files and permissions during debugging operations. Exploitation could enable attackers to execute code with higher privileges than intended. NVIDIA has released updates to address the flaw. Linux users running Nsight Graphics are advised to patch promptly.

3. AI-Driven Phishing Raises New Security Concerns

Security experts warn that AI-generated phishing attacks are becoming significantly more convincing and harder to detect. Threat actors are using generative AI to craft personalized messages that mimic real writing styles and business context. These attacks increase the success rate of credential theft and business email compromise. Traditional filters struggle to identify AI-crafted content. Organizations are urged to combine technical controls with enhanced user awareness training.

4. Training and Demo Apps from Vendors Introduce Security Risks

Researchers have found that training and demo applications published by vendors often contain serious security weaknesses. These apps may include hardcoded credentials, outdated dependencies, or insecure configurations. Attackers can exploit them as entry points into corporate environments. The issue highlights a blind spot where “non-production” software is still deployed in real networks. Security teams are encouraged to treat training apps with the same scrutiny as production systems.

5. Under Armour Data Exposure Tied to Everest Ransomware Group

Reports indicate that Under Armour data has surfaced on leak sites associated with the Everest ransomware group. The attackers claim to have exfiltrated sensitive corporate information before encryption. While the full scope of the breach is still being assessed, the incident highlights the continued use of double-extortion tactics. Under Armour has begun investigating the claims and assessing potential impact. Customers and partners are being advised to remain alert.

6. Zoom and GitLab Release Critical Security Updates

Zoom and GitLab have both released security updates addressing multiple vulnerabilities in their platforms. Some of the flaws could allow attackers to execute code, bypass authentication, or access sensitive data. While no active exploitation has been confirmed for all issues, researchers warn the vulnerabilities are attractive targets. Users and administrators are urged to update immediately. Delayed patching could expose collaboration and development environments.

7. North Korean “PurpleBravo” Cyber Campaign Uncovered

Researchers have uncovered a North Korea–linked cyber campaign dubbed PurpleBravo, targeting government and strategic organizations. The attackers use phishing, malware loaders, and stealthy persistence techniques to maintain long-term access. The campaign appears focused on espionage and data theft rather than disruption. Analysts say the tactics show increased operational maturity. Organizations are urged to strengthen detection around email and endpoint activity.

8. Phishing Campaign Targets LastPass Customers

A new phishing campaign is specifically targeting LastPass customers with emails designed to steal master passwords and vault access. The messages impersonate security alerts and prompt users to click malicious links. Attackers aim to harvest credentials that can unlock entire password vaults. Security researchers warn that the campaign is widespread and highly convincing. Users are advised to verify emails carefully and enable strong multifactor authentication.

9. Cisco Fixes Actively Exploited Unified Communications Zero-Day

Cisco has patched an actively exploited zero-day vulnerability in its Unified Communications products. The flaw could allow attackers to gain unauthorized access or execute code on affected systems. Cisco confirmed the vulnerability was being exploited in the wild prior to the fix. Organizations running affected products are urged to apply patches immediately. The incident underscores the ongoing targeting of enterprise communication platforms.