Parliament committee says UK is a hacking priority for Iran

Mexico AG launches probe into alleged NSO Group bribes of former president, Pakistan arrests 150 in cybercrime crackdown, Rowhammer attacks against GPUs are possible, Hackers exploit Wing FTP Server file flaws, Thief returns 90% of $2.2m swiped from Texture Finance, much more

Parliament committee says UK is a hacking priority for Iran
Overview of Iranian intelligence institutions. Source: UK ISC.

Metacurity is a reader-supported publication that requires significant work and non-trivial expenses. We rely on the generous support of our paid readers. Please consider upgrading your subscription to support Metacurity's ongoing work. Thank you.

If you can't commit to a subscription today, please consider donating whatever you can. Thank you!

The UK Parliament's Intelligence and Security Committee (ISC) reports that Iran’s intimidation, including the fear of physical attack and assassination of Iranian dissidents living in the UK, is comparable in scale to the threat posed by Russia and that the UK is a priority espionage target for Iranian cyber-attacks, ranking just below the US and Saudi Arabia.

The committee concludes that those undertaking the cyberattacks range from state-controlled actors responding to direct tasking to private actors working for personal gain or perceived state intelligence requirements. It warns that the UK’s petrochemical utilities and finance sectors remain vulnerable to an Iranian attack.

British intelligence officials have told the committee that agents affiliated with Tehran have shown their readiness to “carry out assassinations within the UK and kidnap people from the country”.

The report does not cover the impact within the UK of the Israeli attacks on Iranian installations or the Hamas assault on Israel in October 2023. A perennial feature of the reports from the ISC is the long delay between the completion of reports and their publication following discussion with the government.

The report will feed into the full government response to the review conducted by Jonathan Hall KC, the independent reviewer of terrorism legislation, into a new proscription mechanism surrounding state-sponsored terrorism. The Cabinet Office welcomed the report. (Patrick Wintour / The Guardian)

Related: Independent.gov.uk, PBS, France24, Iran International, Iran News Update, Anadolu Ajansı, Infosecurity Magazine

Mexican Attorney General Alejandro Gertz Manero announced that he has launched a probe into allegations that former Mexican President Enrique Peña Nieto took bribes from Israeli businesspeople who allegedly paid him as much as $25 million to secure government contracts for spyware and other technology.

The investigation comes in response to an account in the Israeli business publication TheMarker, which reported that the contracts included a deal to buy Pegasus, the powerful spyware manufactured by Israel-based NSO Group.

Gertz Manero acknowledged in a press briefing that he currently lacks concrete evidence to prove TheMarker’s claims about Peña Nieto are valid, but suggested that the names and documents cited in the news outlet’s report give his office a roadmap for a probe.

TheMarker’s report is based on documents filed as part of a legal dispute between the businessmen, Uri Ansbacher and Avishai Neriah, who reportedly entered into arbitration in Israeli courts to determine individual proceeds from a joint $25 million “investment” in Peña Nieto.

The arbitration documents allegedly include statements from the businessmen claiming that in exchange for their money, Peña Nietro delivered their “joint business” the lucrative security contracts from the Mexican government, including for the use of Pegasus. (Suzanne Smalley / The Record)

Related: Grupo Formula on YouTube, El País, Latin Times, El País

The Pakistan National Cyber Crime Investigation Agency executed a raid in Faisalabad, Punjab province, apprehending 150 individuals in total, in a crackdown on cybercrime operations.

The suspects, originating from countries including China, Nigeria, and the Philippines, allegedly orchestrated hacking schemes and Ponzi operations, defrauding victims of millions. Officials have registered cases under the Prevention of Electronic Crimes Act. (Devdiscourse)

Related: Newswire, BrandSynario, Daily Times, The Sun.my, TRT Global

A team of researchers from the University of Toronto has demonstrated that Rowhammer attacks against GPUs are possible and practical.

The attack method, dubbed GPUHammer, has been proven to work against a GPU from Nvidia, with the researchers using it to degrade the accuracy of machine learning models.

The Rowhammer attack method has been known for more than a decade. It involves repeatedly accessing — or hammering — a DRAM memory row, which can cause electrical interference that leads to bit flips in adjacent regions.

Researchers have demonstrated over the years that Rowhammer attacks can lead to privilege escalation, unauthorized access to data, data corruption, and breaking memory isolation (in virtualized environments). 

However, until now, Rowhammer attacks have focused on CPUs and CPU-based memories. 

The researchers managed to successfully conduct a Rowhammer attack against a GDDR6 memory in an NVIDIA A6000 GPU. They observed the impact of the GPUHammer attack on deep neural network machine learning models, specifically ImageNet models used for visual object recognition. 

Their tests showed that a single bit flip could result in the accuracy of the machine learning model dropping from 80% to 0.1%.

In an advisory published this week, Nvidia confirmed the findings and informed customers that System-level ECC (error correcting code), a known Rowhammer mitigation, can prevent attacks. The GPU giant has shared specific instructions for different products. (Eduard Kovacs / Security Week)

Related: Nvidia, GPUHammer, Paper

Source: GPUHammer.

Researchers at Arctic Wolf warn that hackers have been exploiting a critical-severity vulnerability in the Wing FTP Server file transfer solution to execute arbitrary code remotely, after technical information on the flaw was published on June 30.

Tracked as CVE-2025-47812, the critical issue is described as the mishandling of null bytes, which allows attackers to inject arbitrary Lua code in user session files, leading to the execution of arbitrary commands with root or system privileges.

Successful exploitation of the bug could potentially lead to full server compromise through the remote execution of arbitrary code. While authentication is required, threat actors can also exploit the defect using an anonymous FTP account, which does not require a password but is disabled by default.

CVE-2025-47812 affects Wing FTP Server iterations up to version 7.4.3, and was resolved in version 7.4.4 of the file transfer tool, which was released on May 14.

On June 30, however, Julien Ahrens of RCE Security published technical information and a PoC exploit for the vulnerability, and hackers started targeting it in the wild the next day, Huntress reports.

Huntress, which also created a PoC exploit targeting the flaw, says indicators of compromise (IoCs) can be found in the Wing FTP installation folder, in logs within the ‘Domain’ directory.

The security firm says it has observed threat activity against a single customer as of July 8, with the attackers attempting to fetch and run arbitrary files, fingerprint the system, and deploy tools for remote access. (Ionut Arghire / Security Week)

Related: Arctic Wolf, Huntress

A thief returned 90% of the $2.2 million in USDC they stole from DeFi project Texture Finance following a public bounty offer from the Solana-based protocol, averting further escalation and criminal pursuit.

The exploit, disclosed by Texture Finance on July 9, stemmed from a vulnerability in one of its vault smart contracts, which the protocol said affected only its USDC vault.

“We have discovered a security breach of the Texture Vaults contract. user funds in the amount of USDC 2.2M have been compromised,” the team wrote in a public post on X.

Withdrawals were immediately disabled, and Texture launched a “war room” response with auditors on deck and code patches underway.

In a follow-up message, the team issued an open call to the hacker: “We are offering a 10% bounty of any funds stolen, which are yours to keep if you return the remaining 90%… You made an opsec mistake, but it’s not too late to avoid escalating the situation.”

They added that if the attacker failed to respond by July 11 at 18:00 UTC, or attempted to move the funds, they would be considered a blackhat and referred to law enforcement. (Hannah Collymore / Cryptopolitan)

Related: AInvest, Web3IsGoingJustGreat

The price of Kinto's $K token suddenly crashed 90% which Kinto blamed on the exploit that was recently disclosed by VennBuild, saying on Twitter that "we got hacked by a state actor."

Venn seemed to corroborate Kinto's explanation that the crash was related to the exploit, tweeting that although they had tried to warn all vulnerable projects before publicly disclosing the bug, "Sadly, the Kinto token was not found despite being vulnerable, and exploited without time to mitigate."

Kinto has announced a plan to try to raise funds to cover a $1.4 million loss in liquidity, then create a new $K token based on a snapshot of previous token holdings. (Molly White / Web3IsGoingJustGreat)

Related: AInvest, CryptoPotato

Philadelphia-based law firm Dechert said that a pair of US lawsuits accusing it of using hired hackers to win in court have been resolved without any admission of liability.

Dechert and others, including US public relations operatives and a private investigator, were sued in federal court in Manhattan in 2022 by aviation executive Farhad Azima, who accused them of organizing the hack and leak of his emails.

A related suit in North Carolina filed against another private investigator, Nicholas Del Rosso, made similar claims.

Dechert had already settled with Azima last year, but the proceedings against other parties, including Israeli private investigator Amit Forlit, lawyer Amir Handjani, and New York public relations firm Karv Communications, were still ongoing.

Legal filings show motions to dismiss the New York and North Carolina suits with prejudice were made earlier this week. (Raphael Satter / Reuters)

Related: Insurance Journal

Researchers at Kaspersky report that last month, a sophisticated cybercrime operation successfully stole $500,000 in cryptocurrency assets from a Russian blockchain developer through a malicious extension targeting the Cursor AI integrated development environment.

The incident began when the victim, a security-conscious developer who had recently installed a fresh operating system, searched for a Solidity syntax highlighting extension within the Cursor AI IDE.

Despite using online malware detection services and maintaining strict security practices, the developer inadvertently installed a malicious package that masqueraded as a legitimate development tool.

The fake extension, published under the name “Solidity Language,” had accumulated 54,000 downloads before being detected and removed.

What makes this attack particularly insidious is its exploitation of search ranking algorithms to position the malicious extension above legitimate alternatives.

The attackers leveraged the Open VSX registry’s relevance-based ranking system, which considers factors including recency of updates, download counts, and ratings.

By publishing their malicious extension with a recent update date of June 15, 2025, compared to the legitimate extension’s May 30, 2025 update, the cybercriminals successfully manipulated their package to appear fourth in search results while the authentic extension ranked eighth. (Tushar Subhra Dutta / Cyber Security News)

Related: Securelist

Search results for “solidity”: the malicious (red) and legitimate (green) extensions. Source: Kaspersky.

IT distributor and services giant Ingram Micro has begun restoring systems and business services after suffering a massive SafePay ransomware attack right before the July 4th holiday.

Since Monday, Ingram Micro has begun restoring some of its business operations, stating that it has resumed accepting orders via phone and email in many countries. By Tuesday, this expanded to the US, Canada, and other countries.

The company performed a company-wide password and multi-factor authentication (MFA) reset and has begun restoring VPN access to employees. Numerous internal systems and platforms, many related to ordering, logistics, and fulfillment, have been restored, allowing employees greater access to the company's ordering system.

While Ingram Micro is quickly recovering from the attack, the restoration process is far from over, with employees gradually transitioning back to in-office work.

It is unclear whether data was stolen during the attack, and SafePay has not publicly claimed responsibility for the attack at this time. (Lawrence Abrams / Bleeping Computer)

Related: Security Week, The Register, Dark Reading, Channel Futures, CRN

Microsoft announced that it has replaced the default scripting engine JScript with the newer and more secure JScript9Legacy on Windows 11 version 24H2 and later.

Security concerns drive the decision, as JScript9Legacy is expected to offer better protection against web threats, such as cross-site scripting (XSS), and also improved performance.

JScript (jscript.dll), introduced in 1996, is Microsoft's implementation of ECMAScript, similar to JavaScript, and was primarily used in Internet Explorer and as a scripting language for Windows to automate tasks, validate forms, or create admin scripts.

The engine is considered severely outdated today, non-compliant with modern JavaScript security standards, and a frequent target of memory corruption, arbitrary code execution, and XSS vulnerabilities triggered through malicious documents, emails, and websites. (Bill Toulas / Bleeping Computer)

Related: Windows IT Pro Blog

Starting Monday, Kazakh-born developer Roman Storm, one of the creators of Tornado Cash, a software tool for anonymizing crypto holdings, is slated to stand trial in the Southern District of New York, charged with conspiracy to commit money laundering and sanctions violations, and conspiracy to operate an unlicensed money transmitting business.

Since the US Department of Justice charged Storm in 2023, his case has become a cause célèbre among crypto advocates. The DOJ alleges that Storm built and profited from a tool that allowed illicit actors, including hackers with ties to North Korea, to launder at least $1 billion in crypto. But his supporters argue that all Storm did was publish code, an act of protected free speech.

However,  his attorneys have suggested they may request a brief continuance for his criminal trial if a judge denies a motion to exclude a particular witness.

Storm’s legal team moved to exclude testimony from an unnamed witness who is the “claimed perpetrator of an alleged hack who allegedly used Tornado Cash.” His attorneys argued that prosecutors disclosed the witness after a scheduled deadline, also claiming their testimony could be “highly prejudicial” to Storm. (Joel Khalili / Wired and Turner Wright / Cointelegraph)

Related: Cointelegraph, Decrypt, Unchained, CryptoRank, Inner City Press, Decrypt

Security researchers at VennBuild and other firms disclosed a "critical backdoor" affecting thousands of smart contracts, which one of the researchers said left "over $10,000,000 at risk for months."

The researchers suggested that Lazarus, a North Korean state-sponsored hacking group, likely created the backdoor.

VennBuild said they found thousands of contracts affected by the exploit and worked with multiple protocols to upgrade contracts or withdraw vulnerable funds. The researchers theorized that the attackers were "likely a sophisticated group waiting for a bigger target, not small wins." (Molly White / Web3IsGoingJustGreat)

Related: Protos

Researchers at Forescout tested how 50 large language models performed in simulations of real-world attacks and found that none can yet track the full course of vulnerability identification to exploit development that would allow AI to launch cyberattacks with minimal effort, or so-called vibe hacking.

The term is a variation on vibe coding, which is jargon referring to having AI write usable code, even if the user has no idea how or why the code works, and they're happy to work around or overlook AI-generated bugs or glitches along the way.

The researchers evaluated three different types of LLMs: open-source models hosted on HuggingFace, underground models such as WormGPT, EvilAI, and GhostGPT - all available via cybercrime forums or Telegram channels - and commercial models such as OpenAI's ChatGPT, Google's Gemini, Microsoft's Copilot, and Anthropic's Claude. The research ran from February to April.

They subjected each LLM to two types of vulnerability research tasks: one a simple task to establish a baseline, and another, a more complex task. They found 48% failed the first task, and 55% the second. They instructed the successful models to develop an exploit for each vulnerability. Their failure rates respectively jumped to 66% and 93%.

None of the LLMs succeeded by themselves. "No single model completed all tasks, underscoring that attackers still cannot rely on one tool to cover the full exploitation pipeline," the report says. (Matthew Schwartz / BankInfoSecurity)

Related: Forescout, Infosecurity Magazine

Researchers at JFrog and Tenable say they've discovered two separate vulnerabilities tied to tools in the ecosystem around the open protocol introduced by Anthropic last November.  

MCP provides a standardized and widely adopted method for connecting large language models with external data and systems. Developers use it to build better chat interfaces, custom AI workflows, build AI coding assistants into development environments, and more.

The flaws, detailed in separately released coordinated vulnerability disclosures, are present in a tool called mcp-remote, as well as MCP Inspector. Both of the flaws, which can be exploited to exploit code on systems remotely, have been patched in the MCP versions released in June.

Researchers at JFrog discovered a vulnerability in the mcp-remote project, designed to connect an MCP client, such as Claude Desktop, Cursor, and Windsurf, that only supports local servers to a remote MCP server, with added support for authentication.

The flaw, tracked as CVE-2025-6514 and assigned a "critical" CVSS score of 9.6, exists in mcp-remote versions 0.0.5 to 0.1.15. The flaw can be exploited to execute code on the client's operating system remotely.

The project team fixed the flaw with version 0.1.16, released in mid-June.

Tenable said they discovered a flaw in default versions of MCP Inspector, which attackers could directly abuse if a vulnerable service is exposed to the internet, or automatically with no user interaction by tricking a user into visiting a malicious website. "This was possible because the tool lacked fundamental, out-of-the-box security controls like authentication and secure network configurations," Tenable said. (Matthew J. Schwartz / BankInfoSecurity)

Related: Tenable, JFrog, Dark Reading

MCP Inspector Proxy CORS attack. Source: Tenable.

Researchers at penetration testing and threat intelligence firm PCA Cyber Security (formerly PCAutomotive) have discovered that critical vulnerabilities affecting a widely used Bluetooth stack could be exploited to hack millions of cars remotely.

The researchers analyzed the BlueSDK Bluetooth framework developed by OpenSynergy and found several vulnerabilities, including ones that enable remote code execution, bypassing security mechanisms, and information leaks.

They demonstrated how some of these flaws could be chained in what they named a PerfektBlue attack to hack into a car’s infotainment system remotely. From there, the attacker can track the vehicle’s location, record audio from inside the car, and obtain the victim’s phonebook data.

The attacker may also be able to move laterally to other systems and potentially take control of functions such as the steering, horn, and wipers. While this has not been demonstrated, previous research showed that a hacker can move from a car’s infotainment system to more critical systems. (Eduard Kovacs / Security Week)

Related: PCA Cybersecurity, PerfektBlue, Security Affairs, Cyber Security News

Bluetooth process is launched with phone user permissions to hack the car remotely. Source: PCA Cybersecurity.

The rules, which are not enforceable until next year, come during an intense debate in Brussels about how aggressively to regulate a new technology seen by many leaders as crucial to future economic success in the face of competition with the United States and China. Some critics accused regulators of watering down the rules to win industry support.

The guidelines apply only to a small number of tech companies like OpenAI, Microsoft, and Google that make so-called general-purpose AI. These systems underpin services like ChatGPT and can analyze enormous amounts of data, learn on their own, and perform some human tasks. (Adam Satariano / New York Times)

Related: European Commission, Associated Press, Interesting Engineering, InnovationAUS.com, Xinhua, Business Standard, Ars Technica, Wall Street Journal

Albermarle County, VA, officials said the cyber incident that necessitated a shutdown of the internet for a few days in county offices was a ransomware attack, and county resident data such as names, dates of birth, Social Security numbers, and other similar identifiers may have been illegally accessed. 

In a press release, the county said that on the morning of June 11, 2025, it discovered issues with its IT systems and quickly determined that it was the victim of a ransomware incident. The county immediately implemented security measures and engaged leading cybersecurity experts to assist in assessing and resolving the situation.

Based on their investigation, it appears the incident began late in the afternoon on June 10, 2025, and was perpetrated overnight. During that time, information from the county’s systems may have been inappropriately accessed and/or obtained by an unauthorized user. (Jay Hart / Cville Now)

Related: Albemarle County, Augusta Free Press, The Daily Progress, WVIR

Best Thing of the Day: We See What You Did With That Name

A new, cheaper, and open source version of the Flipper Zero called the Flopper Ziro has been launched.

Worst Thing of the Day: Say It Was the Biggest Inauguration Crowd Ever If You Want to Live

Missouri Attorney General Andrew Bailey sent threatening letters to Google, Microsoft, OpenAI, and Meta, claiming their AI chatbots violated Missouri’s consumer protection laws because they expressed opinions different from those held by Donald Trump.

Bonus Worst Thing of the Day: The Darth Vader of Silicon Valley Blasts Medical Doctors

Palantir is accusing doctors in the UK's NHS system of choosing “ideology over patient interest” because they object to Palantir building a massive database containing all NHS data.

Closing Thought

Read more