SOCRadar has released a new whitepaper diving deep into MCP (Model Context Protocol) Servers. MCP Servers are the new standard letting AI agents directly talk to security tools in one universal language.
The paper goes beyond the hype, covering:
What MCP really is and why it’s a game-changer for SOCs, CISOs, and red/blue teams
Real-world use cases including instant CVE lookups to complex incident response
Security pitfalls like fake MCP servers, tool-poisoning, and supply chain risks
Practical guidance with ready-to-deploy sample chains and code snippets
KnowBe4 today unveiled a bold new brand with an innovative new vision for the future of the company. The refreshed identity reflects KnowBe4’s leadership in human risk management, with a reputation for excellence in cybersecurity and groundbreaking AI advancements.
Armed with a new company tagline “Rise Above Risk”, KnowBe4 is boldly pushing the boundaries of its brand identity to new heights to reflect a focus on human risk management while helping IT and cybersecurity professionals elevate their protection efforts regarding company risk. It goes beyond phishing, training and boundaries to transform the unpredictable into the unstoppable to rise above risk.
KnowBe4’s evolution reaffirms its leadership position in the human risk management space and bolsters its dedication to helping IT and cybersecurity workers to fight against today’s top threats, including social engineering, email threats, ransomware and more.
To explore KnowBe4’s new visual identity, visit our website www.knowbe4.com.
From corporate insiders to elite professionals — cybersecurity expert reveals the alarming anatomy of ransomware groups and their growing threat
Ransomware attacks nearly doubled in the first half of 2025, revealing an alarming surge in cybercriminal activity and exposing widespread corporate security vulnerabilities. Vakaris Noreika, a cybersecurity expert atNordStellar, a threat exposure management platform, explains that these attacks are carried out by highly organized and structured organizations that often seek out the best talent — and underestimating this threat could cause a business’ downfall.
According to data from NordStellar, ransomware cases surged in the first half of 2025, with a 49% increase compared to the same period in 2024. US companies suffered the most, with small and medium-sized enterprises and those in manufacturing becoming prime targets for ransomware.
High requirements behind devastating attacks
According to Noreika, NordStellar has identified over 200 ransomware groups and currently, over 60 of them are active. In addition to the usual updates about successful attacks, they sometimes also publish recruitment announcements, and their high-level requirements should ring alarm bells.
“These groups are mostly looking for top talent in cybersecurity — their requirements tend to consist of wanting an individual with an experienced background in specific fields and a proven track record,” says Noreika. “According to them, cybercriminals must undergo meticulous screening before they can join the group, minimizing the risk of their being compromised, while some ransomware groups don’t accept outsiders in general, and members can only be invited by already established individuals.”
Screenshot from a ransomware group posting.
Scaling operations and maximizing profits
He explains that individuals unfamiliar with the inner workings of ransomware groups are often under the false impression that these hackers are just lone wolves or kids with some hacking skills following a get-rich-quick scheme. However, the opposite is true — the efficiency of ransomware attacks lies in the operation’s high organizational aspect.
“Ransomware groups are organized crime, and it’s extremely dangerous to underestimate how equipped they are to carry out their attacks. They function like a corporation, with different individuals assigned to specific tasks so that the operation runs smoothly,” says Noreika. “They also train their members, sharing knowledge and ensuring their expertise meets their requirements. Some even have insiders in the company they’re targeting, granting them easy access to sensitive resources.”
Screenshot from a ransomware group posting.
According to Noreika, besides new member recruitment, these groups also offer ransomware-as-a-service (RaaS). This model lowers the entry barrier to cybercrime, allowing even amateur hackers to partake.
“With RaaS, ransomware can scale even more exponentially, allowing more individuals to carry out ransomware attacks and maximizing the ransomware group’s profits. Some ransomware groups even use RaaS themselves as a means to scale their operations without the need for additional human resources,” says Noreika.
Primary targets — critical infrastructure
According to Noreika, ransomware groups have a strategic and calculated approach to selecting their targets. As a result, critical infrastructure organizations often become the prime targets.
“Companies in the healthcare sector cannot afford any downtime, and losing access to patient medical records can sometimes literally be a matter of life or death. As a result, they could be more inclined to give in to ransomware demands to restore their operations,” says Noreika. “On the other hand, manufacturing businesses operate on tight schedules, and setbacks could result in severe financial losses. Consequently, they could also be more predisposed to do whatever it takes to resume operations quickly.”
However, he emphasizes that any business could fall victim to ransomware. According to Noreika, relying on passwords as the only means for user authentication, using outdated systems and applications, and prior credential leaks on the dark web are some of the main cybersecurity gaps that make enterprises more vulnerable.
“Ransomware groups operate with meticulous organization and expertise, making any security gap a dangerous liability. Effective protection demands continuous monitoring of the company’s attack surface and prompt identification and patching of vulnerabilities. Anything less leaves your organization unnecessarily exposed,” says Noreika.
He emphasizes that promoting a cyber-aware culture also significantly reduces the risk of experiencing a successful ransomware attack. Employees who have received cybersecurity training are less likely to hand over their credentials to hackers, minimizing the possibility of them gaining access to the network due to user error.
ABOUT NORDSTELLAR
NordStellar is a next-generation threat exposure management platform that enables companies to detect and respond to cyber threats before they escalate. NordStellar offers visibility into how threat actors work and what they do with compromised data. NordStellar was created by Nord Security, a globally recognized company behind one of the world’s most popular digital privacy tools, NordVPN. For more information, visit nordstellar.com.
For the second consecutive year, Sun Life Financial Inc. has been named a 2025 CIO Awards Canada winner, this year for its internally developed GenAI-powered agent, Iris. The CIO Awards Canada celebrate Canadian organizations and the teams within them that are using IT in innovative ways to deliver business value.
Sun Life’s internal virtual agent, Iris, uses GenAI and Agentic AI to improve employee productivity and service desk efficiency. Iris is a secure service desk assistant that delivers instant, conversational responses to common inquiries such as password resets, software requests, and ticket status updates. Integrated into Sun Life’s existing systems, service desk workflows and knowledge base, Iris creates a seamless and secure self-service option for employees while freeing up service desk agents’ time to focus on more complex cases allowing employees to return to their priorities more quickly. The result: significant time savings, enhanced productivity, improved satisfaction, and a scalable model for future Client-facing AI innovations.
Productivity by the numbers
Iris has dramatically reduced average service desk resolution time by 83%, resolving over 80% of employee questions in under two minutes.
More than 9,000 password resets have been completed over the past year. The current success rate is 82%.
Iris has successfully handled approximately 10,000 employee queries since launch.
Projected annual savings of over 24,000 hours for both employees and agents combined.
Digital leadership, backed by results
Iris is foundational for future Client-focused innovations. The insights gained from this internal implementation are enabling Sun Life to scale similar GenAI and Agentic AI tools across all contact centres globally, transforming how Sun Life interacts with Clients, allowing faster, more personalized digital experiences. In addition, the Agentic AI system functionalities continue to expand and will have the ability to handle increasingly complex employee needs as Sun Life continues to introduce new features.
Iris is just one step on Sun Life’s broader digital transformation journey. The enterprise recently also developed and launched the Advisor Notes Assistant tool, an innovative GenAI tool designed to enhance the Client experience and streamline advisor workflows. This cutting-edge technology helps advisors save 15-30 minutes of administrative effort per meeting, enabling them to spend more time deepening Client relationships and providing trusted tailored advice.
Sun Life is committed to digital leadership and to ensuring a focus on Client impact by continuing to adopt and experiment with innovative technology. Our culture is rooted in safety and security which extends to our adoption of emerging technologies. Through technology like GenAI, Sun Life empowers its people to enhance their skills to deliver on our Purpose of helping Clients achieve lifetime financial security and live healthier lives.
CloudSEK’s latest threat intelligence report, Silicon Under Siege: The Cyber War Reshaping the Global Semiconductor Industry, uncovers a rapidly escalating cyber threat landscape targeting the semiconductor sector – the digital backbone of modern civilization.
Powering everything from AI and defence systems to smartphones, clean energy, and healthcare, semiconductors have become both a strategic asset and a prime cyber target. The research reveals that nation-state-backed groups, ransomware operators, and hacktivists are waging a silent but highly coordinated cyber war — one that threatens economies, disrupts global supply chains, and risks the very foundation of critical infrastructure.
CloudSEK’s proof-of-concept showed how AI can be harnessed to design and embed hardware Trojans at the pre-design stage of a chip. Even a simple AI-generated implant can evade detection and, once manufactured, lie dormant for years until triggered – leaking sensitive data, falsifying outputs, or halting operations. More advanced AI-driven designs could tailor Trojans to bypass specific security checks, adapt to different architectures, and remain invisible across multiple verification stages, making them potent tools for espionage or sabotage in the semiconductor supply chain.
Key Findings from the CloudSEK Report
Attack volume up sixfold since 2022 — Driven by espionage, supply-chain compromises, and state-sponsored campaigns.
$1.05 billion in ransomware-related losses since 2018 — Including ransom payments, downtime, and recovery costs, crippling semiconductor operations worldwide.
IT as initial attack vector — Over 60% of ICS breaches begin with IT (phishing, VPN exploits, CVEs, exposed interfaces and misconfigurations, default or leaked/compromised credentials, etc.) before pivoting to OT.
Massive infrastructure exposure — The U.S. alone has ~2 million publicly reachable ICS assets linked to semiconductor operations, many potentially with weak or default controls.
Massive Middle East ICS exposure — Across the Middle East, publicly reachable ICS & OT assets tied to semiconductor-linked manufacturing and potentially critical oil, gas, and industrial operations remain exposed: UAE (~12.1K), Turkey (~10.8K), Saudi Arabia (~4.8K), Iran (~4.6K), Bahrain (~2.4K), and Qatar (~400), with potential vulnerabilities stemming from weak authentication, misconfigurations, and outdated protocols.
High-value espionage incidents — In July 2025, China-backed APT41 infiltrated multiple Taiwanese semiconductor companies via a compromised software update, stealing proprietary chip designs and process data.
Pre-silicon hardware Trojans — CloudSEK’s proof-of-concept AI-generated Trojan can remain dormant until triggered, leaking cryptographic keys while evading standard tests.
Single vendor compromise cascading into global disruption — The 2023 MKS Instruments ransomware breach caused an estimated $250M in losses to Applied Materials in one quarter.
Geopolitics and the “Silicon Cold War”
The semiconductor race has become a strategic flashpoint in the global balance of power, with cyber espionage campaigns, supply chain intrusions, and state-backed sabotage now central to the contest:
China — investing $150+ billion to achieve chip self-sufficiency and reduce reliance on Western tech.
U.S. — committed $52 billion via the CHIPS Act to reshore manufacturing and secure supply chains.
India — investing $10 billion in its semiconductor mission, aiming for a $100 billion market by 2030.
Taiwan — produces over 60% of the world’s advanced chips, making it a critical node in the global tech ecosystem.
Europe — facing converging geopolitical and infrastructure risks, as exemplified by a SCADA compromise of a Ukrainian power substation during the Russia–Ukraine conflict that used OT-aware malware to issue malicious control commands.
State-sponsored Advanced Persistent Threats (APTs) such as APT41, Volt Typhoon, PlushDaemon, etc. are embedding themselves in software pipelines, EDA tools, and factory operations, shifting from mere data theft to long-term disruption strategies that can cripple production during geopolitical flashpoints.
Notable Campaigns and Case Studies
Historic Incidents
The semiconductor industry’s cyber risk is not new. Landmark events such as the 2010 Stuxnet sabotage of Iran’s Natanz facility, the 2018 TSMC WannaCry infection that halted iPhone chip production, and other high-profile attacks have long demonstrated the destructive potential of cyber threats to semiconductor-driven critical infrastructure.
Aliquippa Water Authority Breach (Nov 2023) — Default HMI credentials exposed Unitronics PLCs, demonstrating how simple IT misconfigurations can compromise industrial controls.
UNC5221 VPN Exploitation (2025) — State-affiliated actors exploited CVE-2025-22457 in ICS VPN appliances to pivot into OT networks, spotlighting VPNs as critical OT entry points.
Infostealer Malware Targeting Defense Contractors (Feb 2025) — Commodity stealers harvested credentials that could be used to access corporate VPNs and OT management interfaces.
Medusa Ransomware Campaigns (2021–2025) — Active RaaS operations targeting legacy ICS/SCADA systems in manufacturing and supply chains, often combining encryption with IP extortion.
Microchip Technology Breach (Aug 2024) — IT system compromise disrupted multiple facilities, causing ~$21M in losses and halting connected OT functions.
Pre-silicon Design Compromise — Embedding hardware Trojans directly into chip designs during the design phase, remaining dormant and undetectable until after manufacturing.
IT–OT Convergence Risks — Misconfigured SCADA dashboards, HMIs, and cleanroom controllers now searchable online, enabling attackers to “log in” rather than hack in.
Ransomware with IP Extortion — Exfiltrating proprietary designs to pressure payments from both chipmakers and dependent industries.
CloudSEK’s Strategic Recommendations for the Semiconductor Sector
Isolate IT and OT Networks — Prevent lateral movement between corporate IT and manufacturing systems.
Secure-by-Design Practices — Implement RTL integrity checks, formal logic verification, and traceable SBOMs for third-party IP.
Continuous Attack Surface Monitoring — Detect exposed assets, leaked credentials, and unpatched CVEs before attackers exploit them.
Vendor Risk Management — Enforce stringent security requirements for all suppliers and third-party service providers.
Global Threat Intelligence Sharing — Collaborate across borders to detect and neutralize state-sponsored campaigns before they escalate.
CloudSEK’s BeVigil and XVigil platforms deliver real-time visibility into exposed IT/OT assets on the Internet, map vulnerable vendor ecosystems, and track emerging threat actor infrastructure, enabling chipmakers and suppliers to act before vulnerabilities become permanent features of the global tech landscape.
Arcitecta, a creative and innovative data management software company, today announced significant enhancements to its Mediaflux® data management platform, delivering an AI-ready data fabric that supports all forms of data and AI models and provides a built-in vector database within its high-performance XODB® database. The innovative enhancements enable Mediaflux to power AI workflows by making multiple types of data AI-ready through unified metadata and vector embeddings. With the new vector support, users can leverage their entire data environment for AI training, significantly boosting model quality to accelerate advanced solutions in areas from cancer research to genomic analysis and scientific discovery.
The enhancements arrive at a pivotal moment, as the rapid rise of AI and machine learning is driving significant adoption of vector databases, with Gartner predicting that 70% of enterprises will adopt them by 2026. Mediaflux directly addresses the market’s need for unified platforms to combat data sprawl, heterogeneity, compliance challenges and the demand for model reproducibility, all of which require robust metadata and vector-driven platforms.
Mediaflux powers AI with a flexible, model‑agnostic data fabric that works with any data and AI model at scale, eliminating vendor lock‑in and data format constraints. It accelerates time to AI insights with built-in pipelines to automate ingest, tagging and transformation, rich metadata and support for vector embeddings for increased context and accuracy. Additionally, a schema-less metadata model delivers the flexibility needed across diverse data sources, to adhere to regulatory compliant standards with on-premises options in addition to the cloud.
Unlike traditional solutions that bolt on external vector databases, Mediaflux delivers full metadata and vector search in a single, high-performance system that simplifies data infrastructure and reduces complexity. By optimizing data and leveraging vector embeddings, Mediaflux ensures that any unstructured or structured data becomes searchable and usable for AI, eliminating the need for a separate vector store. The solution’s core features include a metadata catalog, vector embeddings, similarity search, retrieval-augmented generation (RAG)-ready data and single-pane orchestration.
Additional Mediaflux capabilities include multi-protocol support (NFS, SMB, S3) and multi-site, edge and real-time capabilities in addition to the new AI functionality. The platform achieves more than 95% bandwidth utilization on transfers with Mediaflux Livewire and its Point in Time security feature is recognized as a TOP 5 Cybersecure 10 PB+ NAS solution by DCIG.
Mediaflux delivers compelling advantages for enterprises managing massive volumes of data:
Faster Time to AI: Mediaflux manages any type of data – text, images, time series and more – and provides ready-to-use data pipelines, eliminating manual preparation and accelerating AI initiatives.
Better Models: Users can leverage richer training datasets through better inputs, leading to improved accuracy and quality of AI models, while also having the flexibility to deploy new models in the future without the need to modify their data.
Cost and Operational Efficiency: Mediaflux offers a centralized platform that simplifies tooling and governance, providing a single system versus a patchwork of disparate tools.
Native Vector Search Engine: It enables fast similarity queries at scale across trillions of records in milliseconds, significantly outperforming legacy tools that might take hours.
Unified Data Fabric: Mediaflux delivers full metadata and vector indexing in a single system, combining metadata, vector, file and object data across multiple locations.
End-to-End RAG Pipeline Support: The solution facilitates semantic queries, similarity search and retrieval-augmented generation pipelines directly within its environment.
The Mediaflux AI-enhanced platform is ideal for enterprises across multiple industries, including life sciences, research, media and entertainment, and government and defense domains, that work with massive volumes of data and require scalable, high-performance infrastructure. It is particularly beneficial for departments such as research and development, data science, genomics, medical imaging and machine learning operations within vertical industries such as healthcare, research/academia, finance and government.
The enhanced platform is driving next-generation AI workflows for leading organizations today:
Cancer Research: Scientists can now query massive genomic datasets and medical imaging files to detect anomalies faster using semantic and similarity search.
Government and Defense: Teams manage time-series and geospatial data in real time, supporting edge deployments in secure, disconnected environments.
Media & Entertainment: Archives become searchable by meaning, not just metadata, unlocking new creative workflows and revenue streams.
XODB: A Powerful, Flexible Multi-Model Database
Mediaflux XODB is a flexible multi-model database with built-in capabilities for vector embeddings and plugin support for new models managed within Mediaflux. XODB provides users with a competitive advantage and is a foundational pillar of Mediaflux. With the new advancements, Mediaflux can now fuel seamless searchability and near-instant insights, providing a pathway for rich AI-feature expansion in the future. The platform comprehensively supports object, time-series, geospatial and vector data, maximizes storage, enriches metadata, and curates data collections for ease of searching. Interwoven with Mediaflux, XODB manages metadata in real time, instantly directing users toward their data, regardless of scale or location.
Availability and Pricing
The new Mediaflux AI-ready capabilities are available as an integrated part of the existing Mediaflux platform. It is licensed by user count, eliminating capacity-based fees and offering a pricing edge compared to patchworked tools.
Website Planet has just posted research that focuses on six decades of global tech outage data to reveal the patterns behind these breakdowns — their root causes, common oversights, and the rising financial losses of simple errors.
Among their findings, they identified the following as key:
5 root causes account for nearly 90% of all major outages due to preventable errors.
Microsoft leads in repeated failures with 8 major outages.
Cloud and SAAS saw the most failures, followed by financial services.
184 major tech outages caused over $167 billion in losses.
Posted in Commentary with tags Foxit on August 12, 2025 by itnerd
Foxit today announced the general availability (GA) launch of Foxit PDF SDK for Web v11, an enhanced version of its developer toolkit, delivering significant performance, security, and user experience improvements for web-based PDF applications.
Until now, developers building browser-based PDF applications have traditionally faced challenges related to performance bottlenecks, limited form handling, cumbersome signing workflows, and inconsistent cross-browser experiences. Foxit PDF SDK for Web v11 is the first to fully overcome these limitations. With its WebAssembly-powered rendering engine, modular architecture, and deeply refactored core components, it eliminates longstanding friction points, empowering developers to build more responsive, secure, and modern document experiences.
Foxit PDF SDK for Web v11 Features/Benefits:
Refactored Form Module and New Unified APIs – Developers will experience increased efficiency and flexibility, leading to faster development cycles and more robust, scalable applications. This translates to a more reliable and streamlined experience for all users interacting with forms.
Redesigned Signature Workflow and Modular Architecture – Users can expect a more secure, intuitive, and reliable signing experience, bolstering compliance and significantly reducing friction in critical document workflows.
PDF JavaScript Execution Migrated to Web Workers and Rebuilt in C++/WebAssembly – This foundational upgrade delivers significantly improved performance and responsiveness (up to 50%) when handling PDFs, ensuring a fluid and stable user interface even with complex documents.
Enhanced UI Components and Compatibility – The platform now offers a superior and more consistent user experience across all devices and browsers, driven by modern, accessible, and intuitive interface components.
The launch of PDF SDK for Web v11 reflects a bigger shift happening across the industry — developers are looking for faster, smarter, and more flexible tools that are ready for AI and built for real-time web experiences. As companies move away from clunky legacy systems, Foxit is raising the bar for what web-based PDF technology can do. This release gives developers a way to build modern, cloud-first applications without being tied to desktop software. And as expectations grow, other providers still relying on outdated, heavyweight solutions will need to catch up — or risk falling behind.
Over 29,000 Exchange servers exposed online remain unpatchedagainst a high-severity vulnerability that can let attackers move laterally in Microsoft cloud environments, potentially leading to complete domain compromise.
We added Microsoft Exchange CVE-2025-53786 detection to our daily scans (version based). See US CISA Emergency Directive 25-02: http://www.cisa.gov/news-events/…Over 28K IPs unpatched (2025-08-07). Top affected: US, Germany, RussiaDashboard world map: dashboard.shadowserver.org/statistics/c…
Commenting on this is Martin Jartelius, CTO at Outpost24:
“The scale of unpatched Exchange servers is concerning, but not surprising. Initial guidance on this flaw included isolating end-of-life and end-of-support systems, and many organizations were already running far older, unmaintainable infrastructure before April’s patch was released.
This vulnerability affects hybrid environments. Many cloud-first businesses have already moved to Microsoft 365, and without deeper analysis it’s unclear how many of these identified servers are truly at risk. Some may determine the conditions for exploitation don’t exist in their setup and choose not to prioritize mitigation.
However, even if the exploitation risk is low, leaving a known vulnerability unpatched is an open invitation to attackers. We advise organizations to continuously assess and remediate such issues to reduce their attack surface and strengthen resilience.”
The CISA has a directive about this issue that you can find here. There’s also an interactive map here. And if you run a Microsoft Exchange hybrid-joined environment, you should follow the guidance in the CISA directive ASAP.
Posted in Commentary with tags Hacked on August 11, 2025 by itnerd
Connex, one of Connecticut’s largest credit unions is warning tens of thousands of members that unknown attackers had stolen their personal and financial information after breaching its systems in early June. The info that was swiped included names, account numbers, debit card information, Social Security numbers, and/or other government ID used to open the individual’s account.
Roger Grimes, Data-Driven Defense Evangelist at KnowBe4:
“It does seem longish that the credit union waited over a month to notify impacted victims. Maybe it took them two weeks to figure out who exactly was impacted, but it sounds like they identified who was personally impacted and then still waited another two weeks to notify the victims. That’s two weeks that hackers and scammers could have been using the stolen information to better leverage spear phishing attacks against selected victims.”
Paul Bischoff, Consumer Privacy Advocate at Comparitech:
“Data breach victims should take advantage of the free credit monitoring offered by Connex to protect themselves from fraud and identity theft. Don’t get complacent because there’s “no evidence” of misuse. Connex doesn’t have the means to verify if your personal information is being abused. Assume the worst and keep a close eye on your accounts.”
Chris Hauk, Consumer Privacy Champion at Pixel Privacy:
“It seems like we see data breaches on a weekly, if not daily, basis. This data breach appears to have served up quite the buffet of personal and financial information for the bad guys, including the ever popular Social Security Number and debit card number Daily Double. This information can be used to open accounts in victims’ names, so affected members need to stay a
It sucks to be Connex as they are the latest company to be the victim of a threat actor. It will be interesting to see who claims responsibility for this and what secondary attacks happen with the data that was stolen.
MCP Servers: What you Need to Know From SOCRadar
Posted in Commentary with tags SOCRadar on August 12, 2025 by itnerdSOCRadar has released a new whitepaper diving deep into MCP (Model Context Protocol) Servers. MCP Servers are the new standard letting AI agents directly talk to security tools in one universal language.
The paper goes beyond the hype, covering:
The full analysis can be found here: https://socradar.io/wp-content/uploads/2025/07/MCP-Servers-Everything-You-Need-to-Know.pdf
Leave a comment »