NVIDIA Patches Flaws in Triton Inference Server; SonicWall Investigates Reports of Attacks on Firewalls; Cursor IDE Had Multiple RCE Flaws

NVIDIA has patched 17 vulnerabilities in their Triton Inference Server. NVIDIA rates three of the vulnerabilities as critical: two stack-based buffer overflows (CVE-2025-23310, CVE-2025-23311) and a heap-based buffer overflow (CVE-2025-23317) that could lead to code execution, denial of service, information disclosure, or data tampering. In addition, researchers from Wiz have published a blog detailing a set of three vulnerabilities (CVE-2025-23319, CVE-2025-23320, and CVE-2025-23334) which when chained together could be exploited to take complete control of vulnerable servers. Users are urged to update to the latest release of NVIDIA Triton Inference Server for Windows and Linux.

SonicWall is investigating recent "internally and externally reported cyber incidents involving Gen 7 SonicWall firewalls where SSLVPN is enabled." SonicWall is attempting to determine whether the incidents are related to a known vulnerability or a new one. Until that is determined, SonicWall is urging customers to disable SSLVPN services where practical, limit SSLVPN connectivity to trusted source IPs, enable security services, enforce multi-factor authentication (MFA), remove unused accounts, and practice good password hygiene.

Researchers from Aim Labs have published a blog post disclosing a high-severity remote code execution (RCE) vulnerability in Cursor, an AI-equipped fork of Visual Studio Code with Model Context Protocol (MCP) support, patched as of version 1.3 one day after it was reported. CVE-2025-54135, CVSS score 8.6, allows an attacker to trigger RCE without user approval, exploiting the fact that Cursor permits the creation of in-workspace dotfiles without user approval; this allows the attacker to "chain an indirect prompt injection vulnerability to hijack the context to write to the settings file [...] directly execut[ing] code by adding it as a new MCP server." The patch blocks the agent from writing MCP-sensitive files without approval. Aim notes that this flaw is similar to the EchoLeak zero-click exfiltration vulnerability in Microsoft 365, identified by Aim in June 2025, emphasizing that this type of attack applies to many systems: "The attack surface is any third‑party MCP server that processes external content: issue trackers, customer support inboxes, even search engines. A single poisoned document can morph an AI agent into a local shell." Cursor version 1.3 also fixes additional similar flaws: CVE-2025-54136, CVSS 7.2, is another remote code execution flaw allowing an attacker to swap out a trusted MCP configuration file and put a malicious command in its place. HiddenLayer and BackSlash also identified additional possible indirect prompt injection attacks that exploit Cursor's auto-run mode to bypass the program's denylist of unsafe commands. The denylist feature is deprecated as of Cursor version 1.3.

The Luxembourg government is investigating a July 23 cybersecurity incident that caused a telecommunications outage across the country. Both 4G and 5G mobile networks were unavailable for several hours, overloading the country's 2G network. Residents were unable to connect to the internet or conduct online banking. The government's national alert system relies on the affected mobile network, which means most people did not receive a warning about the incident. The government says the outage was a deliberate disruption rather than an attempt to compromise a telecommunications network. The attackers exploited a vulnerability in a "standardised software component" at POST Luxembourg, a government-owned corporation that provides postal, financial, and telecommunications services to the country. The outage appears to have been the result of an attack targeting Huawei equipment. While the government has not identified Huawei as the manufacturer of the targeted equipment, Luxembourg PaperJam magazine reports that "the department of the Luxembourg Regulatory Institute that oversees the cybersecurity and security of essential services networks and information systems (energy, drinking water, health, transport and digital infrastructures) is also inviting anyone using the “Huawei Enterprise router” in their network to contact their CSIRT, or Computer Security Incident Response Team." In a separate yet related story, more than five years ago, telecommunications providers Orange Belgium and Proximus announced their intent to gradually replace Huawei equipment with Nokia equipment.

The Recall AI feature for Microsoft's Copilot+ PCs contains a default "filter sensitive information" setting intended to prevent certain confidential personal data from appearing in its screenshots. Recent independent tests by Avram Piltch – who in December 2024 demonstrated Recall recording sensitive information in spite of the filter – saw improvements since his previous test, but still observed it capturing payment details, passwords, and other sensitive data in ordinary situations or with trivial contextual changes. Piltch notes, "There are so many ways that people store and refer to personal data that it's impossible to imagine Recall or any software catching them all," for example a number in a Word document was filtered out when preceded by "My SS#:" but fully captured when preceded by "Soc:", and a photo of a passport was filtered out when fully visible on screen, but captured when partially covered by another window. Certain elements of credentials and other associated details possibly exploitable by threat actors were simply not filtered. Windows Hello is ostensibly required for authentication to view the screenshot database, but Piltch was also able to access the screenshots using just a PIN, even over a remote connection. Recall has been removed from releases and delayed multiple times since its announcement in May 2024 due to widespread criticism and privacy concerns, and while the feature is still considered in "Preview," it is also now included in the out-of-the-box experience when setting up Copilot+ machines. The privacy-focused Brave browser has designated all its tabs "private," hiding them from Recall capture, and Brave's principal privacy researcher Peter Snyder notes the challenge Recall poses to protecting the privacy of vulnerable users. Huntress Security Senior SOC Manager Dray Agha characterized Recall as "an unnecessary security and privacy risk for not that much usability gain."

Starting on October 2, 2025, the European Union will begin rolling out their Entry/Exit System (EES), which "is an advanced technological system that will digitally record the entries and exits of non-EU nationals travelling to 29 European countries, including Schengen Associated ones, for short stays. It will capture biometric data, such as fingerprints, facial image, and other travel information, gradually replacing the current system of passport stamping." In most cases, recorded biometric data will be stored for three years and one day. EU member states will gradually adopt the requirement, with a full roll out target date of April 2026. Travelers who refuse to provide their biometric data will be denied entry to the 29 countries, a bloc that is known as the Schengen Area.

On July 31, 2025, the US Cybersecurity and Infrastructure Security Agency (CISA) and the US Coast Guard (USCG) published a detailed security advisory highlighting cybersecurity issues and offering mitigations identified during a "proactive hunt engagement at a US critical infrastructure organization." While CISA did not find evidence of malicious activity, the investigation revealed the unnamed organization's cybersecurity shortfalls, including: "Insufficient logging; Insecurely stored credentials; Shared local administrator (admin) credentials across many workstations; Unrestricted remote access for local admin accounts; Insufficient network segmentation configuration between IT and operational technology (OT) assets; and Several device misconfigurations." CISA and USCG advise critical infrastructure organizations to review and implement the recommended mitigations, offered in order of importance and expanded in detail throughout the advisory: Do not store credentials in plaintext; avoid sharing local admin account credentials; enforce multifactor authentication for all admin access; ensure industrial control systems (ICS) and operational technology (OT) networks are accessible only from "hardened bastion hosts isolated from IT networks [and] equipped with phishing-resistant MFA"; and implement comprehensive and detailed logging. CISA and USCG also recommend "exercising, testing, and validating your organization's security program against the threat behaviors mapped to the MITRE ATT&CK for Enterprise framework." The advisory provides contact information to report suspicious activity to CISA and USCG, and refers readers to the 2024 Cyber Trends and Insights in the Marine Environment (CTIME) report, as well as joint guidance on event logging, threat detection, and OT cybersecurity principles.

The UK government's Legal Aid Agency (LAA) took its system offline in May 2025 after a threat actor accessed and downloaded personal information belonging to a large number of aid applicants, including data recently confirmed as going back to 2007, including "addresses of applicants, their dates of birth, national ID numbers, criminal history, employment status and financial data such as contribution amounts, debts and payments." The LAA's digital services have remained largely offline and under maintenance for three months, preventing legal aid providers from accessing records and billing for their work. The administrative difficulty of shifting work offline has reduced the number of clients providers can serve, and the interim "contingency payment system" of estimated weekly rates has been characterized as inadequate and risky by those affected. Chris Minnoch, chief executive of the Legal Aid Practitioners Group, expressed concern that the disruptions may discourage barristers and solicitors from continuing to serve as legal aid providers, and Jenny Beck KC, of law firm Beck Fitzgerald, stated that the breach has damaged vulnerable aid applicants' trust in the safety of the system. An LAA spokesperson noted that the organization is "working as quickly as possible to restore online systems," noting that an "escalation process" exists for those who "feel the average pay figure is inaccurate." The rebuilt system will reportedly include a new "identity access management solution," and the Ministry of Justice has stated that LAA services will come back online in phases, by order of priority.

Washington state-based Northwest Radiologists and Mount Baker Imaging have begun notifying nearly 350,000 individuals that their personal information was compromised in a January 2025 breach. Northwest Radiologists disclosed the incident, which is described as a "network disruption," in March. At that time, the organization noted that the compromised system contained protected health information (PHI). Northwest Radiologists' most recent disclosure reveals that the intruders had access to their network between January 20 and 25, 2025, and that the intruders accessed data. The compromised information includes names, addresses, phone numbers, email addresses, dates of birth, Social Security numbers, driver’s license numbers, government ID numbers, diagnosis and treatment details, health insurance information, and financial and banking data. In a July 10, 2025, notification to the Washington State Attorney General's Office, Northwest Radiologists and Mount Baker Imaging said the incident affected 348,188 Washington residents. A class-action suit filed earlier this year alleges that Northwest Radiologists and Mount Baker Imaging failed to adequately inform patients about the breach.

The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Emergency Management Agency (FEMA) have made available a total of $103.8 million in grants to state, local, and tribal governments to make improve cybersecurity. The Fiscal Year 2025 State and Local Cybersecurity Grant Program (SLCGP) provides $91.7 million to state and local governments; the Tribal Cybersecurity Grant Program (TCGP) provides $12.1 million to tribal governments. The funds may be used to pay for hiring cybersecurity experts, strategic planning, conducting cybersecurity exercises, and securing critical infrastructure. Additional information about applying for the grants can be found at the Cyber Grants link below.