Windows RPC Privilege Escalation, AI Supply Chain Breach, & Minecraft Auditing Tool

This newly disclosed privilege escalation technique, dubbed PhantomRPC by Kaspersky, affects all versions of Windows, with successful exploitation confirmed on Server 2022 and 2025. The core vulnerability lies in the Windows RPC (Remote Procedure Call) runtime's failure to adequately verify the legitimacy of the RPC server that a high-privileged client attempts to connect to. This creates a critical window of opportunity for attackers. Specifically, if a legitimate, high-privileged RPC server is temporarily unavailable, an attacker possessing the `SeImpersonatePrivilege` can interpose a malicious RPC server in its place. When the legitimate client subsequently attempts to reconnect, it inadvertently establishes communication with the attacker's server, granting the attacker the ability to impersonate the client's high privileges. This impersonation allows the attacker to execute arbitrary code with elevated permissions, effectively achieving full system compromise from a limited user context. The technique highlights a fundamental design flaw in how Windows handles RPC server availability and client trust, necessitating a careful review of system hardening strategies and potentially requiring a patch from Microsoft to fully mitigate.

A significant data breach has impacted Mercor, a platform connecting AI contractors, resulting in the theft of 4TB of sensitive voice samples belonging to 40,000 individuals. This incident represents a concerning convergence of supply chain vulnerabilities and AI-specific security risks. The stolen data includes not only personal identifiers but also extensive voice biometrics, which are crucial for training and operating various AI models, particularly in speech recognition, natural language processing, and synthetic media generation. The breach underscores the profound security implications within the AI supply chain. Companies relying on external contractors for data annotation or model training must meticulously vet the security posture of these third-party providers. The compromise of such a large volume of unique voice data raises serious privacy concerns, as these samples could potentially be used for sophisticated social engineering attacks, identity theft, or to create convincing deepfakes. It highlights the urgent need for robust data anonymization, encryption at rest and in transit, and stringent access controls for sensitive AI training datasets. Furthermore, it reinforces the principle that data minimization – collecting only what is absolutely necessary – is paramount in mitigating the impact of such breaches within the AI ecosystem.

MCPwned is a newly released Burp Suite extension specifically designed for auditing Minecraft (MCP) servers. For penetration testers and security researchers focusing on applications that interact with or are built upon Minecraft server technology, this tool provides a specialized set of capabilities within the familiar Burp Suite environment. While Minecraft servers are often perceived as gaming platforms, their underlying protocols and custom implementations can harbor significant security vulnerabilities, ranging from authentication bypasses to denial-of-service vectors and remote code execution flaws, especially in custom plugins or modded environments. The extension aims to streamline the process of identifying these weaknesses by providing features tailored to the unique communication protocols and data structures used by MCP servers. This could include parsing specific packet types, identifying common misconfigurations, or automating checks for known vulnerabilities in Minecraft server software or related components. Integrating such functionality directly into Burp Suite, a widely adopted web penetration testing framework, empowers security professionals to extend their auditing capabilities beyond traditional web applications into specialized server environments. By providing a practical, accessible tool, MCPwned contributes directly to improving the security posture of a popular, yet often overlooked, segment of networked applications.