This joint guide highlights important considerations for organizations seeking to transition toward more secure software development practices
Today, CISA, in partnership with the National Security Agency (NSA), released a joint guide on reducing memory-related vulnerabilities in modern software development.
Memory safety vulnerabilities pose serious risks to national security and critical infrastructure. Adopting memory safe languages (MSLs) offers the most comprehensive mitigation against this class of vulnerabilities and provides built-in safeguards that enhance security by design.
CISA’s Secure by Design program advocates for integrating proactive security measures throughout the software development lifecycle, with MSLs as a central component. Consistent support for MSLs underscores their benefits for national security and resilience by reducing exploitable flaws before products reach users.
This joint guide outlines key challenges to adopting MSLs, offers practical approaches for overcoming them, and highlights important considerations for organizations seeking to transition toward more secure software development practices. Organizations in academia, U.S. government, and private industry are encouraged to review this guidance and support adoption of MSLs.
In addition to the product published today, CISA and the NSA previously released the joint guide, The Case for Memory Safe Roadmaps. To learn more about memory safety, visit Secure by Design on CISA.gov.
Please share your thoughts with us via our anonymous product survey; we welcome your feedback.
As Scale AI seeks to reassure customers that their data is secure following Meta's $14.3 billion investment, leaked files and the startup's own contractors indicate it has some serious security holes.
Scale AI routinely uses public Google Docs to track work for high-profile customers like Google, Meta, and xAI, leaving multiple AI training documents labeled "confidential" accessible to anyone with the link, Business Insider found.
Contractors told BI the company relies on public Google Docs to share internal files, a method that's efficient for its vast army of at least 240,000 contractors and presents clear cybersecurity and confidentiality risks.
Scale AI also left public Google Docs with sensitive details about thousands of its contractors, including their private email addresses and whether they were suspected of "cheating." Some of those documents can be viewed and also edited by anyone with the right URL.
More than 10,000 appointments were cancelled at the two London NHS trusts that were worst affected.
Around 170 patients have suffered harm as a result of a cyber attack on blood services at London hospitals and GP surgeries, reports suggest.
Pathology services provider Synnovis was the victim of a ransomware attack by a Russian cyber gang in June last year.
As a result more than 10,000 appointments were cancelled at the two London NHS trusts that were worst affected.
And a significant number of GP practices in London were unable to order blood tests for their patients.
Now the Health Service Journal (HSJ) has reported that there were nearly 600 “incidents” linked to the attack, with patient care suffering in 170 of these.
An ongoing phishing campaign abuses a little‑known feature in Microsoft 365 called "Direct Send" to evade detection by email security and steal credentials.
Direct Send is a Microsoft 365 feature that allows on‑premises devices, applications, or cloud services to send emails through a tenant's smart host as if they originated from the organization's domain. It’s designed for use by printers, scanners, and other devices that need to send messages on behalf of the company.
However, the feature is a known security risk, as it doesn't require any authentication, allowing remote users to send internal‑looking emails from the company's domain.
Microsoft recommends that only advanced customers utilize the feature, as its safety depends on whether Microsoft 365 is configured correctly and the smart host is properly locked down..
"We recommend Direct Send only for advanced customers willing to take on the responsibilities of email server admins," explains Microsoft.
"You need to be familiar with setting up and following best practices for sending email over the internet. When correctly configured and managed, Direct Send is a secure and viable option. But customers run the risk of misconfiguration that disrupts mail flow or threatens the security of their communication."
The company has shared ways to disable the feature, which are explained later in the article, and says they are working on a way to deprecate the feature.
CISA says a maximum severity vulnerability in AMI's MegaRAC Baseboard Management Controller (BMC) software, which enables attackers to hijack and brick servers, is currently under active exploitation.
CISA has confirmed that a maximum severity vulnerability in AMI's MegaRAC Baseboard Management Controller (BMC) software is now actively exploited in attacks.
The MegaRAC BMC firmware provides remote system management capabilities for troubleshooting servers without being physically present, and it's used by several vendors (including HPE, Asus, and ASRock) that supply equipment to cloud service providers and data centers.
This authentication bypass security flaw (tracked as CVE-2024-54085) can be exploited by remote unauthenticated attackers in low-complexity attacks that don't require user interaction to hijack and potentially brick unpatched servers.
L'antenne secrète, Airbus et la Chine (1/2) – Les services de renseignement français suspectent qu'une petite société de télécommunications chinoise ait déployé une station d'écoute à proximité de sites d'Airbus. Si une enquête judiciaire est ouverte, l'affaire mobilise fortement les espions hexagonaux. Révélations.
C'est une rue étroite qui coupe la "plus belle avenue du monde". À une centaine de mètres des Champs-Élysées, à Paris, entre une immense boutique du géant français du prêt-à-porter Lacoste et un ancien restaurant irakien, apparaît le 17 rue du Colisée. Ce centre d'affaires sans charme héberge un cabinet d'avocats, un groupe spécialisé dans les semi-conducteurs et une entreprise de production musicale. Depuis le 1er janvier 2025, l'immeuble compte un nouvel occupant : la société chinoise SATHD Europe, spécialisée dans les télécommunications par satellite. Alors que ses statuts juridiques l'attestent, l'entreprise ne figure pas sur la plaque mentionnant les locataires. Ces derniers affirment par ailleurs n'avoir constaté aucun signe de présence de cette mystérieuse entité entre les murs.
SATHD Europe existe pourtant bel et bien. La société est même soupçonnée par les services de renseignement hexagonaux d'être à l'origine de l'une des plus grandes opérations d'espionnage ayant visé la France ces dernières années. Après plusieurs mois d'enquête, Intelligence Online est en mesure de révéler une affaire de longue haleine, dans laquelle les regards convergent vers la Chine.
Village idéalement situé dans le cône de réception satellitaire
Début 2022. Les officiers de la Direction du renseignement et de la sécurité de la défense (DRSD), service de contre-ingérence du ministère des armées, repèrent une antenne suspecte qui dépasse du balcon d'un immeuble de Boulogne-sur-Gesse, petite commune rurale de Haute-Garonne. Celle-ci ressemble à peu de chose près à une parabole permettant de recevoir la télévision par satellite. Les contre-espions français sont toutefois sur leurs gardes. Ce village se situe à environ 71 kilomètres en ligne droite du téléport d'Issus Aussaguel. Ce centre de télécommunications, au sud de Toulouse, pilote les satellites d'observation de la Terre du Centre national d'études spatiales (CNES), notamment les Pléiades fabriqués par Airbus Group et les SWOT conçus par le français Thales Alenia Space (TAS) et l'américain Jet Propulsion Laboratory.
Developing a rigorous scoring system for Agentic AI Top 10 vulnerabilities, leading to a comprehensive AIVSS framework for all AI systems.
Key Deliverables
Le procès de seize personnes impliquées dans le siphonnage des données bancaires et personnelles de 76 000 intérimaires Adecco débute ce lundi à Lyon. Le préjudice estimé atteint 1,6 million d’euros.
En 2022, des intérimaires d’Adecco découvrent sur leur relevé bancaire un débit de 49,85 euros. Le nom affiché ne leur dit rien. Rapidement, l’affaire fait tache d'huile. Comme on vous l'avait raconté sur Clubic à cette époque, plusieurs milliers de personnes se rendent compte du problème en même temps. Les prélèvements se répètent, toujours pour le même montant. Les victimes échangent sur un groupe Facebook. Le point commun se confirme. Elles réalisent qu'elles ont toutes travaillé pour le leader du travail temporaire en France. Adecco lance un audit interne. Très vite, le lien se fait avec ses propres fichiers. Le géant suisse, pays pourtant considéré comme sanctuaire des données personnelles, comprend qu’un vaste piratage vient de toucher ses bases de données.
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an unauthenticated, remote attacker to issue commands on the underlying operating system as the root user.
For more information about these vulnerabilities, see the Details section of this advisory.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
Details
The vulnerabilities are not dependent on one another. Exploitation of one of the vulnerabilities is not required to exploit the other vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerability.
Details about the vulnerabilities are as follows:
CVE-2025-20281: Cisco ISE API Unauthenticated Remote Code Execution Vulnerability
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Bug ID(s): CSCwo99449
CVE ID: CVE-2025-20281
Security Impact Rating (SIR): Critical
CVSS Base Score: 10.0
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE-2025-20282: Cisco ISE API Unauthenticated Remote Code Execution Vulnerability
A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root.
This vulnerability is due a lack of file validation checks that would prevent uploaded files from being placed in privileged directories on an affected system. An attacker could exploit this vulnerability by uploading a crafted file to the affected device. A successful exploit could allow the attacker to store malicious files on the affected system and then execute arbitrary code or obtain root privileges on the system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Bug ID(s): CSCwp02821
CVE ID: CVE-2025-20282
Security Impact Rating (SIR): Critical
CVSS Base Score: 10.0
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HWorkarounds
There are no workarounds that address these vulnerabilities.
If the United States wishes to compete in cyberspace, it must compete against China to secure its offensive cyber supply chain.
Strategic competition between the United States and China has long played out in cyberspace, where offensive cyber capabilities, like zero-day vulnerabilities, are a strategic resource. Since 2016, China has been turning the zero-day marketplace in East Asia into a funnel of offensive cyber capabilities for its military and intelligence services, both to ensure it can break into the most secure Western technologies and to deny the United States from obtaining similar capabilities from the region. If the United States wishes to compete in cyberspace, it must compete against China to secure its offensive cyber supply chain.
This report is the first to conduct a comparative study within the international offensive cyber supply chain, comparing the United States’ fragmented, risk-averse acquisition model with China’s outsourced and funnel-like approach.
Key findings:
Description of Problem
A vulnerability has been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). Refer below for further details.
Affected Versions
The following supported versions of NetScaler ADC and NetScaler Gateway are affected by the vulnerabilities:
NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-47.46
NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-59.19
NetScaler ADC 13.1-FIPS and NDcPP BEFORE 13.1-37.236-FIPS and NDcPP
NetScaler ADC 12.1-FIPS is not affected by this vulnerability.
Additional Note: Secure Private Access on-prem or Secure Private Access Hybrid deployments using NetScaler instances are also affected by the vulnerabilities. Customers need to upgrade these NetScaler instances to the recommended NetScaler builds to address the vulnerabilities.
This bulletin only applies to customer-managed NetScaler ADC and NetScaler Gateway. Cloud Software Group upgrades the Citrix-managed cloud services and Citrix-managed Adaptive Authentication with the necessary software updates.
Details
NetScaler ADC and NetScaler Gateway contain the vulnerability mentioned below:
CVE-ID
Description Pre-conditions CWE CVSSv4
CVE-2025-6543
Memory overflow vulnerability leading to unintended control flow and Denial of Service
NetScaler must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS v4.0 Base Score: 9.2
(CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L)
What Customers Should Do
Exploits of CVE-2025-6543 on unmitigated appliances have been observed.
Cloud Software Group strongly urges affected customers of NetScaler ADC and NetScaler Gateway to install the relevant updated versions as soon as possible.
NetScaler ADC and NetScaler Gateway 14.1-47.46 and later releases
NetScaler ADC and NetScaler Gateway 13.1-59.19 and later releases of 13.1
NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.236 and later releases of 13.1-FIPS and 13.1-NDcPP. Customers should contact support - https://support.citrix.com/support-home/home to obtain the 13.1-FIPS and 13.1-NDcPP builds that address this issue.
Note: NetScaler ADC and NetScaler Gateway versions 12.1 and 13.0 are now End Of Life (EOL) and no longer supported. Customers are recommended to upgrade their appliances to one of the supported versions that address the vulnerabilities.
GreyNoise has identified a notable surge in scanning activity targeting MOVEit Transfer systems, beginning on May 27, 2025. Prior to this date, scanning was minimal — typically fewer than 10 IPs observed per day.
Roughly 16% of Swiss federal politicians had their official government email leaked on the dark web. This puts them at risk of phishing attacks or blackmail.
In the latest installment of our investigation into politicians’ cybersecurity practices, we found the official government email addresses of 44 Swiss politicians for sale on the dark web, roughly 16% of the 277 emails we searched. Constella Intelligence(new window) helped us compile this information.
Sharp-eyed readers might wonder why we searched for 277 email addresses if there are only 253 politicians between the Council of States, Federal Council, and National Council. The explanation is some politicians publicly share another email address along with their official government one. In these cases, we searched for both.
Since these email addresses are all publicly available, it’s not an issue that they’re on the dark web. However, it is an issue that they appear in data breaches, meaning Swiss politicians violated cybersecurity best practices and used their official emails to create accounts with services like Dropbox, LinkedIn, and Adobe, although there is evidence some Swiss politicians used their government email address to sign up for adult and dating platforms.
We’re not sharing identifying information for obvious reasons, and we notified every affected politician before we published this article.
Swiss politicians performed roughly as well as their European colleagues, having few fewer elected officials with exposed information than the UK (68%), the European Parliament (41%), and France (18%), and only slightly more than Italy (15%).
It should be noted that even a single compromised account could have significant ramifications on national security. And this isn’t a hypothetical. The Swiss government is actively being targeted on a regular basis. In 2025, hackers used DDoS attacks(new window) to knock the Swiss Federal Administration’s telephones, websites, and services offline. In 2024, Switzerland’s National Cyber Security Center published a report stating the Play ransomware group stole 65,000 government documents(new window) containing classified information from a government provider.
ATO’s 76th summit, which will be held June 24-25, 2025, in The Hague, Netherlands, comes at a time as the alliance’s member countries grapple with a rapidly changing global security dynamic. Russia continues to press on with its war campaign in Ukraine despite efforts to achieve a cease fire. Deep questions remain over the U.S. military commitment to Ukraine and if the U.S. would assist Europe if a conflict surfaced as required under Article 5 of NATO’s founding treaty. Israel undertook bombing strikes against Iran on the pretence that Iran was edging close to building viable nuclear weapons, which was followed by U.S. airstrikes. Since the previous summit, the leaders of European NATO countries have shown a dramatic change in rhetoric regarding the need to take on greater responsibility for security on the European continent, particularly as it pertains to increases in defense spending and military assistance to Ukraine. With an anticipated ambitious agenda, evidence of a clear rift in transatlantic relations and the alliance’s global super power distracted with other priorities, the summit could be hampered by disruption and division. This environment is ripe for cyber threats, prompting NATO member states to be on the look out for activity that could impact critical infrastructure entities. These threats could come from ideological and politically motivated attackers, who may seek to draw attention through distributed denial-of-service (DDoS) attacks, data leaks and website defacements affecting NATO nations. This blog, which draws on Intel 471’s Cyber Geopolitical Intelligence, will outline the issues at hand at the summit, the challenges facing NATO and look at the possible cyber threats.
Hacktivist attacks surge on U.S. targets after Iran bombings, with groups claiming DDoS hits on military, defense, and financial sectors amid rising tensions.
The U.S. has become a target in the hacktivist attacks that have embroiled several Middle Eastern countries since the start of the Israel-Iran conflict.
Several hacktivist groups have claimed DDoS attacks against U.S. targets in the wake of U.S. airstrikes on Iranian nuclear sites on June 21.
The attacks—most notably from hacktivist groups Mr Hamza, Team 313, Cyber Jihad, and Keymous+—targeted U.S. Air Force domains, major U.S. Aerospace and defense companies, and several banks and financial services companies.
The cyberattacks follow a broader campaign against Israeli targets that began after Israel launched attacks on Iranian nuclear and military targets on June 13. Israel and Iran have exchanged missile and drone strikes since the conflict began, and Iran also launched missiles at a U.S. military base in Qatar on June 23.
The accompanying cyber warfare has included DDoS attacks, data and credential leaks, website defacements, unauthorized access, and significant breaches of Iranian banking and cryptocurrency targets by Israel-linked Predatory Sparrow. Electronic interference with commercial ship navigation systems has also been reported in the Strait of Hormuz and the Persian Gulf.
An AI Researcher at Neural Trust has discovered a novel jailbreak technique that defeats the safety mechanisms of today’s most advanced Large Language Models (LLMs). Dubbed the Echo Chamber Attack, this method leverages context poisoning and multi-turn reasoning to guide models into generating harmful content, without ever issuing an explicitly dangerous prompt.
Unlike traditional jailbreaks that rely on adversarial phrasing or character obfuscation, Echo Chamber weaponizes indirect references, semantic steering, and multi-step inference. The result is a subtle yet powerful manipulation of the model’s internal state, gradually leading it to produce policy-violating responses.
In controlled evaluations, the Echo Chamber attack achieved a success rate of over 90% on half of the categories across several leading models, including GPT-4.1-nano, GPT-4o-mini, GPT-4o, Gemini-2.0-flash-lite, and Gemini-2.5-flash. For the remaining categories, the success rate remained above 40%, demonstrating the attack's robustness across a wide range of content domains.
The Echo Chamber Attack is a context-poisoning jailbreak that turns a model’s own inferential reasoning against itself. Rather than presenting an overtly harmful or policy-violating prompt, the attacker introduces benign-sounding inputs that subtly imply unsafe intent. These cues build over multiple turns, progressively shaping the model’s internal context until it begins to produce harmful or noncompliant outputs.
The name Echo Chamber reflects the attack’s core mechanism: early planted prompts influence the model’s responses, which are then leveraged in later turns to reinforce the original objective. This creates a feedback loop where the model begins to amplify the harmful subtext embedded in the conversation, gradually eroding its own safety resistances. The attack thrives on implication, indirection, and contextual referencing—techniques that evade detection when prompts are evaluated in isolation.
Unlike earlier jailbreaks that rely on surface-level tricks like misspellings, prompt injection, or formatting hacks, Echo Chamber operates at a semantic and conversational level. It exploits how LLMs maintain context, resolve ambiguous references, and make inferences across dialogue turns—highlighting a deeper vulnerability in current alignment methods.
AI firm DeepSeek is aiding China's military and intelligence operations, a senior U.S. official told Reuters, adding that the Chinese tech startup sought to use Southeast Asian shell companies to access high-end semiconductors that cannot be shipped to China under U.S. rules.
The U.S. conclusions reflect a growing conviction in Washington that the capabilities behind the rapid rise of one of China's flagship AI enterprises may have been exaggerated and relied heavily on U.S. technology.
Hangzhou-based DeepSeek sent shockwaves through the technology world in January, saying its artificial intelligence reasoning models were on par with or better than U.S. industry-leading models at a fraction of the cost.
"We understand that DeepSeek has willingly provided and will likely continue to provide support to China's military and intelligence operations," a senior State Department official told Reuters in an interview.
"This effort goes above and beyond open-source access to DeepSeek's AI models," the official said, speaking on condition of anonymity in order to speak about U.S. government information.
The U.S. government's assessment of DeepSeek's activities and links to the Chinese government have not been previously reported and come amid a wide-scale U.S.-China trade war.
The ICO said over 150,000 U.K. residents had data stolen in the breach.
The U.K. data protection watchdog has fined 23andMe £2.31 million ($3.1 million) for failing to protect U.K. residents’ personal and genetic data prior to its 2023 data breach.
The Information Commissioner’s Office (ICO) said on Tuesday it has fined the genetic testing company as it “did not have additional verification steps for users to access and download their raw genetic data” at the time of its cyberattack.
In 2023, hackers stole private data on more than 6.9 million users over a months-long campaign by accessing thousands of accounts using stolen credentials. 23andMe did not require its users to use multi-factor authentication, which the ICO said broke U.K. data protection law.
The ICO said over 155,000 U.K. residents had their data stolen in the breach.
In response to the fine, 23andMe told TechCrunch that it had rolled out mandatory multi-factor authentication for all accounts.
The ICO said it is in contact with 23andMe’s trustee following the company’s filing for bankruptcy protection. A hearing on 23andMe’s sale is expected later on Wednesday.
Jun 18, 2025, 19:09 GMT+1
Iran’s state broadcaster was hacked Wednesday night, with videos calling for street protests briefly aired.
Footage circulated on social media showed protest-themed clips interrupting regular programming.
"If you experience disruptions or irrelevant messages while watching various TV channels, it is due to enemy interference with satellite signals," state TV said.
The hacking of the programming on Wednesday night was limited to satellite transmissions, the Islamic Republic of Iran Broadcasting (IRIB) said.
Global banking giant UBS has suffered a data breach following a cyber-attack on a third-party supplier.
In a statement emailed to Infosecurity, a UBS spokesperson confirmed a breach had occurred, but it had not impacted customer data or operations.
“A cyber-attack at an external supplier has led to information about UBS and several other companies being stolen. No client data has been affected. As soon as UBS became aware of the incident, it took swift and decisive action to avoid any impact on its operations,” the UBS statement read.
Swiss-based newspaper Le Temps reported that information about 130,000 UBS employees had been published on the dark web by a ransomware group called World Leaks, previously known as Hunters International, following the incident.
This data includes business contact details, including phone number, their job role and details of their location and floor they work on.
The direct phone number of UBS CEO Sergio Ermotti was reportedly included in the published data.
UBS also confirmed to Infosecurity that the external supplier at the center of the incident was procurement service provider Swiss-based Chain IQ.
Another Chain IQ client, Swiss private bank Pictet, also revealed it had suffered a data breach as a result of the attack. Pictet said in statement published by Reuters that the information stolen did not contain its client data and was limited to invoice information with some of the bank's suppliers, such as technology providers and external consultants.
At the time of writing, it is not known whether any other Chain IQ customers have been impacted.