Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
page 3 / 225
DeepSeek faces ban from Apple, Google app stores in Germany | Reuters https://www.reuters.com/sustainability/boards-policy-regulation/deepseek-faces-expulsion-app-stores-germany-2025-06-27/
28/06/2025 09:57:32
QRCode
archive.org
thumbnail

Germany's data protection commissioner has asked Apple and Google to remove Chinese AI startup DeepSeek from their app stores in the country due to concerns about data protection, following a similar crackdown elsewhere.

  • Germany says DeepSeek illegally transfers user data to China
  • Apple and Google must now review Germany's request
  • Italy blocked DeepSeek app earlier this year

FRANKFURT, June 27 (Reuters) - Germany's data protection commissioner has asked Apple (AAPL.O), opens new tab and Google (GOOGL.O), opens new tab to remove Chinese AI startup DeepSeek from their app stores in the country due to concerns about data protection, following a similar crackdown elsewhere.
Commissioner Meike Kamp said in a statement on Friday that she had made the request because DeepSeek illegally transfers users' personal data to China.
The two U.S. tech giants must now review the request promptly and decide whether to block the app in Germany, she added, though her office has not set a precise timeframe.
Google said it had received the notice and was reviewing it.
DeepSeek did not respond to a request for comment. Apple was not immediately available for comment.
According to its own privacy policy, opens new tab, DeepSeek stores numerous pieces of personal data, such as requests to its AI programme or uploaded files, on computers in China.
"DeepSeek has not been able to provide my agency with convincing evidence that German users' data is protected in China to a level equivalent to that in the European Union," Kamp said.
"Chinese authorities have far-reaching access rights to personal data within the sphere of influence of Chinese companies," she added.

reuters EN 2025 Germany Italy DeepSeek legal China
Denmark to tackle deepfakes by giving people copyright to their own features https://www.theguardian.com/technology/2025/jun/27/deepfakes-denmark-copyright-law-artificial-intelligence
27/06/2025 15:22:34
QRCode
archive.org
thumbnail

The Danish government is to clamp down on the creation and dissemination of AI-generated deepfakes by changing copyright law to ensure that everybody has the right to their own body, facial features and voice.

The Danish government said on Thursday it would strengthen protection against digital imitations of people’s identities with what it believes to be the first law of its kind in Europe.

Having secured broad cross-party agreement, the department of culture plans to submit a proposal to amend the current law for consultation before the summer recess and then submit the amendment in the autumn.

It defines a deepfake as a very realistic digital representation of a person, including their appearance and voice.

The Danish culture minister, Jakob Engel-Schmidt, said he hoped the bill before parliament would send an “unequivocal message” that everybody had the right to the way they looked and sounded.

He told the Guardian: “In the bill we agree and are sending an unequivocal message that everybody has the right to their own body, their own voice and their own facial features, which is apparently not how the current law is protecting people against generative AI.”

He added: “Human beings can be run through the digital copy machine and be misused for all sorts of purposes and I’m not willing to accept that.”

The move, which is believed to have the backing of nine in 10 MPs, comes amid rapidly developing AI technology that has made it easier than ever to create a convincing fake image, video or sound to mimic the features of another person.

The changes to Danish copyright law will, once approved, theoretically give people in Denmark the right to demand that online platforms remove such content if it is shared without consent.

theguardian EN 2025 Denmark AI-generated deepfakes legal copyright
Hawaiian Airlines discloses cyberattack, flights not affected https://www.bleepingcomputer.com/news/security/hawaiian-airlines-discloses-cyberattack-flights-not-affected
27/06/2025 15:12:09
QRCode
archive.org
thumbnail

Hawaiian Airlines, the tenth-largest commercial airline in the United States, is investigating a cyberattack that has disrupted access to some of its systems.

With over 7,000 employees, 235 average daily flights, and a fleet of over 60 airplanes, Hawaiian Airlines connects Hawai'i with 15 U.S. mainland cities and 10 other destinations across Asia and the Pacific.

The airline stated in a statement issued on Thursday morning that the incident didn't affect flight safety and has already contacted relevant authorities to assist in investigating the attack.

Hawaiian Airlines also hired external cybersecurity experts to asses the attack's impact and help restore affected systems.

"Hawaiian Airlines is addressing a cybersecurity event that has affected some of our IT systems. Our highest priority is the safety and security of our guests and employees. We have taken steps to safeguard our operations, and our flights are operating safely and as scheduled," the airline said.

"Upon learning of this incident, we engaged the appropriate authorities and experts to assist in our investigation and remediation efforts. We are currently working toward an orderly restoration and will provide updates as more information is available."

A banner on the airline's website notes that the incident hasn't impacted flights in any way and that travel hasn't been affected.

The same alert is also displayed on the Alaska Airlines website, which is owned by Alaska Air Group, a company that acquired Hawaiian Airlines last year.

bleepingcomputer EN 2025 Airline Cyberattack Hawaii Hawaiian-Airlines USA
Pre-Auth Flaw in MongoDB Server Allows Attackers to Cause DoS https://gbhackers.com/pre-auth-flaw-in-mongodb-server/
27/06/2025 15:07:47
QRCode
archive.org
thumbnail

A critical pre-authentication vulnerability (CVE-2025-6709) in MongoDB Server enables unauthenticated attackers to trigger denial-of-service (DoS) conditions by exploiting improper input validation in OIDC authentication.

The flaw allows malicious actors to crash database servers by sending specially crafted JSON payloads containing specific date values, causing invariant failures and server crashes.

This vulnerability affects MongoDB Server versions before 7.0.17, 8.0.5, and 6.0.21 (with authentication required for 6.x exploitation).

Vulnerability Analysis
Attackers can reproduce the exploit using MongoDB’s mongo shell to send malicious JSON payloads targeting the OIDC authentication mechanism.

The server fails to properly validate date values in JSON input, leading to:

Complete server crashes without authentication in v7.0 and v8.0 deployments
Post-authentication DoS in v6.0 environments
Critical disruption of database operations through invariant failures
The vulnerability carries a CVSS score of 7.5 (High) due to its network-based attack vector, low attack complexity, and high availability impact.

MongoDB has classified this as CWE-20 (Improper Input Validation).
Mitigation and Updates

Administrators should immediately upgrade to patched versions:

MongoDB v6.0 → 6.0.21 or later
MongoDB v7.0 → 7.0.17 or later
MongoDB v8.0 → 8.0.5 or later
For environments where immediate patching isn’t feasible, consider disabling OIDC authentication until updates are applied.

gbhackers EN 2025 vulnerability MongoDB DoS CVE-2025-6709
New Guidance Released for Reducing Memory-Related Vulnerabilities https://www.cisa.gov/news-events/alerts/2025/06/24/new-guidance-released-reducing-memory-related-vulnerabilities
27/06/2025 15:03:33
QRCode
archive.org

This joint guide highlights important considerations for organizations seeking to transition toward more secure software development practices

Today, CISA, in partnership with the National Security Agency (NSA), released a joint guide on reducing memory-related vulnerabilities in modern software development.

Memory safety vulnerabilities pose serious risks to national security and critical infrastructure. Adopting memory safe languages (MSLs) offers the most comprehensive mitigation against this class of vulnerabilities and provides built-in safeguards that enhance security by design.

CISA’s Secure by Design program advocates for integrating proactive security measures throughout the software development lifecycle, with MSLs as a central component. Consistent support for MSLs underscores their benefits for national security and resilience by reducing exploitable flaws before products reach users.

This joint guide outlines key challenges to adopting MSLs, offers practical approaches for overcoming them, and highlights important considerations for organizations seeking to transition toward more secure software development practices. Organizations in academia, U.S. government, and private industry are encouraged to review this guidance and support adoption of MSLs.

In addition to the product published today, CISA and the NSA previously released the joint guide, The Case for Memory Safe Roadmaps. To learn more about memory safety, visit Secure by Design on CISA.gov.

Please share your thoughts with us via our anonymous product survey; we welcome your feedback.

cisa EN 2025 Guidance NSA Memory-Related Vulnerabilities development
Scale AI exposed sensitive data about clients like Meta and xAI in public Google Docs, BI finds https://africa.businessinsider.com/news/scale-ai-exposed-sensitive-data-about-clients-like-meta-and-xai-in-public-google-docs/8p5f5ex
27/06/2025 15:00:35
QRCode
archive.org
thumbnail

As Scale AI seeks to reassure customers that their data is secure following Meta's $14.3 billion investment, leaked files and the startup's own contractors indicate it has some serious security holes.

  • Scale AI routinely uses public Google Docs for work with Google, Meta, and xAI.
  • BI reviewed thousands of files — some marked confidential, others exposing contractor data.
  • Scale AI says it's conducting a "thorough investigation."

Scale AI routinely uses public Google Docs to track work for high-profile customers like Google, Meta, and xAI, leaving multiple AI training documents labeled "confidential" accessible to anyone with the link, Business Insider found.

Contractors told BI the company relies on public Google Docs to share internal files, a method that's efficient for its vast army of at least 240,000 contractors and presents clear cybersecurity and confidentiality risks.

Scale AI also left public Google Docs with sensitive details about thousands of its contractors, including their private email addresses and whether they were suspected of "cheating." Some of those documents can be viewed and also edited by anyone with the right URL.

businessinsider.com EN 2025 ScaleAI dataleak Meta
170 patients harmed as a result of cyber attack https://www.independent.co.uk/news/uk/home-news/london-nhs-gp-surgeries-blood-health-service-journal-b2772287.html
27/06/2025 14:54:21
QRCode
archive.org

More than 10,000 appointments were cancelled at the two London NHS trusts that were worst affected.
Around 170 patients have suffered harm as a result of a cyber attack on blood services at London hospitals and GP surgeries, reports suggest.

Pathology services provider Synnovis was the victim of a ransomware attack by a Russian cyber gang in June last year.

As a result more than 10,000 appointments were cancelled at the two London NHS trusts that were worst affected.
And a significant number of GP practices in London were unable to order blood tests for their patients.

Now the Health Service Journal (HSJ) has reported that there were nearly 600 “incidents” linked to the attack, with patient care suffering in 170 of these.

independent.co.uk EN 2025 EN London NHS health healthcare cyberattack
Microsoft 365 'Direct Send' abused to send phishing as internal users https://www.bleepingcomputer.com/news/security/microsoft-365-direct-send-abused-to-send-phishing-as-internal-users/
26/06/2025 15:03:13
QRCode
archive.org
thumbnail

An ongoing phishing campaign abuses a little‑known feature in Microsoft 365 called "Direct Send" to evade detection by email security and steal credentials.

Direct Send is a Microsoft 365 feature that allows on‑premises devices, applications, or cloud services to send emails through a tenant's smart host as if they originated from the organization's domain. It’s designed for use by printers, scanners, and other devices that need to send messages on behalf of the company.

However, the feature is a known security risk, as it doesn't require any authentication, allowing remote users to send internal‑looking emails from the company's domain.

Microsoft recommends that only advanced customers utilize the feature, as its safety depends on whether Microsoft 365 is configured correctly and the smart host is properly locked down..

"We recommend Direct Send only for advanced customers willing to take on the responsibilities of email server admins," explains Microsoft.

"You need to be familiar with setting up and following best practices for sending email over the internet. When correctly configured and managed, Direct Send is a secure and viable option. But customers run the risk of misconfiguration that disrupts mail flow or threatens the security of their communication."

The company has shared ways to disable the feature, which are explained later in the article, and says they are working on a way to deprecate the feature.

bleepingcomputer EN 2025 Credentials Direct-Send Email Microsoft Microsoft-365 Phishing
CISA: AMI MegaRAC bug enabling server hijacks exploited in attacks https://www.bleepingcomputer.com/news/security/cisa-ami-megarac-bug-that-lets-hackers-brick-servers-now-actively-exploited/
26/06/2025 10:47:30
QRCode
archive.org
thumbnail

CISA says a maximum severity vulnerability in AMI's MegaRAC Baseboard Management Controller (BMC) software, which enables attackers to hijack and brick servers, is currently under active exploitation.
CISA has confirmed that a maximum severity vulnerability in AMI's MegaRAC Baseboard Management Controller (BMC) software is now actively exploited in attacks.

The MegaRAC BMC firmware provides remote system management capabilities for troubleshooting servers without being physically present, and it's used by several vendors (including HPE, Asus, and ASRock) that supply equipment to cloud service providers and data centers.

This authentication bypass security flaw (tracked as CVE-2024-54085) can be exploited by remote unauthenticated attackers in low-complexity attacks that don't require user interaction to hijack and potentially brick unpatched servers.

bleepingcomputer EN 2025 Actively-Exploited American-Megatrends-International AMI Authentication-Bypass CISA MegaRAC CVE-2024-54085
Chine/France : Près de Toulouse, les "grandes oreilles" chinoises soupçonnées d'espionner les satellites français https://www.intelligenceonline.fr/renseignement-d-etat/2025/06/11/pres-de-toulouse-les-grandes-oreilles-chinoises-soupconnees-d-espionner-les-satellites-francais,110462871-eve
26/06/2025 09:37:37
QRCode
archive.org
thumbnail

L'antenne secrète, Airbus et la Chine (1/2) – Les services de renseignement français suspectent qu'une petite société de télécommunications chinoise ait déployé une station d'écoute à proximité de sites d'Airbus. Si une enquête judiciaire est ouverte, l'affaire mobilise fortement les espions hexagonaux. Révélations.

C'est une rue étroite qui coupe la "plus belle avenue du monde". À une centaine de mètres des Champs-Élysées, à Paris, entre une immense boutique du géant français du prêt-à-porter Lacoste et un ancien restaurant irakien, apparaît le 17 rue du Colisée. Ce centre d'affaires sans charme héberge un cabinet d'avocats, un groupe spécialisé dans les semi-conducteurs et une entreprise de production musicale. Depuis le 1er janvier 2025, l'immeuble compte un nouvel occupant : la société chinoise SATHD Europe, spécialisée dans les télécommunications par satellite. Alors que ses statuts juridiques l'attestent, l'entreprise ne figure pas sur la plaque mentionnant les locataires. Ces derniers affirment par ailleurs n'avoir constaté aucun signe de présence de cette mystérieuse entité entre les murs.

SATHD Europe existe pourtant bel et bien. La société est même soupçonnée par les services de renseignement hexagonaux d'être à l'origine de l'une des plus grandes opérations d'espionnage ayant visé la France ces dernières années. Après plusieurs mois d'enquête, Intelligence Online est en mesure de révéler une affaire de longue haleine, dans laquelle les regards convergent vers la Chine.

Village idéalement situé dans le cône de réception satellitaire
Début 2022. Les officiers de la Direction du renseignement et de la sécurité de la défense (DRSD), service de contre-ingérence du ministère des armées, repèrent une antenne suspecte qui dépasse du balcon d'un immeuble de Boulogne-sur-Gesse, petite commune rurale de Haute-Garonne. Celle-ci ressemble à peu de chose près à une parabole permettant de recevoir la télévision par satellite. Les contre-espions français sont toutefois sur leurs gardes. Ce village se situe à environ 71 kilomètres en ligne droite du téléport d'Issus Aussaguel. Ce centre de télécommunications, au sud de Toulouse, pilote les satellites d'observation de la Terre du Centre national d'études spatiales (CNES), notamment les Pléiades fabriqués par Airbus Group et les SWOT conçus par le français Thales Alenia Space (TAS) et l'américain Jet Propulsion Laboratory.

intelligenceonline FR espionnage France Chine SATHD Airbus télécommunications
OWASP Agentic AI Top 10 Vulnerability Scoring System (AIVSS) & Comprehensive AI Security Framework https://aivss.owasp.org/?_bhlid=1fcd52f30f75311a68b7eb7b5632fcff9cd7c372
26/06/2025 09:16:26
QRCode
archive.org
thumbnail

Developing a rigorous scoring system for Agentic AI Top 10 vulnerabilities, leading to a comprehensive AIVSS framework for all AI systems.

Key Deliverables

  • Agentic AI Top 10 Vulnerability Scoring System:
    • A precise and quantifiable scoring methodology tailored to the unique risks identified in the OWASP Agentic AI Top 10.
    • Clear rubrics and guidelines for assessing the severity and exploitability of these specific vulnerabilities.
  • Comprehensive AIVSS Framework Package:
    • Standardized AIVSS Framework: A scalable framework validated across a diverse range of AI applications, including and extending beyond Agentic AI.
    • AIVSS Framework Guide: Detailed documentation explaining the metrics, scoring methodology, and application of the framework.
    • AIVSS Scoring Calculator: An open-source tool to automate and standardize the vulnerability scoring process.
    • AIVSS Assessment Report Templates: Standardized templates for documenting AI vulnerability assessments.
owasp EN AI proposition scoring AI vulnerabilities framework Agentic
Piratage Adecco : le procès XXL de Lyon jugera le siphonnage de 76 000 fiches d’intérimaires https://www.clubic.com/actualite-569067-piratage-adecco-le-proces-xxl-de-lyon-jugera-le-siphonnage-de-76-000-fiches-d-interimaires.html?_bhlid=5202d4b366ce70b7e20a63ea4eeff9c3b14cddae
26/06/2025 09:16:03
QRCode
archive.org
thumbnail

Le procès de seize personnes impliquées dans le siphonnage des données bancaires et personnelles de 76 000 intérimaires Adecco débute ce lundi à Lyon. Le préjudice estimé atteint 1,6 million d’euros.

  • Le procès de seize personnes débute à Lyon pour le siphonnage de données de 76 000 intérimaires Adecco, causant un préjudice de 1,6 million d'euros.
  • Un alternant d'Adecco a permis l'accès aux données via le darkweb, entraînant des prélèvements frauduleux orchestrés par une société écran.
  • Les victimes, exposées à des risques d'usurpation d'identité, s'inquiètent des conséquences à long terme de cette fraude.

En 2022, des intérimaires d’Adecco découvrent sur leur relevé bancaire un débit de 49,85 euros. Le nom affiché ne leur dit rien. Rapidement, l’affaire fait tache d'huile. Comme on vous l'avait raconté sur Clubic à cette époque, plusieurs milliers de personnes se rendent compte du problème en même temps. Les prélèvements se répètent, toujours pour le même montant. Les victimes échangent sur un groupe Facebook. Le point commun se confirme. Elles réalisent qu'elles ont toutes travaillé pour le leader du travail temporaire en France. Adecco lance un audit interne. Très vite, le lien se fait avec ses propres fichiers. Le géant suisse, pays pourtant considéré comme sanctuaire des données personnelles, comprend qu’un vaste piratage vient de toucher ses bases de données.

clubic FR 2025 Adecco 2022 procès Lyon Piratage
Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6
26/06/2025 08:55:08
QRCode
archive.org

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an unauthenticated, remote attacker to issue commands on the underlying operating system as the root user.

For more information about these vulnerabilities, see the Details section of this advisory.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

Details

The vulnerabilities are not dependent on one another. Exploitation of one of the vulnerabilities is not required to exploit the other vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerability.

Details about the vulnerabilities are as follows:

CVE-2025-20281: Cisco ISE API Unauthenticated Remote Code Execution Vulnerability

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.

This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Bug ID(s): CSCwo99449
CVE ID: CVE-2025-20281
Security Impact Rating (SIR): Critical
CVSS Base Score: 10.0
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVE-2025-20282: Cisco ISE API Unauthenticated Remote Code Execution Vulnerability

A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root.

This vulnerability is due a lack of file validation checks that would prevent uploaded files from being placed in privileged directories on an affected system. An attacker could exploit this vulnerability by uploading a crafted file to the affected device. A successful exploit could allow the attacker to store malicious files on the affected system and then execute arbitrary code or obtain root privileges on the system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Bug ID(s): CSCwp02821
CVE ID: CVE-2025-20282
Security Impact Rating (SIR): Critical
CVSS Base Score: 10.0
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Workarounds

There are no workarounds that address these vulnerabilities.
sec.cloudapps.cisco.com EN 2025 Security-Bulletin cisco ISE CVE-2025-20281 CVE-2025-20282
Crash (exploit) and burn: Securing the offensive cyber supply chain to counter China in cyberspace https://www.atlanticcouncil.org/in-depth-research-reports/report/crash-exploit-and-burn/#analysis
26/06/2025 08:15:31
QRCode
archive.org
thumbnail

If the United States wishes to compete in cyberspace, it must compete against China to secure its offensive cyber supply chain.

Strategic competition between the United States and China has long played out in cyberspace, where offensive cyber capabilities, like zero-day vulnerabilities, are a strategic resource. Since 2016, China has been turning the zero-day marketplace in East Asia into a funnel of offensive cyber capabilities for its military and intelligence services, both to ensure it can break into the most secure Western technologies and to deny the United States from obtaining similar capabilities from the region. If the United States wishes to compete in cyberspace, it must compete against China to secure its offensive cyber supply chain.  

This report is the first to conduct a comparative study within the international offensive cyber supply chain, comparing the United States’ fragmented, risk-averse acquisition model with China’s outsourced and funnel-like approach.  

Key findings: 

  • Zero-day exploitation is becoming more difficult, opaque, and expensive, leading to “feast-or-famine” contract cycles. 
  • Middlemen with prior government connections further drive up costs and create inefficiency in the US and Five Eyes (FVEYs) market, while eroding trust between buyers and sellers.  
  • China’s domestic cyber pipeline dwarfs that of the United States. China is also increasingly moving to recruit from the Middle East and East Asia. 
  • The United States relies on international talent for its zero-day capabilities, and its domestic talent investment is sparse – focused on defense rather than offense.  
  • The US acquisition processes favor large prime contractors, and prioritize extremely high levels of accuracy, trust, and stealth, which can create market inefficiencies and overly index on high-cost, exquisite zero-day exploit procurements. 
  • China’s acquisition processes use decentralized contracting methods. The Chinese Communist Party (CCP) outsources operations, shortens contract cycles, and prolongs the life of an exploit through additional resourcing and “n-day” usage.    
  • US cybersecurity goals, coupled with “Big Tech” market dominance, are strategic counterweights to the US offensive capability program, demonstrating a strategic trade-off between economic prosperity and national security. 
  • China’s offensive cyber industry is already heavily integrated with artificial intelligence (AI) institutions, and China’s private sector has been proactively using AI for cyber operations. 
  • Given the opaque international market for zero-day exploits, preference among government customers for full exploit chains leveraging multiple exploit primitives, and the increase in bug collisions, governments can almost never be sure they truly have a “unique capability.”   
atlanticcouncil EN 2025 analysis US China 0-days
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-6543 https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788
25/06/2025 15:50:49
QRCode
archive.org

Description of Problem
A vulnerability has been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). Refer below for further details.

Affected Versions
The following supported versions of NetScaler ADC and NetScaler Gateway are affected by the vulnerabilities:

NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-47.46
NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-59.19
NetScaler ADC 13.1-FIPS and NDcPP BEFORE 13.1-37.236-FIPS and NDcPP

NetScaler ADC 12.1-FIPS is not affected by this vulnerability.

Additional Note: Secure Private Access on-prem or Secure Private Access Hybrid deployments using NetScaler instances are also affected by the vulnerabilities. Customers need to upgrade these NetScaler instances to the recommended NetScaler builds to address the vulnerabilities.

This bulletin only applies to customer-managed NetScaler ADC and NetScaler Gateway. Cloud Software Group upgrades the Citrix-managed cloud services and Citrix-managed Adaptive Authentication with the necessary software updates.

Details
NetScaler ADC and NetScaler Gateway contain the vulnerability mentioned below:

CVE-ID

Description Pre-conditions CWE CVSSv4
CVE-2025-6543

Memory overflow vulnerability leading to unintended control flow and Denial of Service

NetScaler must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

CVSS v4.0 Base Score: 9.2

(CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L)

What Customers Should Do
Exploits of CVE-2025-6543 on unmitigated appliances have been observed.

Cloud Software Group strongly urges affected customers of NetScaler ADC and NetScaler Gateway to install the relevant updated versions as soon as possible.

NetScaler ADC and NetScaler Gateway 14.1-47.46 and later releases
NetScaler ADC and NetScaler Gateway 13.1-59.19 and later releases of 13.1
NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1-37.236 and later releases of 13.1-FIPS and 13.1-NDcPP. Customers should contact support - https://support.citrix.com/support-home/home to obtain the 13.1-FIPS and 13.1-NDcPP builds that address this issue.

Note: NetScaler ADC and NetScaler Gateway versions 12.1 and 13.0 are now End Of Life (EOL) and no longer supported. Customers are recommended to upgrade their appliances to one of the supported versions that address the vulnerabilities.

support.citrix.com EN 2025 Citrix Security-Bulletin CVE-2025-6543
Surge in MOVEit Transfer Scanning Activity Could Signal Emerging Threat Activity https://www.greynoise.io/blog/surge-moveit-transfer-scanning-activity
25/06/2025 15:07:13
QRCode
archive.org
thumbnail

GreyNoise has identified a notable surge in scanning activity targeting MOVEit Transfer systems, beginning on May 27, 2025. Prior to this date, scanning was minimal — typically fewer than 10 IPs observed per day.

  • 682 unique IPs have triggered GreyNoise’s MOVEit Transfer Scanner tag over the past 90 days.
  • The surge began on May 27 — prior activity was near-zero.
    303 IPs (44%) originate from Tencent Cloud (ASN 132203) — by far the most active infrastructure.
  • Other source providers include Cloudflare (113 IPs), Amazon (94), and Google (34).
  • Top destination countries include the United Kingdom, United States, Germany, France, and Mexico.
  • The overwhelming majority of scanner IPs geolocate to the United States.
    ‍
greynoise EN 2025 MOVEit Emerging Threat Activity
16% of Swiss federal politicians have data on dark web https://proton.me/blog/swiss-politicians-dark-web
25/06/2025 00:03:58
QRCode
archive.org
thumbnail

Roughly 16% of Swiss federal politicians had their official government email leaked on the dark web. This puts them at risk of phishing attacks or blackmail.

In the latest installment of our investigation into politicians’ cybersecurity practices, we found the official government email addresses of 44 Swiss politicians for sale on the dark web, roughly 16% of the 277 emails we searched. Constella Intelligence(new window) helped us compile this information.

Sharp-eyed readers might wonder why we searched for 277 email addresses if there are only 253 politicians between the Council of States, Federal Council, and National Council. The explanation is some politicians publicly share another email address along with their official government one. In these cases, we searched for both.

Since these email addresses are all publicly available, it’s not an issue that they’re on the dark web. However, it is an issue that they appear in data breaches, meaning Swiss politicians violated cybersecurity best practices and used their official emails to create accounts with services like Dropbox, LinkedIn, and Adobe, although there is evidence some Swiss politicians used their government email address to sign up for adult and dating platforms.

We’re not sharing identifying information for obvious reasons, and we notified every affected politician before we published this article.
Swiss politicians performed roughly as well as their European colleagues, having few fewer elected officials with exposed information than the UK (68%), the European Parliament (41%), and France (18%), and only slightly more than Italy (15%).

It should be noted that even a single compromised account could have significant ramifications on national security. And this isn’t a hypothetical. The Swiss government is actively being targeted on a regular basis. In 2025, hackers used DDoS attacks(new window) to knock the Swiss Federal Administration’s telephones, websites, and services offline. In 2024, Switzerland’s National Cyber Security Center published a report stating the Play ransomware group stole 65,000 government documents(new window) containing classified information from a government provider.

proton EN 2025 Switzerland data-leak federal politicians government
NATO summit commences in tandem with tense cyber, kinetic… https://intel471.com/blog/nato-summit-commences-in-tandem-with-tense-cyber-kinetic-conflict
24/06/2025 13:44:03
QRCode
archive.org
thumbnail

ATO’s 76th summit, which will be held June 24-25, 2025, in The Hague, Netherlands, comes at a time as the alliance’s member countries grapple with a rapidly changing global security dynamic. Russia continues to press on with its war campaign in Ukraine despite efforts to achieve a cease fire. Deep questions remain over the U.S. military commitment to Ukraine and if the U.S. would assist Europe if a conflict surfaced as required under Article 5 of NATO’s founding treaty. Israel undertook bombing strikes against Iran on the pretence that Iran was edging close to building viable nuclear weapons, which was followed by U.S. airstrikes. Since the previous summit, the leaders of European NATO countries have shown a dramatic change in rhetoric regarding the need to take on greater responsibility for security on the European continent, particularly as it pertains to increases in defense spending and military assistance to Ukraine. With an anticipated ambitious agenda, evidence of a clear rift in transatlantic relations and the alliance’s global super power distracted with other priorities, the summit could be hampered by disruption and division. This environment is ripe for cyber threats, prompting NATO member states to be on the look out for activity that could impact critical infrastructure entities. These threats could come from ideological and politically motivated attackers, who may seek to draw attention through distributed denial-of-service (DDoS) attacks, data leaks and website defacements affecting NATO nations. This blog, which draws on Intel 471’s Cyber Geopolitical Intelligence, will outline the issues at hand at the summit, the challenges facing NATO and look at the possible cyber threats.

intel471 EN 2025 NATO Geopolitical Intelligence analysis
Hacktivists Launch DDoS Attacks at U.S. Following Iran Bombings https://cyble.com/blog/hacktivists-launch-ddos-attacks-at-us-iran-bombings/
24/06/2025 13:42:23
QRCode
archive.org
thumbnail

Hacktivist attacks surge on U.S. targets after Iran bombings, with groups claiming DDoS hits on military, defense, and financial sectors amid rising tensions.
The U.S. has become a target in the hacktivist attacks that have embroiled several Middle Eastern countries since the start of the Israel-Iran conflict.

Several hacktivist groups have claimed DDoS attacks against U.S. targets in the wake of U.S. airstrikes on Iranian nuclear sites on June 21.

The attacks—most notably from hacktivist groups Mr Hamza, Team 313, Cyber Jihad, and Keymous+—targeted U.S. Air Force domains, major U.S. Aerospace and defense companies, and several banks and financial services companies.

The cyberattacks follow a broader campaign against Israeli targets that began after Israel launched attacks on Iranian nuclear and military targets on June 13. Israel and Iran have exchanged missile and drone strikes since the conflict began, and Iran also launched missiles at a U.S. military base in Qatar on June 23.

The accompanying cyber warfare has included DDoS attacks, data and credential leaks, website defacements, unauthorized access, and significant breaches of Iranian banking and cryptocurrency targets by Israel-linked Predatory Sparrow. Electronic interference with commercial ship navigation systems has also been reported in the Strait of Hormuz and the Persian Gulf.

cyble EN 2025 DDoS Attacks US Iran
Echo Chamber: A Context-Poisoning Jailbreak That Bypasses LLM Guardrails https://neuraltrust.ai/blog/echo-chamber-context-poisoning-jailbreak
24/06/2025 07:36:46
QRCode
archive.org
thumbnail

An AI Researcher at Neural Trust has discovered a novel jailbreak technique that defeats the safety mechanisms of today’s most advanced Large Language Models (LLMs). Dubbed the Echo Chamber Attack, this method leverages context poisoning and multi-turn reasoning to guide models into generating harmful content, without ever issuing an explicitly dangerous prompt.

Unlike traditional jailbreaks that rely on adversarial phrasing or character obfuscation, Echo Chamber weaponizes indirect references, semantic steering, and multi-step inference. The result is a subtle yet powerful manipulation of the model’s internal state, gradually leading it to produce policy-violating responses.

In controlled evaluations, the Echo Chamber attack achieved a success rate of over 90% on half of the categories across several leading models, including GPT-4.1-nano, GPT-4o-mini, GPT-4o, Gemini-2.0-flash-lite, and Gemini-2.5-flash. For the remaining categories, the success rate remained above 40%, demonstrating the attack's robustness across a wide range of content domains.
The Echo Chamber Attack is a context-poisoning jailbreak that turns a model’s own inferential reasoning against itself. Rather than presenting an overtly harmful or policy-violating prompt, the attacker introduces benign-sounding inputs that subtly imply unsafe intent. These cues build over multiple turns, progressively shaping the model’s internal context until it begins to produce harmful or noncompliant outputs.

The name Echo Chamber reflects the attack’s core mechanism: early planted prompts influence the model’s responses, which are then leveraged in later turns to reinforce the original objective. This creates a feedback loop where the model begins to amplify the harmful subtext embedded in the conversation, gradually eroding its own safety resistances. The attack thrives on implication, indirection, and contextual referencing—techniques that evade detection when prompts are evaluated in isolation.

Unlike earlier jailbreaks that rely on surface-level tricks like misspellings, prompt injection, or formatting hacks, Echo Chamber operates at a semantic and conversational level. It exploits how LLMs maintain context, resolve ambiguous references, and make inferences across dialogue turns—highlighting a deeper vulnerability in current alignment methods.

neuraltrust EN 2025 AI jailbreak LLM Echo-Chamber attack GPT
page 3 / 225
4490 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio