All posts by John Doe

■■■□□ Ukraine 🇺🇦 strikes Russian 🇷🇺 bomber-maker with cyber-attack. Following a daring drone attack on Russian airfields, Ukrainian military intelligence may have hacked the servers of Tupolev, the Kremlin’s strategic bomber maker. Local media reports that the Defense Intelligence of Ukraine managed to exfiltrate over 4.4GB of data from Tupolev’s servers, including official correspondence, personal…

🤩Google Chrome’s unique handling of referrer-policy creates a major loophole for silent data siphoning. CVE-2025-4664 proves that even trusted browsers are not immune to catastrophic zero-day vulnerabilities. Cross-origin data is up for grabs if you haven’t updated Chrome or Chromium. Detecting Chrome CVE-2025-4664 vulnerability with Wazuh https://www.techradar.com/pro/security/billions-of-chrome-users-at-risk-from-new-data-stealing-browser-vulnerability-how-to-stay-safe

■■■■■ Qualcomm fixes three Adreno GPU zero-days exploited in attacks. The company says two critical flaws (tracked as CVE-2025-21479 and CVE-2025-21480) were reported through the Google Android Security team in late January, and a third high-severity vulnerability (CVE-2025-27038) was reported in March. docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html https://www.aninews.in/news/national/general-news/6-pakistan-fighter-jets-one-c-130-aircraft-multiple-cruise-missiles-uavs-destroyed-during-iaf-retaliation-in-op-sindoor20250603194710/

■■■□□ CVE-2025-49113: Roundcube RCE. This vulnerability allows authenticated users to execute arbitrary commands via PHP object deserialization. https://x.com/ptswarm/status/1929940817679962141

■□□□□ Disinformation: Declassified stance of US State Department on Israeli war crimes. Matthew Miller, US State Department Spokesman, in a public statement. Reference: 📹https://youtube.com/shorts/Uxfoe88Q-hg 📹https://youtu.be/IjdkUHXj-Ao 📹https://youtube.com/shorts/vy_mojtIeSc 📹https://youtube.com/shorts/7PLRvFbFJV4

■■■■■ A recent vulnerability in 02 UK’s 4G calling (VoLTE) service, now patched, highlights persistent IMS security concerns. Ongoing VoLTE network testing has repeatedly revealed weaknesses, including: subscriber location exposure through SIP headers; unencrypted signaling traffic vulnerable to eavesdropping and tracking; flawed anonymous call implementations disclosing identities; and unchecked experimental SIP headers enabling data tunneling.…

■■■□□ Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump. A mystery whistleblower calling himself GangExposed has exposed key figures behind the Conti and Trickbot ransomware crews, publishing a trove of internal files and naming names. https://www.theregister.com/2025/05/31/gangexposed_coni_ransomware_leaks/

■■■□□ Exploit details for max severity Cisco IOS XE flaw now public. https://www.bleepingcomputer.com/news/security/exploit-details-for-max-severity-cisco-ios-xe-flaw-now-public/

■□□□□ Military tech that hacks; takes control over enemy drones can dominate future wars. interestingengineering.com/military/military-tech-takes-control-over-enemy-drones

■■□□□ United States: To that effect, the U.S. Department of Justice (DoJ) said it seized four domains, and their associated server facilitated the crypting service on May 27, 2025, in partnership with Dutch and Finnish authorities. These include AvCheck.net, Cryptor.biz, and Crypt.guru, all of which now display a seizure notice. https://thehackernews.com/2025/05/us-doj-seizes-4-domains-supporting.html