Mozilla Firefox experiments with AI-powered Perplexity Search Engine in its address bar for version 139, signalling a potential…

Mozilla Firefox experiments with AI-powered Perplexity Search Engine in its address bar for version 139, signalling a potential shift in search partnerships and user experience.

Mozilla Firefox, a long-standing web browser, is experimenting with integrating the AI-driven Perplexity Search Engine directly into its user interface. Currently being tested in Firefox version 139, this initiative involves a pop-up advertisement within the address bar, appearing when Firefox is in Search Mode, inviting users to try Perplexity as a “new way to search in Firefox.”

This move suggests Firefox is exploring alternatives to its long-standing reliance on Google for search, potentially aiming to diversify its offerings and revenue streams.

According to Windows Report, Mozilla is closely monitoring its progress. A project note mentions an engineer, @Mandy Cheang, who is working on the “draft experiment recipe” for this integration, targeting the Firefox 139 release.

The pop-up message itself reads: “Introducing Perplexity: a new way to search in Firefox. Ask questions. Get complete, well-cited answers. Try Perplexity or Dismiss.” This direct promotion within the browser’s primary search interface marks a significant step beyond simply listing Perplexity as an alternative search option.

Screenshot via Windows Report

****Perplexity: An AI-Driven Approach to Search****

Perplexity is different from other search engines like Google due to the integration of artificial intelligence to generate direct, well-cited answers to user queries. Instead of presenting a list of links, Perplexity synthesizes information from various sources into a conversational, chat-like format, often providing citations to support its responses. Users can also engage in follow-up questions to get an in-depth understanding. This approach helps address the common issue of information overload as seen in conventional searches, where users get bombarded with numerous links to find relevant information.

Mozilla’s exploration of Perplexity could be a strategic move to secure alternative revenue streams. While Google reportedly pays Mozilla over $400 million annually, to be the default search engine in Firefox, this experiment signals an openness to AI-centric search solutions. It’s important to note that Perplexity recently launched Comet, a competitor to Google Chrome, and Mozilla and Perplexity have not yet publicly confirmed any financial agreements or the duration of this testing phase.

While the exact targeting of this test, whether by specific regions or a percentage of Firefox 139 users, remains unconfirmed by Mozilla, it indicates a potential shift in how the browser approaches web search. Firefox currently offers users search options including Google, Bing, DuckDuckGo, and Wikipedia.

The outcome of this experiment will determine whether Perplexity could become a more permanent addition to this list and change the way most users search online. Beyond this specific integration, Firefox will also soon prompt users to agree to updated terms of use upon startup.

Firefox Tests AI-Powered Perplexity Search Engine Directly in Browser

Disciplined, well-trained, and well-equipped, AI agents are digital soldiers. They operate independently to carry out their orders, working…

Disciplined, well-trained, and well-equipped, AI agents are digital soldiers. They operate independently to carry out their orders, working tirelessly to get the job done efficiently. But even the greatest soldiers can only achieve limited results when working alone. It’s only when formed into ranks, brigades, and divisions that soldiers are capable of truly changing the world.

Right now, the onchain landscape is awash with lone wolves: individual agents carrying out the mission they’ve been tasked with, be it identifying the optimum DeFi yield or spotting arbitrage opportunities for their human taskmasters. Imagine what could be achieved if these agents were capable of cooperating, forming groups of digital soldiers that collaborate across different networks and ecosystems? One agent is a mere soldier. But put 1,000 of them in lockstep and suddenly you’ve got a brigade capable of achieving something far greater than the sum of their parts.

This, essentially, is the vision of Coral Protocol, one of the leading advocates of the quest to make AI agents work as one. It believes that the future of onchain agents lies in providing the infrastructure for them to self-organize and work together to improve complex workflows. By communicating and optimizing as a single entity – or brigade – Coral is confident that it can create a cohesive army of agents. Their aims might be peaceful, but these agents operate like a well-drilled army brigade.

****Crypto’s Fragmentation Problem****

It’s no secret that the onchain landscape is fragmented. Due to the number of blockchains that have sprung up in recent years, including L2s and L3s, liquidity, users, and developers are scattered. Some ply their trade on EVM networks; others do their thing on Solana; while still others operate on newer chains such as TON and Sui.

Crypto is now large enough to support this level of activity: DeFi no longer needs to be on Ethereum or memecoins on Solana. But the downside to this balkanization is that it’s resulted in an onchain environment in which economic opportunities are scattered to the four winds. A user operating on Base can’t easily take advantage of superior pricing on Solana when swapping into stablecoins. Similarly, an Ethereum staker can’t use their LSTs to earn a yield on Sui.

AI agents – envoys dispatched by users to do their bidding – find themselves in a similar predicament. They can take care of business on the network on which they’ve been deployed but are powerless to react to events on far-flung blockchains. To return to the soldier analogy, they are troops that have been parachuted into the jungle, with no means of engaging in the conflict being fought hundreds of miles away on the beaches.

For this reason, getting the agentic economy to realize its full potential calls for finding a way to transform these solo operators into team players who can communicate and cooperate to achieve shared goals. This is the key to elevating agents into a fighting force that’s capable of governing the entire onchain landscape.

****Organizing the Agentic Economy****

In an attempt to organize all of this onchain activity, and bring cohesion and unity to the scattered agent economy, Coral Protocol has devised a standardized framework to support an Internet of Agents. At present, getting an agent from Project A to work with one from Project B is extremely difficult – especially if those agents are on different networks. Coral wants to streamline this process so that agents from different vendors and frameworks can collaborate.

This makes sense because onchain events don’t happen in a vacuum. A whale market buying $1M of ETH on Ethereum _does_ affect the price of ETH on Arbitrum, Optimism, and Avalanche. But a user on one of these chains has little opportunity to take advantage of this. Similarly, a lending protocol offering boosted rewards on a new network is of little use to a lender using its protocol on a different chain. 

But agents, working together to share information, transfer liquidity, and obtain maximum yield, can react to such events. This is where solutions such as Coral’s have a chance to shine, elevating the entire agentic economy by increasing the use cases and functions that agents can execute.

> Coral Protocol helps AI agents work across several systems at the same time.
> 
> For example, a Coralised Deep Research agent can concurrently:
> 
> → support B2B sales  
> → drive hackathon planning  
> → assist with software testing
> 
> Coralise once, use everywhere. 🪸 pic.twitter.com/7jRy8VH7Ok
> 
> — Coral Protocol (@Coral\_Protocol) May 19, 2025

****Who Watches the Watchmen?****

“Quis custodiet ipsos custodes?” is a Latin phrase commonly translated as “Who will watch the watchmen?” In a web3 context, it’s an apposite means of describing the role played by an aspiring cross-chain solution tasked with keeping AI agents on their toes. If agents are unwilling or unable to collaborate, there needs to be an overarching framework capable of ensuring this. A war general, devising strategy and issuing orders that filter down to the troops on the ground.

Coral’s vendor-neutral infrastructure is designed to ensure that no single entity can wield unilateral control. In other words, Agents are free to perform actions like managing transactions, automating workflows, and governing decentralized systems, but there’s a guiding hand ensuring that all of this activity is harmonious and steering the work towards collective goals.

Significantly, this direction isn’t implemented in a top-down manner characteristic of centralized organizations: rather it’s achieved by giving “cells” of agents the ability to communicate with fellow cells and team up to complete missions. One of how Coral facilitates this is through a universal messaging protocol for AI agents, which enables consistent communication regardless of the underlying technology or vendor. It’s analogous to TCP/IP, providing a common language for the Internet of Agents.

Coral also includes a flexible system for orchestrating multi-agent tasks. This supports dynamic workflows where agents can collaborate and complete complex tasks without centralized control. It allows agents to form trusted groups dynamically for specific tasks, using cryptographic protocols to verify identities and ensure secure collaboration. This is ideal for creating ad-hoc partnerships among agents, critical for decentralized environments where trust cannot necessarily be assumed.

****Agent Armies Are Imminent****

A near future in which armies of agents rove onchain, acting as powerful yet peaceful forces, is inevitable. Not only is it the logical way to coordinate cross-chain agentic activity, but it’s the only practical way in which to do so. Until such a solution takes root and sees widescale adoption, the capabilities of onchain agents will remain significantly impaired.

The only question still to be settled is which infra solution will become the default layer for enabling agents to work as one. Coral isn’t the only protocol vying for this role, but this much can at least be said with confidence: its vision (PDF) is compelling and its logic impeccable.

Once advanced features like payments between agents are implemented – facilitated using the recently MEXC-listed CORAL token – there will be little that AI agents can’t achieve. They may have started out as simple soldiers, but agents are well on their way to becoming a conquering army with mastery of the entire onchain landscape.

Coordinated Intelligence: The Next Frontier for Onchain AI Agents

ESET reports on RoundPress, a cyber espionage campaign by Russia’s Fancy Bear (Sednit) targeting Ukraine-related organizations via webmail…

ESET reports on RoundPress, a cyber espionage campaign by Russia’s Fancy Bear (Sednit) targeting Ukraine-related organizations via webmail vulnerabilities and SpyPress malware.

Cybersecurity researchers at ESET have revealed a sophisticated cyber espionage campaign, codenamed RoundPress, assessing with “medium confidence” that it is orchestrated by the Russian-backed Sednit group (aka APT28, Fancy Bear). This operation is actively targeting organizations linked with the ongoing conflict in Ukraine, aiming to exfiltrate confidential data from vulnerable webmail servers like RoundCube.

The Sednit group, linked by the US Department of Justice to the 2016 Democratic National Committee (DNC) hack and tracked by Hackread.com in attacks on TV5Monde and WADA, has been employing targeted spearphishing emails in the RoundPress campaign.

These emails exploit Cross-Site Scripting (XSS) vulnerabilities in various webmail platforms to inject malicious JavaScript code, dubbed SpyPress, into the victim’s browser.

****Exploiting Known and Zero-Day Vulnerabilities in Webmail Systems****

In ESET’s blog post, shared with Hackread.com, researchers noted that over the past two years, espionage groups have targeted webmail servers like Roundcube and Zimbra for email theft due to their outdated nature and remote vulnerability triggers making targeting easier.

In 2023, researchers observed Sednit exploiting CVE-2020-35730 in Roundcube. However, in 2024, the campaign expanded to target vulnerabilities in:

*   Horde (an older XSS flaw)

*   Roundcube (CVE-2023-43770, patched on September 14, 2023)

*   Zimbra (CVE-2024-27443, also known as ZBUG-3730, patched on March 1, 2024)

*   MDaemon (CVE-2024-11182, a zero-day reported by researchers on November 1, 2024, and patched in version 24.5.1 on November 14, 2024)

Compromise Chain (Source: ESET)

ESET noted a specific spearphishing email sent on September 29, 2023, from katecohen1984@portugalmailpt exploiting CVE‑2023‑43770 in Roundcube. The emails often mimic news content to entice victims to open them, such as an email to a Ukrainian target on September 11, 2024, from kyivinfo24@ukrnet about an alleged arrest in Kharkiv, and another to a Bulgarian target on November 8, 2024, from office@terembgcom regarding Putin and Trump.

The primary targets of Operation RoundPress in 2024, as identified through ESET telemetry and VirusTotal submissions, are predominantly Ukrainian governmental entities and defence companies in Bulgaria and Romania, some of which are producing Soviet-era weapons for Ukraine.

Researchers also observed targeting of national governments in Greece, Cameroon, Ecuador, Serbia, and Cyprus (an academic in environmental studies), a telecommunications firm for the defence sector in Bulgaria and a civil air transport company and transportation state company in Ukraine.

The SpyPress malware variants (SpyPress.HORDE, SpyPress.MDAEMON, SpyPress.ROUNDCUBE, and SpyPress.ZIMBRA) share obfuscation techniques and communicate with C2 servers via HTTP POST requests. However, their capabilities vary.

For instance, SpyPress.ROUNDCUBE has been observed creating Sieve rules to forward all incoming emails to an attacker-controlled address, such as srezoska@skiffcom (Skiff being a privacy-oriented email service). SpyPress.MDAEMON demonstrated the ability to create App Passwords, granting persistent access.

Researchers concluded that the ongoing exploitation of webmail vulnerabilities by groups like Sednit underscores the importance of timely patching and strong security measures to protect sensitive information from such targeted spying campaigns.

J Stephen Kowski, Field CTO at SlashNext Email Security+ commented on the latest development, stating, _“_Attacks like Operation RoundPress show how quickly hackers can shift targets, especially when they find weaknesses in popular email platforms._“_

_“_Whether you’re using paid commercial email systems or free, self-hosted open-source options like RoundCube, no solution is completely safe – self-hosted systems often give a false sense of security since they still need regular updates and expert maintenance,_“_ he warned.

_“_The best way to stay ahead is by making sure email systems are always updated and patched, using strong protections like multi-factor authentication, and having tools that can spot and block phishing emails before they reach users_,”_ Kowski advised.

Russia-Linked SpyPress Malware Exploits Webmails to Spy on Ukraine

FBI has warned about a sophisticated vishing and smishing campaign using AI-generated voice memos to impersonate senior US…

FBI has warned about a sophisticated vishing and smishing campaign using AI-generated voice memos to impersonate senior US officials and target their contacts.

The Federal Bureau of Investigation (FBI) has issued a warning regarding a growing threat where malicious individuals are using artificial intelligence (AI) to mimic the voices of high-ranking United States officials. These AI-generated voice memos, combined with deceptive text messages, are being used in attempts to target current/former government officials, and individuals in their contact lists.

According to the FBI’s announcement, since April 2025, these “malicious actors” have employed techniques known as “smishing” (using SMS or text messages) and “vishing” (using voice messages) to create memos that appear as if they originate from senior US officials. The goal is to build trust and establish a connection with the targeted individuals. The FBI explicitly stated, “If you receive a message claiming to be from a senior US official, do not assume it is authentic.”

****Tactics Used to Gain Access****

According to the FBI, once contact is made, the perpetrators try to access the personal accounts of their targets. One method involves sending malicious links within these messages, which when victims click, will move the conversation to a different, supposedly more secure messaging platform. However, in reality, these links likely lead to malicious websites designed to steal login credentials or install malware.

The FBI warns of a potential cascading effect where one successful compromise could lead to multiple others. These “bad actors” can use compromised accounts to target other US officials or their associates, and the stolen information can be used to craft convincing impersonations or launch further social engineering attacks. The FBI also cautioned that “contact information acquired through social engineering schemes could also be used to impersonate contacts to elicit information or funds.”

****Growing Trend of AI-Powered Deception****

While the FBI did not disclose the specific US officials being impersonated, their announcement indicated that most of the targets are “current or former senior US federal or state government officials and their contacts.” This suggests a widespread campaign targeting individuals with potentially sensitive information or access.

In December 2024, the FBI had concerns about the increasing use of generative AI by criminals to conduct various financial fraud schemes on a larger scale. This technology allows for the creation of realistic text, images, audio, and video, making it easier to deceive unsuspecting victims into sending money or falling prey to other scams. Moreover, experts have noted a significant rise in the use of AI-based voice cloning. According to a report by CrowdStrike, the weaponization of this technology saw a dramatic increase of 442% between the first and second halves of 2024.

Now this latest warning from the FBI highlights the continuous rise in sophisticated AI tools being weaponized for social engineering attacks, posing a significant risk to high-profile individuals and possibly national security. The agency urges vigilance when receiving unsolicited messages, especially those claiming to be from senior officials.

**Max Gannon, Intelligence Manager at Cofense** commented on the latest announcement stating, “While the IC3 alert does say ‘malicious actors typically use software to generate phone numbers that are not attributed to a specific mobile phone or subscriber,’ it is important to note that threat actors can also spoof known phone numbers of trusted organizations or people, adding an extra layer of deception to the attack._“_

“Additionally, phone filtering does not typically detect when the number is being spoofed, giving a false sense of security to users who rely on their phones to tell them when something is a scam call_,”_ Max explained.

FBI Warns of AI Voice Scams Impersonating US Govt Officials

You’ve got an important choice to make: HubSpot or Salesforce?

On the surface, both of these leading CRM platforms have a lot to offer, from AI to end-to-end tools covering every customer-facing task. But choosing the right CRM isn’t just about sorting through a checklist of features. Before you invest in Salesforce or HubSpot implementation services, you need to think about how well the system fits with your business. 

By 2032, the CRM software market will be worth more than $262.74 billion. Businesses are doubling down on customer relationships, and for good reason. Acquiring a new customer can cost five times more than keeping an existing one. With buyer journeys now stretching across multiple channels and platforms, keeping track of everything manually is impossible. 

That’s why the right CRM is a crucial catalyst for growth. All you need to decide is whether you should be investing in HubSpot’s intuitive, marketing-first system, or Salesforce’s power-packed, flexible architecture.  

****HubSpot vs Salesforce: A Quick Overview** **

Sometimes, you don’t have the time or energy to sort through endless CRM feature lists. If you want to know quickly how HubSpot and Salesforce stack up against each other, here are the basics: 

**Feature** 

**HubSpot** 

**Salesforce**  

Best for 

Startups, small-to-midsize teams 

Mid-size to large enterprises 

Ease of Use 

Incredibly user-friendly, visual 

Steeper learning curve 

Marketing Features 

Built-in, strong native tools 

Requires add-ons or integrations 

Sales Features 

Pipeline management, sales automation, email tracking, etc 

Enhanced sales forecasting, AI insights, sales automation and lead scoring.  

Customization 

Limited without coding 

Extremely flexible, developer-friendly 

Integrations 

Native integrations + app marketplace 

Extensive AppExchange ecosystem 

AI Capabilities 

AI capabilities with advanced Breeze Agent features  

Einstein AI for deep analytics and Agentforce 

Pricing Model 

Freemium base, scales with needs 

Higher upfront cost, modular pricing 

Support & Resources 

Solid, fast-growing knowledge base 

Comprehensive but sometimes slower 

****What is HubSpot? Key Features & Who It’s For**  **

HubSpot is one of the most user-friendly CRM solutions out there. It’s sleek, focused, and ideal for businesses who want to hit the ground running without spending weeks on training. 

The CRM itself is completely free to start. That alone draws a ton of startups. But that’s just the tip of the iceberg. What makes HubSpot special is its comprehensive approach.  

It has “Hubs” for everything, like the Marketing Hub, Sales Hub, Service Hub, and the very underrated CMS Hub. It’s one of the few platforms where marketing automation, blogging, SEO tools, email campaigns, and lead scoring all live under the same roof. 

You’ll get customizable sales pipelines, email templates, chatbot builders, help desk tools, and even social media scheduling options. The interface is refreshingly visual and straightforward, and most of the time, you won’t need a developer to take advantage of core features.  

Salesforce is ideal for small and mid-sized businesses, scrappy startups, and B2B or SaaS companies that want to unify sales, marketing, and customer support without the stress.  

****What is Salesforce? Core Features & Who It’s For** **

Salesforce is the grand champion of CRM providers, with the biggest market share by far. Salesforce is big. Not just in market share, but in capability. It’s the enterprise-grade CRM juggernaut for teams that want to build exactly what they need, even if that means pulling in developers, consultants, or an entire internal operations team.  

It’s modular, customizable, and endlessly extendable, especially with products like Sales Cloud, Service Cloud, Marketing Cloud, and AppExchange. Features are extensive, ranging from lead tracking to opportunity management, AI-based forecasting with Einstein, automated workflows, case resolution, analytics dashboards and so much more. 

With Agentforce, companies can even tap into the benefits of customizable agentic AI solutions. The issue with Salesforce it isn’t plug-and-play. It takes a lot of effort and expertise to use properly. 

That’s why Salesforce is best suited to larger enterprises and corporations that want real customization opportunities, flexible features, and scale.  

****Salesforce vs HubSpot: Key Feature Showdown** **

Comparing Salesforce and HubSpot can be tricky. While there’s a lot of overlap between them on the surface – they’re still very different. One’s streamlined, agile, and great for beginners. The other is a powerhouse that can crush anything if you’ve got the right people running it. 

Here’s a look at some of the biggest factors side-by-side: 

****Ease of Use** **

HubSpot is cleaner, friendlier, and doesn’t make you feel like you need an IT degree to get going. The menus make sense, the UX is smooth, and the setup is fast. For smaller teams or non-technical users, it’s an ideal choice that leaves unnecessary complexity behind. 

Salesforce is powerful but dense. The interface can be a lot harder to navigate, and getting everything set up and aligned takes a lot of work. For teams with dedicated admins or consultants, that complexity is an asset, allowing for more customization, but for smaller teams, it’s a challenge.  

****Marketing Features** **

HubSpot shines from a marketing perspective. It’s one of the initial inbound marketing pioneers and offers companies tools for email workflows, landing page builders, form tracking, blog hosting, and SEO. The Marketing Hub gives you a full toolkit, with no plugins required. 

Salesforce has its Marketing Cloud, which offers a brilliant selection of tools for companies running multichannel, data-driven campaigns. You get built-in AI to help you personalize strategies and intuitive automation solutions, but there is an extra cost. 

****Sales Features**  **

Both platforms handle sales well but in different ways. HubSpot makes tasks visual and straightforward with drag-and-drop pipelines, activity timelines, call tracking, and email logging. It feels modern and human. 

Salesforce offers more heavyweight tools like opportunity scoring, advanced forecasting, territory management, and role-based access. If your team handles hundreds of leads across multiple regions, Salesforce might be the stronger option.  

****Reporting & Dashboards** **

Salesforce dominates on the data front. You can create insanely detailed reports, cross-object dashboards, and predictive forecasting. But it comes with a steep learning curve, and building reports sometimes requires custom logic or developer support. 

HubSpot offers a solid middle ground. Their dashboards are visual, pre-built templates help non-technical folks a lot, and the custom report builder is intuitive. For most teams, it’s more than enough, unless you’re in data analytics deep-dive mode 24/7. 

****AI and Automation Capabilities** **

HubSpot has strong automation for email workflows, lead nurturing, internal tasks, and custom triggers. You can build smart sequences in minutes. From an AI perspective, you get AI content writers, AI reporting assistants, and Breeze AI agents.  

Salesforce goes deeper with Process Builder and Flow, which let you automate practically anything. But it’s not plug-and-play. It requires someone who knows what they’re doing, or you’ll be staring at a flowchart in confusion. For AI, Salesforce offers a range of Einstein tools, as well as the new Agentforce system for agentic AI.  

****Integration Ecosystem and Customization**  **

HubSpot has a rapidly growing App Marketplace with 1,000+ integrations with tools like Slack, Zoom, Stripe, Shopify, you name it. Most connect in a few clicks, and HubSpot implementation can take minutes, particularly when working with a company like Routine Automation. However, you will be limited when it comes to custom integrations and configurations.  

Salesforce has an incredible AppExchange. If it exists, it probably plugs into Salesforce. But setup isn’t always seamless, and some third-party apps require development work to get humming. You do get exceptional customization options though, without limitations.  

****Pricing & Total Cost of Ownership** **

HubSpot starts with a strong freemium model, so you can grow into it. Pricing scales as you unlock features or add contacts, but it’s transparent and easy to follow.  

Salesforce, on the other hand, has a more complex pricing model. Per-user fees, product-specific costs, and potential integration fees all add up. But if you’re using the full feature set, the value is there. 

****Choosing the Right CRM For You** **

Examining the features of both platforms is just the first step. Before you can make the right decision, you need to ask a few crucial questions:  

1.  **Simplicity vs scalability, which matters most?** If you’re looking for simplicity, HubSpot is the obvious winner. However, if you want more advanced features, customization options, and scalability, Salesforce is the better choice. You’ll just need help managing the learning curve. 
2.  **What do your workflows look like?** If your reps live in their inbox and need a fast way to log calls and deals, choose HubSpot. If they’re juggling accounts across regions, reporting up to five different people, pick Salesforce. 
3.  **How much do you need to integrate?** Salesforce is virtually limitless when it comes to integration options. HubSpot offers fewer options, so if you’ve got a complicated tech stack already, you might want to consider Salesforce. 
4.  **How much support do you need?** Are you looking for end-to-end documentation, training, and a large consultant network? Salesforce could be the better bet. HubSpot has great self-help resources too, but they’re not always as in-depth. 
5.  **What’s your Budget?** HubSpot grows with you, cost-wise. Salesforce can be a heavy initial investment, but might pay off fast if you’re scaling rapidly and need those deep analytics. 

Beyond all that, remember to think about your specific needs. What kind of security and compliance standards do you need to adhere to? Should your tools be mobile-accessible? Are there any industry-specific features that matter to you? 

****Implementing HubSpot or Salesforce the Right Way** **

HubSpot or Salesforce? The right answer depends less on which has the flashiest features and more on which one fits your team. One’s built for speed, simplicity, and marketing-driven growth. The other is a customizable powerhouse for complex workflows and big-picture visibility. 

The truth is, the results you get from either CRM, Salesforce or HubSpot, depend on how you set your technology up. Implementation matters. And doing it right doesn’t just mean turning things on. You’ll need to configure pipelines to match your sales processes, automate the right tasks, set up dashboards, and make sure everything is aligned.  

This is where a partner steps in. Someone who understands not just the tools, but how to make them work for your team. Don’t just pick a CRM platform and hope for the best. Make sure your technology works for you, with the right implementation partner.  

(Image by TyliJura from Pixabay)

HubSpot vs Salesforce: Which CRM Fits Your Business? 

The beginning of Pwn2Own Berlin 2025, hosted at the OffensiveCon conference, has concluded its first two days with…

The beginning of Pwn2Own Berlin 2025, hosted at the OffensiveCon conference, has concluded its first two days with notable achievements in cybersecurity research. A total of $695,000 has been awarded for 39 unique **zero-day vulnerabilities**, with the final day scheduled for Saturday, May 17.

****Day One: Major Exploits and AI Category Debut****

On May 15, the competition commenced with 11 exploit attempts, including the first-ever AI category. Researchers earned $260,000 for successful demonstrations across various platforms.

****Key Highlights:****

*   **Windows 11:** Chen Le Qi of STAR Labs SG combined a use-after-free and integer overflow to escalate privileges to SYSTEM, earning $30,000 and 3 Master of Pwn points.

*   **Red Hat Linux**: Pumpkin from the DEVCORE Research Team exploited an integer overflow for privilege escalation, securing $20,000 and 2 points.

*   **Oracle VirtualBox:** Team Prison Break achieved a virtual machine escape via an integer overflow, receiving $40,000 and 4 points.

*   **Docker Desktop:** Billy and Ramdhan of STAR Labs demonstrated a container escape using a Linux kernel vulnerability, earning $60,000 and 6 points.

*   **AI Category:** Sina Kheirkhah of Summoning Team exploited the Chroma AI application database, marking the first success in this category and earning $20,000 and 2 points.

Additional awards were given for other successful exploits, including a type confusion bug in Windows 11 by Hyeonjin Choi of Out Of Bounds, who earned $15,000 and 3 points.

****Day Two: Continued Success and High-Value Exploits****

The second day, May 16, saw researchers uncovering 20 unique zero-day vulnerabilities, resulting in $435,000 in awards.

*   **Microsoft SharePoint:** Dinh Ho Anh Khoa of Viettel Cyber Security combined an authentication bypass and insecure deserialization to exploit SharePoint, earning $100,000 and 10 points.

*   **VMware ESXi:** Synacktiv demonstrated a successful exploit, securing $80,000 and 8 points.

*   **NVIDIA Triton Inference Server:** Mohand Acherir and Patrick Ventuzelo of FuzzingLabs earned $15,000 and 1.5 points for their exploit, which was a known but unpatched vulnerability.

Other successful exploits included attacks on Firefox, Redis, and additional AI systems.  
SecurityWeek

> Wrapping up Day Two of #Pwn2Own Berlin 2025. We’ve awarded $695,000 for 20 unique 0-days, with one more day to go! pic.twitter.com/x2oBfaSfKS
> 
> — Trend Zero Day Initiative (@thezdi) May 16, 2025

****Day Three: Anticipated Final Challenges****

The final day, Saturday, May 17, is expected to feature remaining scheduled attempts, including further AI category exploits and other high-profile targets. With $695,000 already awarded, the total prize pool is projected to surpass $1,000,000.

****Master of Pwn Standings****

As of the end of Day Two, STAR Labs SG leads the Master of Pwn standings, having demonstrated multiple successful exploits across various categories. The final standings will be determined after the conclusion of Day Three.

Pwn2Own Berlin 2025 has showcased the growing **challenges in cybersecurity**, highlighting the importance of proactive vulnerability research. The introduction of the AI category reflects the growing focus on securing emerging technologies.

_Note: The above information is based on the latest available data from the Pwn2Own Berlin 2025 event. For detailed results and updates, refer to the Zero Day Initiative’s **official blog**._

Pwn2Own Berlin 2025: Windows 11, VMware, Firefox and Others Hacked

Ivanti EPMM users urgently need to patch against actively exploited 0day vulnerabilities (CVE-2025-4427, CVE-2025-4428) that enable pre-authenticated remote…

Ivanti EPMM users urgently need to patch against actively exploited 0day vulnerabilities (CVE-2025-4427, CVE-2025-4428) that enable pre-authenticated remote code execution, warns watchTowr.

Cybersecurity researchers at watchTowr have shared details of two security vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software, identified as CVE-2025-4427 and CVE-2025-4428 that can be combined to gain complete control over affected systems and are actively exploited by attackers.

Ivanti EPMM is a Mobile Device Management (MDM) solution system, crucial for enterprise security, acting as a central point to control software deployment and enforce policies on employee devices. However, the abovementioned flaws are turning this management tool into a potential entry point for malicious actors. watchTowr’s analysis, shared with Hackread.com, indicates that exploiting these vulnerabilities is surprisingly straightforward.

****Chained Exploits Lead to Full System Compromise****

The first vulnerability, CVE-2025-4427, is an authentication bypass flaw, which allows attackers to access protected parts of the Ivanti EPMM system without needing proper login credentials. The second vulnerability, CVE-2025-4428, is a remote code execution (RCE) flaw, which, if exploited, can let attackers run their own malicious code on the server.

Ivanti itself has acknowledged the severity when these issues are combined, stating that “successful exploitation could lead to unauthenticated remote code execution.” They have also reported awareness of a “very limited number of customers who have been exploited” since the vulnerabilities were disclosed.

This suggests that while the attacks might be targeted currently, they could become more widespread. watchTowr notes that once such targeted attacks become public, it’s common for attackers to start mass exploitation to find any remaining vulnerable systems.

Interestingly, Ivanti stated that the vulnerabilities are not in their own code but are “associated with two open-source libraries integrated into EPMM.” They emphasized that using open-source code is a standard practice in the tech industry.

****Technical Details and Exploitation****

watchTowr discovered an RCE vulnerability (CVE-2025-4428) in the hibernate-validator library, allowing attackers to inject malicious code through a parameter called “format” in API requests. watchtower successfully demonstrated this vulnerability by sending a simple web request that executed a calculation, proving code injection was possible. Moreover, they could execute system commands, like creating a file on the server.

The authentication bypass (CVE-2025-4427) is an “order of operations” issue rather than a traditional bypass. A crafted “format” parameter in a request to the /api/v2/featureusage_history endpoint triggers the vulnerable validation process before the authentication check, allowing an unauthenticated attacker to trigger the code execution vulnerability. The presence of the parameter changes the processing order, eliminating the need to log in first.

watchTowr successfully chained these two vulnerabilities in the Ivanti EPMM server by sending a crafted web request to the /rs/api/v2/featureusage endpoint with a malicious “format” parameter, allowing them to execute system commands without logging in, thus, creating a pre-authenticated RCE scenario.

These vulnerabilities pose a critical risk to organizations using affected versions. Patches are available for versions 11.12.0.5, 12.3.0.2, 12.4.0.2, and 12.5.0 and organizations using older unpatched versions are advised to update immediately

Ivanti EPMM Hit by Two Actively Exploited 0day Vulnerabilities

ReversingLabs discovers dbgpkg, a fake Python debugger that secretly backdoors systems to steal data. Researchers suspect a pro-Ukraine…

ReversingLabs discovers dbgpkg, a fake Python debugger that secretly backdoors systems to steal data. Researchers suspect a pro-Ukraine hacktivist group is behind the attack on the PyPI repository especially those used by Russian developers.

Cybersecurity researchers at ReversingLabs (RL) have discovered a new malicious Python package, named dbgpkg, that masquerades as a debugging tool but instead installs a backdoor on developers’ systems. This backdoor allows attackers to run malicious code and steal sensitive information. By analysing the techniques used, RL suspects a hacktivist group known for targeting Russian interests in support of Ukraine may be involved.

****Sophisticated Backdoor Uses Sneaky Python Tricks****

Reportedly, the dbgpkg package, detected on Tuesday by the RL threat research team, contained no actual debugging features. Instead, it was designed to trick developers into installing a backdoor, effectively turning their development machines into compromised assets.

What made “dbgpkg” particularly noteworthy was its sophisticated method of implanting the backdoor. Upon installation, the package’s code cleverly modifies the behaviour of standard Python networking tools (_requests_ and _socket_ modules) using a technique called “function wrapping” or “decorators.” This allows the malicious code to remain hidden until these networking functions are used by the developer.

Source: ReversingLabs

As per RL’s investigation, shared with Hackread.com, the malicious wrapper code first checks for a specific file, likely to see if the backdoor is already present. If not, it executes three commands. The first downloads a public key from the online Pastebin service.

The second installs a tool called Global Socket Toolkit, designed to bypass firewalls, and uses the downloaded key to encrypt a secret needed to connect to the backdoor. The third command then sends this encrypted secret to a private online location. This multi-stage process, along with using function wrappers on trusted modules, makes the malicious activity harder to detect.

****Links to Previous Pro-Ukraine Activity****

RL researchers found similarities between the dbgpkg backdoor and malware previously employed by the Phoenix Hyena hacktivist group, which has been active since 2022 and is known for targeting Russian entities.

This group typically steals and leaks confidential information on their Telegram channel “DumpForums.” One notable incident linked to this group was the alleged breach of the Russian cybersecurity firm Dr. Web in September 2024.

Another similarity was an earlier malicious package involved in the same campaign, discordpydebug (discovered in early May by Socket), which had the same backdoor as an earlier version of dbgpkg. Discordpydebug, posing as a debugging tool for Discord bot developers, was uploaded shortly after Russia invaded Ukraine in March 2022. Another package, requestsdev, also part of this campaign and uploaded by the same likely impersonated author (\[email protected\], mimicking popular developer Cory Benfield), contained the same malicious payload.

However, RL researchers couldn’t definitively attribute this campaign to Phoenix Hyena based on backdooring techniques as it could be a copycat’s work too. Nevertheless, the timeline of related malicious packages suggests a politically motivated operation by a persistent threat actor.

“And, with a campaign driven by geopolitical tensions and the continuing hostility between Russia and Ukraine, RL researchers believe that more malicious packages are almost certain to be created as part of this campaign,” researchers concluded.

Pro-Ukraine Group Targets Russian Developers with Python Backdoor

Hackers from the Scattered Spider group, known for UK retail attacks, are now targeting US retailers, Google cybersecurity…

Hackers from the Scattered Spider group, known for UK retail attacks, are now targeting US retailers, Google cybersecurity experts have warned.

The notorious cybercriminal group Scattered Spider is now actively targeting retail companies in the United States, following a string of disruptive attacks against similar businesses in the United Kingdom.

This warning comes directly from cybersecurity experts at Google Threat Intelligence Group (GTIG) and Google subsidiary Mandiant, who highlight the group’s effectiveness at bypassing even strong security measures.

“The US retail sector is currently being targeted in ransomware and extortion operations that we suspect are linked to UNC3944, also known as Scattered Spider,” John Hultquist, Google’s cybersecurity analyst, stated. 

It is worth noting that Scattered Spider (aka UNC3944) is the primary suspect in the recent attacks on UK retain giants Harrods, Co-op, and M&S, but UK’s National Cyber Security Centre (NCSC), Mandiant and Google have not formally attributed them to any specific actor as yet. However, GTIG researchers suggest that the hackers targeting US retailers share similar techniques and procedures as the culprits behind the British incidents.

Researchers noted a _possible_ link between DragonForce ransomware operators and Scattered Spider. The former took responsibility for attempted recent attacks on several UK retailers, using tactics similar to Scattered Spider. Moreover, both were associated with the now\-defunct RaaS platform RansomHub.

However, GTIG could not confirm the link between UNC3944/DragonForce and rising retail data leaks. Still, the increasing presence of retail victims on data leak sites (11% in 2025, up from previous years) suggests that threat actors find this sector attractive due to large PII/financial data holdings and their willingness to pay ransom to maintain transaction processing.

As per Hackread.com’s past reporting, Scattered Spider is a financially motivated threat actor known for using social engineering techniques. They gained notoriety for hacking casino giants MGM Resorts International and Caesars Entertainment in 2023. They initially targeted telecommunications companies for SIM swapping and later started deploying ransomware to extort victims.

They are also known for phishing attempts and MFA bombing, where they bombard targets with multi-factor authentication requests. Typically, UNC3944 goes after established enterprises, specifically organizations with large help desks and outsourced IT departments, as these are more vulnerable to their sophisticated social engineering techniques.

GTIG’s analysis reveals that since early 2023 UNC3944 has targeted a diverse range of sectors, including Technology, Telecommunications, Financial Services, Business Process Outsourcing (BPO), Gaming, Hospitality, Retail, and Media & Entertainment organizations. Geographically, their primary targets have been even more diverse, including the US, Canada, the UK, Australia, Singapore and India.

Image: Google

The Retail & Hospitality ISAC, an information-sharing group that includes major players like Albertsons, Costco, McDonald’s, and Lowe’s, has acknowledged the threat and is working with Google to provide its members with detailed briefings and guidance on how to strengthen their defences against this evolving threat. The warning from Google serves as a clear signal for US retailers to be on high alert and to review their security protocols.

Chad Cragle, CISO at Deepwatch, a San Francisco, Calif.-based AI+Human Cyber Resilience Platform:

_“_Scattered Spider (UNC3944) uses sophisticated social engineering to infiltrate and deploy ransomware. To defend against this group, secure privileged accounts, implement phishing-resistant MFA, and verify every help-desk identity request._“_

_“_Retailers are particularly vulnerable, as they handle large amounts of payment data, manage intricate supply chains, and operate under significant uptime pressure that often encourages ransom payments,_“_ Chad warned. _“_However, organizations with valuable data and critical availability needs are equally at risk._“_

Hackers Now Targeting US Retailers After UK Attacks, Google

Coinbase insider breach: Bribed overseas agents stole user data; company rejects ransom, offers $20M reward, boosts security, and…

Coinbase insider breach: Bribed overseas agents stole user data; company rejects ransom, offers $20M reward, boosts security, and cooperates with law enforcement.

Coinbase, the largest US-based cryptocurrency exchange, has disclosed a major data breach involving bribed overseas customer support agents who stole sensitive customer information. The attackers demanded a $20 million ransom, which Coinbase refused to pay. Instead, the company has offered a $20 million reward for information leading to the arrest and conviction of the perpetrators.

****What Happened****

Cybercriminals targeted Coinbase’s external customer support agents, bribing a small group to access internal systems. These insiders extracted data from less than 1% of Coinbase’s monthly transacting users, including the following:

*   Masked bank account info
*   Some internal Coinbase documents
*   Last 4 digits of Social Security numbers
*   Government ID images (like driver’s licenses)
*   Names, addresses, phone numbers, and emails
*   Account balance snapshots and transaction history

According to Coinbase’s blog, the attackers used the information to impersonate Coinbase support and deceive customers into transferring their cryptocurrency. They then attempted to extort Coinbase for $20 million to prevent the release of the stolen data.

The good news is that the attackers could not get their hands on the following critical information:

*   Login info
*   2FA codes
*   Private keys
*   Coinbase Prime account data
*   Access to any crypto wallets or customer funds

****Coinbase’s Response****

In response to the breach, Coinbase has taken a series of actions aimed at minimizing damage and preventing future incidents. The company refused to pay the $20 million ransom demanded by the attackers and instead set up a $20 million reward fund for information leading to their arrest.

Customers who were deceived into transferring funds as a result of the attack will be reimbursed. To strengthen internal security, Coinbase is opening a new support center in the United States, rolling out enhanced security protocols, and increasing investment in insider threat detection and automated response systems.

The company is also working with law enforcement to press criminal charges against both the internal and external individuals involved. Financially, the breach may cost Coinbase between $180 million and $400 million, and the company’s stock fell 6% following the announcement, reflecting investor concerns.

****Customer Guidance****

Coinbase advises customers to remain alert against phishing attempts and social engineering scams. The company emphasizes that it will never ask for passwords, two-factor authentication codes, or request fund transfers to new addresses. Customers are encouraged to enable withdrawal allow-listing and use hardware-based two-factor authentication for added security.

****Experts Weigh In****

Ishpreet Singh, Chief Information Officer at Black Duck, a Burlington, Massachusetts-based provider of application security solutions, commented on the incident stating, _“_While it’s promising to see that Coinbase isn’t currently planning to pay the $20M ransom, there are steps they can take to ensure further scenarios such as this don’t transpire._“_

_“_I’d recommend implementing just-in-time access controls such as device fingerprinting and session auditing,_“_ he added. _“_Additionally, conducting regular risk reviews and strengthening vendor risk management and oversight can reduce third-party access to personally identifiable information._“_

Jason Soroko, Senior Fellow at Sectigo, a Scottsdale, Arizona-based provider of comprehensive certificate lifecycle management (CLM), also commented on the insider job, stating, _“_Coinbase’s decision to publicly counter-extort with a $20 million bounty is an interesting reversal of the usual playbook, transforming breach response into what could turn into a global manhunt._“_

_“_This move shifts the narrative from victimhood to proactive offence weaponizing transparency and financial incentives against cybercriminals. It also signals to users and adversaries alike that extortion will not quietly succeed, potentially reframing how future attacks may be responded to. Perhaps risk is escalation,_“_ Jasin added. _“_Adversaries may double down or target exchanges with even greater aggression._“_

This story is developing, stay tuned!

Source

HackRead