Cary, United States, 11th August 2025, CyberNewsWire

**Cary, United States, August 11th, 2025, CyberNewsWire**

**Hands-on cybersecurity and IT training leader recognized for innovation in practical, work-ready education**

INE has been selected for Training Industry’s 2025 Top 20 Online Learning Library Companies list, recognizing the company’s leadership in cybersecurity training, cybersecurity certifications, and IT training that emphasizes hands-on, practical learning experiences.

Training Industry evaluated companies based on course quality and scope, market presence and innovation, client relationships, and business growth. INE’s selection underscores the company’s commitment to cybersecurity education that bridges the gap between theoretical knowledge and real-world application.

> “This year’s Top 20 Online Learning Library companies stood out for their expansive content libraries and the depth of features built into their platforms,” said Jalen Banks, market research analyst at Training Industry, Inc. “These providers offer timely, on-demand content supported by reinforcement tools and assessments. Their advanced technology and data capabilities enable dynamic, adaptive learning experiences that foster learner engagement, build critical skills, and ultimately drive meaningful outcomes for the organizations they serve.”

> “This recognition validates our longstanding commitment to delivering training that truly prepares professionals for the challenges they face in their roles,” said Dara Warn, CEO of INE. “We focus on creating learning experiences that go beyond traditional coursework to provide practical skills that professionals can immediately apply in their organizations. When teams complete our programs, they’re equipped to strengthen their organization’s security posture and address complex infrastructure challenges with confidence.”

INE distinguishes itself through its emphasis on the practical application of cybersecurity and IT training for organizations and individuals. The training platform features more than 700 expert-led courses, 50+ learning paths, and thousands of hands-on labs that replicate actual network environments and security scenarios. Professionals and teams engage with industry-standard tools and tackle the same challenges they encounter in enterprise environments, whether pursuing cybersecurity certifications, network security certifications, or advancing their expertise through comprehensive network certification prep.

**Building on Recent Industry Recognition**

This Training Industry honor follows a series of notable recognitions for INE in recent months. This year, G2 awarded the company more than three dozen badges, including Grid Leader designations for Cybersecurity Professional Development, Online Course Providers, and Technical Skills Development.

INE also earned placement on Training Industry’s 2023 Top 20 Online Learning Libraries list, as well as on Training Industry’s 2023 Watch Lists for Experiential Learning Capabilities and IT and Technical Training, which recognized organizations’ visibility, innovation, and impact in the IT and technical training market. Combined with multiple Global Infosec Awards, SC Media Excellence Awards, and consistent recognition as a G2 Top Training Provider, these honors reflect INE’s sustained excellence in the technical training sector.

**Addressing Industry Needs Through Practical Education**

Since its founding in 2003, INE has partnered with Fortune 500 companies to address a critical challenge in the industry: the gap between traditional training methodologies and job-ready competencies. Organizations across industries rely on INE to develop their cybersecurity and networking teams, while individual professionals leverage INE as a training partner to advance their careers. INE’s approach connects theoretical concepts with practical application, providing learners with context for when and how to apply their knowledge effectively in real-world business environments.

> “Our methodology centers on experiential learning because we believe that hands-on practice is essential for developing true expertise,” Warn explained. “Our lab environments place learners in realistic scenarios where they must identify, analyze, and remediate security issues. This approach develops the kind of practical competency that translates directly to workplace effectiveness and organizational resilience.”

INE’s comprehensive IT training programs serve both organizations seeking to develop their teams and individual professionals advancing their careers. Companies use INE’s enterprise solutions to upskill existing teams, mitigate cybersecurity risk, and build more resilient IT operations. Recent program additions include the Mobile Application Penetration Testing certification (eMAPT) and the Certified Threat Hunting Professional certification (eCTHP), both designed around authentic scenarios that reflect current industry challenges and organizational needs.

**About INE**

INE is an award-winning, premier provider of online networking and cybersecurity education, including cybersecurity training and certification. INE is trusted by Fortune 500 companies and IT professionals around the globe. Leveraging a state-of-the-art hands-on lab platform, advanced technologies, a global video distribution network, and instruction from world-class experts, INE sets the standard for high-impact, career-advancing technical education.

**Contact**

**Director of Global Strategic Communications and Events**  
**Kathryn Brown**  
**INE Security**  
**\[email protected\]**

INE Named to Training Industry’s 2025 Top 20 Online Learning Library List

A cyberattack on Bouygues Telecom exposed data for 6.4 million customers. Find out what information was compromised and…

A cyberattack on Bouygues Telecom exposed data for 6.4 million customers. Find out what information was compromised and what you need to do to protect yourself from scams, as the company warns customers to be on high alert.

French telecommunications giant Bouygues Telecom has confirmed a cyberattack that resulted in the personal information of 6.4 million customers being exposed. The company, which serves nearly 27 million mobile users across France, discovered the security breach on August 4th.

****What Was Compromised?****

An investigation by the company revealed that hackers gained access to a variety of customer details. This includes contact information, contract details, and, for many, their International Bank Account Number (IBAN). An IBAN is a unique number that identifies a bank account and is used to process transactions like direct deposits or transfers.

Bouygues has confirmed that more sensitive data, like passwords and credit card numbers, were not affected in this breach. Both individual and business customers were impacted by the attack. The company promptly reported the incident to French authorities and is alerting all affected customers via email or text message.

Hackers planning to leak Bouygues Telecom data soon (Image credit: Hackread.com)

****What Should Customers Do?****

In response to the breach, Bouygues is urging its customers to be extremely cautious of potential scams. Customers should watch for any suspicious emails or phone calls from people pretending to be from Bouygues or another company, as scammers might use the stolen data to try and trick them into revealing more information, such as credit card numbers or passwords.

Bouygues also advised customers whose IBANs were exposed to monitor their bank accounts closely and contact their bank if they notice any unusual activity. The company has filed a complaint with judicial authorities, noting that the perpetrator could face up to five years in prison and a €150,000 fine.

The attack on Bouygues is part of a broader trend of major telecommunication firms being targeted globally. As reported by Hackread.com, in May 2025, South Korean firm SK Telecom revealed a malware intrusion that had gone undetected for nearly two years, leaking vast amounts of customer data.

Furthermore, an advisory from the FBI and Canada’s Cyber Centre in June 2025 warned of an ongoing cyber espionage campaign by a China-linked group called Salt Typhoon, which is actively targeting telecom networks worldwide to steal sensitive data. These incidents highlight why telecommunications companies, due to the valuable data they hold, are frequent targets for both cybercriminals and state-sponsored groups.

Bouygues Telecom Hit by Cyberattack, 6.4 Million Customers Affected

A Nigerian man has been extradited from France to face hacking, identity theft, and fraud charges in the…

A Nigerian man has been extradited from France to face hacking, identity theft, and fraud charges in the US. He and his co-conspirators allegedly used spearphishing to steal customer data, filing fraudulent tax returns and disaster relief claims worth millions of dollars.

In a much-awaited legal move, Nigerian man Chukwuemeka Victor Amachukwu, a/k/a “Chukwuemeka Victor Eletuo” and “So Kwan Leung,” was recently extradited from France to the United States to face charges related to hacking, fraud, and identity theft.

The extradition, announced by the FBI and the Department of Justice, marks the culmination of extensive teamwork between US and French law enforcement agencies and is a major step in the ongoing case.

According to statements from US Attorney Jay Clayton and FBI Assistant Director Christopher G. Raia, Amachukwu is a key figure in a scheme that has allegedly stolen millions of dollars. The charges against him and his co-conspirators include a sophisticated plan to hack into tax businesses across the US, including locations in New York and Texas.

The alleged fraud began around 2019, when Amachukwu and his partners, including a person named Kinglsey Uchelue Utulu, used deceptive emails to gain access to the computer systems of tax preparation businesses. These types of emails, known as spearphishing, are highly targeted messages designed to trick specific individuals into revealing sensitive information or granting system access. Once inside, the group stole personal and tax information from thousands of customers.

They then used this stolen data to file fraudulent tax returns with the IRS and state tax authorities, seeking approximately $8.4 million and successfully obtaining around $2.5 million. The scheme didn’t stop there. The group also reportedly used the stolen identities to file fake claims with the Small Business Administration’s Economic Injury Disaster Loan program, securing an additional $819,000 in fraudulent payouts. This program is designed to provide financial relief to businesses affected by disasters.

In a separate scheme, Amachukwu is also accused of running a fake investment program. He allegedly promised victims valuable standby letters of credit that didn’t actually exist, and instead, “pocketed millions of dollars of his victims’ money,” according to US Attorney Clayton.

Amachukwu, 39, faces several serious charges, including conspiracy to commit computer intrusions, multiple counts of wire fraud, and aggravated identity theft (PDF). If convicted, these charges could lead to a lengthy prison sentence. He was presented before US Magistrate Judge Robert W. Lehrburger, with the case now assigned to US District Judge Paul G. Gardephe.

The FBI praised the work of its international partners, including the Justice Department’s Office of International Affairs and the French National Gendarmerie, for their help in the arrest and extradition. As is customary, the defendant is presumed innocent until proven guilty in a court of law.

Nigerian man extradited from France to US over hacking and fraud allegations

Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”.

ReVault! When your SoC turns against you… deep dive edition

Plus: Instagram sparks a privacy backlash over its new map feature, hackers steal data from Google's customer support system, and the true scope of the Columbia University hack comes into focus.

This is the week of Black Hat and Defcon, which means a flood of news coming out of the Las Vegas security conferences. As you might expect, artificial intelligence was one popular topic—specifically, using AI chatbots to cause mischief.

One team of researchers, from Tel Aviv University, created a clever attack that allowed them to take over a target’s smart home devices using a “poisoned” Google Calendar invite. It’s the first known attack method that used AI to impact physical devices.

Another researcher used a poisoned document that included a malicious prompt to trick ChatGPT into leaking a user’s private information when it’s connected to a Google Drive.

In non-AI news, an end-to-end encryption algorithm recommended for radio communications used by police and military around the world can be easily cracked, according to new research. The researchers warn that weak implementations of the encryption algorithm could allow eavesdroppers to listen in—or even transmit their own messages.

Speaking of weaknesses, a security researcher found that misconfigured APIs in some streaming platforms used for company meetings and sports livestreams can allow someone to watch the streams without logging in. And a teen hacker discovered that an internet-connected smoke and vape detector in his high school’s bathroom contained microphones—and can be exploited for secret spying.

A leaked trove of data has exposed how teams of suspected North Korean IT scam workers operate, from their meticulous record keeping to the after-work activities—and their near-constant surveillance by people running the schemes.

Finally, in the last of our Black Hat- and Defcon-related news (so far), a pair of security researchers discovered a backdoor in an electronic lock used in at least eight brands of safes, and created a way to open the locks in seconds. They also found another vulnerability that allows them to figure out a safe’s unlock code.

We also took a deep dive into the US military’s slot machine program, spoke with experts who say it’s inevitable that AI will become part of nuclear weapons systems, and revealed a string of break-ins of National Guard armories in Tennessee that experts say is part of a disturbing trend.

And that’s not all. Each week, we round up the security and privacy news we didn’t cover in-depth ourselves. Click the headlines to read the full stories. And stay safe out there.

**Hack of US Court System Exposed Sealed Records, FBI Says**

A previously unreported cyberattack breached the federal judiciary’s electronic case filing system, potentially exposing the identities of confidential informants and compromising sealed court records across multiple US states, Politico reports. The breach was discovered around July 4 and affects the CM/ECF—or “case management/electronic case files”—system used by courts to manage sensitive documents.

Sources told Politico the hack may have impacted criminal dockets, arrest warrants, and sealed indictments, raising concerns that cooperating witnesses could be at risk. The actor behind the intrusion has not been exposed. The Administrative Office of the US Courts and FBI declined to provide Politico with a comment.

In response to recent cyberattacks, the federal judiciary said its been in the process of implementing new safeguards to address the judiciary’s ongoing exposure to “constant and sophisticated” cyber threats.

The incident highlights longstanding warnings that the judiciary’s systems are outdated and vulnerable. A top federal judge told Congress in June that CM/ECF and PACER face “unrelenting security threats” and need urgent replacement.

**Instagram’s New Map Feature Triggers Privacy Backlash**

Instagram’s latest feature—a searchable map showing user-posted content tagged to specific locations—has sparked a wave of privacy concerns, CNBC reports. Rolled out this week, the feature lets users explore photos and videos by browsing a visual map interface.

But users quickly raised alarms about the potential for stalking, harassment, and data misuse, especially for influencers and others posting real-time content from identifiable locations. “Instagram randomly updating their app to include a maps feature without actually alerting people is so incredibly dangerous to anyone who has a restraining order and actively making sure their abuser can’t stalk their location online,” one viral post warned.

Instagram said the feature only shows content from public accounts and reiterated that users can turn off location tagging. Still, the backlash echoes broader concerns about how tech platforms rapidly aggregate and expose personal data in ways that outpace users’ expectations and consent.

**Hackers Breached Google’s Salesforce Database, Stole Customer Data**

Hackers stole data from Google’s customer support system in a breach linked to a compromised Salesforce account, TechCrunch reports. The intrusion, disclosed Wednesday, affected an undisclosed number of Google customers and involved unauthorized access to data such as contact details and “related notes for small and medium-sized businesses.”

The attackers reportedly targeted the data through Salesforce cloud systems. Google’s Threat Intelligence Group pinned the attack on ShinyHunters, a hacking group known for targeting large companies’ cloud-based databases, including Salesforce systems.

The breach affecting Google follows similar attacks on Cisco, Qantas, and Pandora, where attackers used voice phishing to trick employees into granting access. Google says the group may be preparing a leak site to extort victims and is linked to other cybercriminal collectives like The Com, which has a history of hacking and extortion.

**Columbia University Hack Exposed Data of 870,000 People**

A cyberattack on Columbia University compromised the personal information of nearly 870,000 individuals, including students, applicants, and possibly staff, Bloomberg reports. The stolen data includes contact information, academic records, financial aid details, and some health and insurance information, according to draft letters, intended for victims, obtained by the news outlet.

The breach, which dates back to mid-May, was only publicly acknowledged after Columbia filed reports with state attorneys general in California and Maine. A university official previously claimed the perpetrator was politically motivated. The school claims it has implemented new safeguards and continues to notify affected individuals.

The incident preceded a campus-wide IT outage in June. The school reportedly suspected a potential cyberattack at the time.

The US Court Records System Has Been Hacked

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, and 7.4 GA through update 92 allow a pre-authentication blind SSRF vulnerability in the portal-settings-authentication-opensso-web component due to improper validation of user-supplied URLs. An attacker can exploit this issue to force the server to make arbitrary HTTP requests to internal systems, potentially leading to internal network enumeration or further exploitation.

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2025-4581

**Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery**

Moderate severity GitHub Reviewed Published Aug 9, 2025 to the GitHub Advisory Database • Updated Aug 11, 2025

**Package**

maven com.liferay.portal:release.dxp.bom (Maven)

**Affected versions**

\>= 2025.Q1.0, <= 2025.Q1.4

\>= 2024.Q4.0, <= 2024.Q4.7

\>= 2024.Q3.1, <= 2024.Q3.13

\>= 2024.Q2.0, <= 2024.Q2.13

\>= 2024.Q1.0, <= 2024.Q1.15

<= 7.4.13.u92

**Patched versions**

2025.Q1.5

2024.Q1.16

maven com.liferay.portal:release.portal.bom (Maven)

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, and 7.4 GA through update 92 allow a pre-authentication blind SSRF vulnerability in the portal-settings-authentication-opensso-web component due to improper validation of user-supplied URLs. An attacker can exploit this issue to force the server to make arbitrary HTTP requests to internal systems, potentially leading to internal network enumeration or further exploitation.

**References**

*   https://nvd.nist.gov/vuln/detail/CVE-2025-4581
*   https://liferay.dev/portal/security/known-vulnerabilities/-/asset\_publisher/jekt/content/CVE-2025-4581

Published to the GitHub Advisory Database

Aug 9, 2025

Last updated

Aug 11, 2025

GHSA-6v93-frf9-2rp8: Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery

A new documentary series about cybercrime airing next month on HBO Max features interviews with Yours Truly. The four-part series follows the exploits of Julius Kivimäki, a prolific Finnish hacker recently convicted of leaking tens of thousands of patient records from an online psychotherapy practice while attempting to extort the clinic and its patients.

A new documentary series about cybercrime airing next month on **HBO Max** features interviews with Yours Truly. The four-part series follows the exploits of **Julius Kivimäki**, a prolific Finnish hacker recently convicted of leaking tens of thousands of patient records from an online psychotherapy practice while attempting to extort the clinic and its patients.

The documentary, “_Most Wanted: Teen Hacker_,” explores the 27-year-old Kivimäki’s lengthy and increasingly destructive career, one that was marked by cyber attacks designed to result in real-world physical impacts on their targets.

By the age of 14, Kivimäki had fallen in with a group of criminal hackers who were mass-compromising websites and milking them for customer payment card data. Kivimäki and his friends enjoyed harassing and terrorizing others by “swatting” their homes — calling in fake hostage situations or bomb threats at a target’s address in the hopes of triggering a heavily-armed police response to that location.

On Dec. 26, 2014, Kivimäki and fellow members of a group of online hooligans calling themselves the **Lizard Squad** launched a massive distributed denial-of-service (DDoS) attack against the **Sony Playstation** and **Microsoft Xbox Live** platforms, preventing millions of users from playing with their shiny new gaming rigs the day after Christmas. The Lizard Squad later acknowledged that the stunt was planned to call attention to their new DDoS-for-hire service, which came online and started selling subscriptions shortly after the attack.

Finnish investigators said Kivimäki also was responsible for a 2014 bomb threat against former **Sony Online Entertainment President** **John Smedley** that grounded an American Airlines plane. That incident was widely reported to have started with a Twitter post from the Lizard Squad, after Smedley mentioned some upcoming travel plans online. But according to Smedley and Finnish investigators, the bomb threat started with a phone call from Kivimäki.

Julius “Zeekill” Kivimaki, in December 2014.

The creaky wheels of justice seemed to be catching up with Kivimäki in mid-2015, when a Finnish court found him guilty of more than 50,000 cybercrimes, including data breaches, payment fraud, and operating a global botnet of hacked computers. Unfortunately, the defendant was 17 at the time, and received little more than a slap on the wrist: A two-year suspended sentence and a small fine.

Kivimäki immediately bragged online about the lenient sentencing, posting on Twitter that he was an “untouchable hacker god.” I wrote a column in 2015 lamenting his laughable punishment because it was clear even then that this was a person who enjoyed watching other people suffer, and who seemed utterly incapable of remorse about any of it. It was also abundantly clear to everyone who investigated his crimes that he wasn’t going to quit unless someone made him stop.

In response to some of my early reporting that mentioned Kivimäki, one reader shared that they had been dealing with non-stop harassment and abuse from Kivimäki for years, including swatting incidents, unwanted deliveries and subscriptions, emails to her friends and co-workers, as well as threatening phonecalls and texts at all hours of the night. The reader, who spoke on condition of anonymity, shared that Kivimäki at one point confided that he had no reason whatsoever for harassing her — that she was picked at random and that it was just something he did for laughs.

Five years after Kivimäki’s conviction, the **Vastaamo Psychotherapy Center** in Finland became the target of blackmail when a tormentor identified as “ransom\_man” demanded payment of 40 bitcoins (~450,000 euros at the time) in return for a promise not to publish highly sensitive therapy session notes Vastaamo had exposed online.

Ransom\_man, a.k.a. Kivimäki, announced on the dark web that he would start publishing 100 patient profiles every 24 hours. When Vastaamo declined to pay, ransom\_man shifted to extorting individual patients. According to Finnish police, some 22,000 victims reported extortion attempts targeting them personally, targeted emails that threatened to publish their therapy notes online unless paid a 500 euro ransom.

In October 2022, Finnish authorities charged Kivimäki with extorting Vastaamo and its patients. But by that time he was on the run from the law and living it up across Europe, spending lavishly on fancy cars, apartments and a hard-partying lifestyle.

In February 2023, Kivimäki was arrested in France after authorities there responded to a domestic disturbance call and found the defendant sleeping off a hangover on the couch of a woman he’d met the night before. The French police grew suspicious when the 6′ 3″ blonde, green-eyed man presented an ID that stated he was of Romanian nationality.

A redacted copy of an ID Kivimaki gave to French authorities claiming he was from Romania.

In April 2024, Kivimäki was sentenced to more than six years in prison after being convicted of extorting Vastaamo and its patients.

The documentary is directed by the award-winning Finnish producer and director Sami Kieski and co-written by **Joni Soila**. According to an August 6 press release, the four 43-minute episodes will drop weekly on Fridays throughout September across Europe, the U.S, Latin America, Australia and South-East Asia.

KrebsOnSecurity in New ‘Most Wanted’ HBO Max Series

Security researchers found two techniques to crack at least eight brands of electronic safes—used to secure everything from guns to narcotics—that are sold with Securam Prologic locks.

About two years ago, security researchers James Rowley and Mark Omo got curious about a scandal in the world of electronic safes: Liberty Safe, which markets itself as “America’s #1 heavy-duty home and gun safe manufacturer,” had apparently given the FBI a code that allowed agents to open a criminal suspect's safe in response to a warrant related to the January 6, 2021, invasion of the US Capitol building.

Politics aside, Rowley and Omo were taken aback to read that it was so easy for law enforcement to penetrate a locked metal box—not even an internet-connected device—that no one but the owner ought to have the code to open. “How is it possible that there's this physical security product, and somebody else has the keys to the kingdom?” Omo asks.

So they decided to try to figure out how that backdoor worked. In the process, they'd find something far bigger: another form of backdoor intended to let authorized locksmiths open not just Liberty Safe devices, but the high-security Securam Prologic locks used in many of Liberty’s safes and those of at least seven other brands. More alarmingly, they discovered a way for a hacker to exploit that backdoor—intended to be accessible only with the manufacturer's help—to open a safe on their own in seconds. In the midst of their research, they also found _another_ security vulnerability in many newer versions of Securam's locks that would allow a digital safecracker to insert a tool into a hidden port in the lock and instantly obtain a safe’s unlock code.

Security researchers James Rowley and Mark Omo.Photograph: Ronda Churchill

At the Defcon hacker conference in Las Vegas today, Omo and Rowley made their findings public for the first time, demonstrating onstage their two distinct methods for opening electronic safes sold with Securam ProLogic locks, which are used to protect everything from personal firearms to cash in retail stores to narcotics in pharmacies.

While both their techniques represent glaring security vulnerabilities, Omo says it's the one that exploits a feature intended as a legitimate unlock method for locksmiths that's the more widespread and dangerous. “This attack is something where, if you had a safe with this kind of lock, I could literally pull up the code right now with no specialized hardware, nothing,” Omo says. “All of a sudden, based on our testing, it seems like people can get into almost any Securam Prologic lock in the world.”

Omo and Rowley demonstrate both their safecracking methods in the two videos below, which show them performing the techniques on their own custom-made safe with a standard, unaltered Securam ProLogic lock:

**Security Update? No, Buy a New Lock**

Omo and Rowley say they informed Securam about both their safe-opening techniques in spring of last year, but have until now kept their existence secret because of legal threats from the company. “We will refer this matter to our counsel for trade libel if you choose the route of public announcement or disclosure,” a Securam representative wrote to the two researchers ahead of last year's Defcon, where they first planned to present their research.

Only after obtaining pro bono legal representation from the Electronic Frontier Foundation's Coders’ Rights Project did the pair decide to follow through with their plan to speak about Securam's vulnerabilities at Defcon. Omo and Rowley say they're even now being careful not to disclose enough technical detail to help others replicate their techniques, while still trying to offer a warning to safe owners about two different vulnerabilities that exist in many of their devices.

When WIRED reached out to Securam for comment, the company’s CEO, Chunlei Zhou, responded in a statement. “The specific ‘vulnerabilities’ alleged by Omo and Rowley are already well known to industry professionals and in fact, also affect other safe lock providers that use similar chips,” Zhou writes. “Delivering any attack based on these vulnerabilities does require specialized knowledge, skills, and equipment, and we have no record of any customer that has ever had even a single safe lock defeated through a use of this attack.”

Zhou’s statement goes on to point to other ways safes’ locks can be opened from drilling and cutting to the use of a locksmith device called a Little Black Box that exploits vulnerabilities in some brands of electronic safe locks.

Omo and Rowley respond that the vulnerabilities they found were not previously known to the public; one of the two does not require _any_ special equipment, despite Zhou’s claim; and none of the other techniques Zhou mentions represents as serious a security flaw as their findings about the Securam ProLogic locks. The brute-force safecracking methods Zhou points to, like cutting and drilling are far slower and less stealthy—or, like the Little Black Box, are available only to locksmiths and haven’t been publicly shown to be exploitable by unauthorized hackers.

Zhou added in his statement that Securam will be fixing the vulnerabilities Omo and Rowley found in future models of the ProLogic lock. “Customer security is our priority and we have begun the process of creating next-generation products to thwart these potential attacks,” he writes. “We expect to have new locks on the market by the end of the year.”

Photograph: Ronda Churchill

In a followup call, Securam director of sales Jeremy Brookes confirmed that Securam has no plan to fix the vulnerability in locks already in use on customers’ safes, but suggests safe owners who are concerned buy a new lock and replace the one on their safe. “We’re not going to be offering a firmware package that upgrades it,” Brookes says. “We’re going to offer them a new product.”

Brookes adds that he believes Omo and Rowley are “singling out” Securam with the intention of “discrediting” the company.

Omo responds that’s not at all their intent. “We’re trying to make the public aware of the vulnerabilities in one of the most popular safe locks on the market,” he says.

**A Senator’s Warning**

Beyond Liberty Safe, Securam ProLogic locks are used by a wide variety of safe manufacturers including Fort Knox, High Noble, FireKing, Tracker, ProSteel, Rhino Metals, Sun Welding, Corporate Safe Specialists, and pharmacy safe companies Cennox and NarcSafe, according to Omo and Rowley’s research. The locks can also be found on safes used by CVS for storing narcotics and by multiple US restaurant chains for storing cash.

Rowley and Omo aren't the first to raise concerns about the security of Securam locks. In March of last year, US senator Ron Wyden wrote an open letter to Michael Casey, then director of the National Counterintelligence and Security Center, urging Casey to make clear to American businesses that safe locks made by Securam, which is owned by a Chinese parent company, have a manufacturer reset capability. That capability, Wyden wrote, could be used as a backdoor—a risk that had already led to Securam locks being prohibited for US government use like all other locks with a manufacturer reset, even as they're widely used by private US companies.

In response to learning about Rowley and Omo’s research, Wyden wrote in a statement to WIRED that the researchers’ findings represent exactly the risk of a backdoor—whether in safes or in encryption software—that he’s tried to call attention to.

“Experts have warned for years that backdoors will be exploited by our adversaries, yet instead of acting on my warnings and those of security experts, the government has left the American public vulnerable,” Wyden writes. “This is exactly why Congress must reject calls for new backdoors in encryption technology and fight all efforts by other governments, such as the UK, to force US companies to weaken their encryption to facilitate government surveillance.”

**ResetHeist**

Rowley and Omo’s research began with that same concern, that a largely undisclosed unlocking method in safes might represent a broader security risk. They initially went searching for the mechanism behind the Liberty Safe backdoor that had caused a backlash against the company in 2023, and found a relatively straightforward answer: Liberty Safe keeps a reset code for every safe and, in some cases, makes it available to US law enforcement.

Liberty Safe has since written on its website that it now requires a subpoena, a court order, or other compulsory legal process to hand over that master code, and will also delete its copy of the code at a safe owner’s request.

Rowley and Omo planned to reveal the existence of Securam’s vulnerabilities more than a year ago, but held off until now due to the company’s legal threats.Photograph: Ronda Churchill

Rowley and Omo didn't find any security flaw that would allow them to abuse that particular law-enforcement-friendly backdoor. When they started examining the Securam ProLogic lock, however, their research on the higher-end version of the two kinds of Securam lock used on Liberty Safe products revealed something more intriguing. The locks have a reset method documented in their manual, intended in theory for use by locksmiths helping safe owners who have forgotten their unlock code.

Enter a “recovery code” into the lock—set to “999999” by default—and it uses that value, another number stored in the lock called an encryption code, and a third, random variable to compute a code that's displayed on the screen. An authorized locksmith can then read that code to a Securam representative over the phone, who then uses that value and a secret algorithm to compute a reset code the locksmith can enter into the keypad to set a new unlock combination.

Omo and Rowley found that by analyzing the Securam ProLogic's firmware, however, they could find everything they needed to compute that reset code themselves. “There's no hardware security to speak of,” says Rowley. “So we could reverse engineer the whole secret algorithm just by reading the firmware that's in the lock.” The resulting safecracking method requires little more than punching a few numbers into a Python script they wrote. They call the technique ResetHeist.

The researchers note that safe owners can prevent this ResetHeist technique by changing their lock's recovery code or its encryption code. But Securam doesn't recommend that safeguard in any user documentation the researchers could find online, only in a manual for some manufacturers and locksmiths. In another Securam webinar Omo and Rowley found, Securam notes that you can change the codes, but that it’s not necessary, and that the codes are “usually never” changed. In every lock the researchers tested, including about a handful they bought used from eBay, the codes hadn't been changed. “We have not bought a lock on which the recovery method didn't work,” Omo says.

**CodeSnatch**

The second technique the researchers developed, which they call CodeSnatch, is more straightforward. By removing the battery from a Securam ProLogic lock and inserting a small handheld tool they made with a Raspberry Pi minicomputer into an exposed debug port inside, they can extract a “super code” combination from the lock that's displayed on their tool's screen and can be used to immediately open the lock.

The researchers found that CodeSnatch trick by reverse engineering the Renesas chip that serves as the lock's main processor. That task was made far easier by the work of a group called fail0verflow, which had published their analysis of the same Renesas chip as part of their efforts to crack the PlayStation 4, which also uses that processor. Omo and Rowley built their tool to reprogram the chip's firmware to dump all of its information via the debug port—including the encrypted “super code” and the key, also stored on the chip, that decrypts it. “It's really not that challenging,” says Rowley. “Our little tool does that, and then it tells you what the super code is.”

Gaining access to the lock's code via its debug port does require inputting a password. But Omo and Rowley say that password was absurdly simple, and they successfully guessed it. They found that in one newer Securam ProLogic lock manufactured in March of this year, Securam had changed the password, but they were able to learn it again by using a “voltage glitching” technique: By soldering a switch to the voltage regulator on the chip, they could mess with its electrical voltage at the exact moment it performed the password check to bypass that check and then dump the chip's contents—including the new password.

Photograph: Ronda Churchill

In addition to Securam, WIRED reached out to 10 safe manufacturers that appear to use Securam ProLogic locks on their safes, as well as CVS. Most didn’t respond, but a spokesperson for High Noble Safe Company wrote in a statement that WIRED’s inquiry was the first it was learning of Securam’s vulnerabilities, and that it’s now reviewing the security of the locks used by its product line and preparing guidance for customers including “additional physical security measures or potential replacement options.”

A Liberty Safe representative similarly noted the company wasn’t previously aware of Securam’s vulnerabilities. “We are currently investigating this issue with SecuRam and will do whatever it takes to protect our customers,” a statement from the spokesperson reads, “including validating other potential lock suppliers and developing a new proprietary lock system.”

A CVS spokesperson declined to comment on “specific security protocols or devices,” but wrote that “the safety of our employees and patients is a top priority and we are committed to maintaining the highest physical security standards.”

**“Safes That Aren’t Safe”**

Rowley and Omo say that patching Securam Locks' security flaws is possible—their own CodeSnatch tool, in fact, could itself be used to update the locks' firmware. But any such fix would have to be implemented manually, lock by lock, a slow and expensive process.

Although Omo and Rowley aren't releasing the full technical details or any proof-of-concept code for their techniques, they warn that others with less benevolent intentions could still figure out how to replicate their safecracking tricks. “If you have the hardware and you're skilled in the art, this would be roughly a one-week thing,” Omo says.

He and Rowley decided to go public with their research despite that risk to make safe owners aware that their locked metal boxes may not be as secure as they think. More broadly, Omo says that they wanted to call attention to the wide gaps in US cybersecurity standards for consumer products. Securam locks are certified by Underwriters Laboratory, he points out—yet suffered from critical security flaws that will be tough to fix. (Underwriters Laboratory did not immediately respond to WIRED’s request for comment.)

In the meantime, they say, safe owners should at least know about their safes' flaws—and not rely on a false sense of security.

“We want Securam to fix this, but more importantly we want people to know how bad this can be,” Omo says. “Electronic locks have electronics inside. And electronics are hard to secure.”

Hackers Went Looking for a Backdoor in High-Security Safes—and Now Can Open Them in Seconds

**Pre-requisites:**

* Have a compromised security key (https://craftcms.com/knowledge-base/securing-craft#keep-your-secrets-secret)
* Somehow, manage to create an arbitrary file in Craft’s `/storage/backups` folder.

With those two pieces in place, you could create a specific, malicious request to the `/updater/restore-db` endpoint to execute CLI commands remotely.

Fixed in https://github.com/craftcms/cms/commit/a19d46be78a9ca1ea474012a10e97bed0d787f57

-----

Reported by Marco O. (segfault)

**Exploitability Metrics**

Attack Vector: This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.

Attack Complexity: This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. These are conditions whose primary purpose is to increase security and/or increase exploit engineering complexity. A vulnerability exploitable without a target-specific variable has a lower complexity than a vulnerability that would require non-trivial customization. This metric is meant to capture security mechanisms utilized by the vulnerable system.

Attack Requirements: This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack. These differ from security-enhancing techniques/technologies (ref Attack Complexity) as the primary purpose of these conditions is not to explicitly mitigate attacks, but rather, emerge naturally as a consequence of the deployment and execution of the vulnerable system.

Privileges Required: This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.

User interaction: This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner.

**Vulnerable System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the VULNERABLE SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the VULNERABLE SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the VULNERABLE SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

**Subsequent System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the SUBSEQUENT SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the SUBSEQUENT SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the SUBSEQUENT SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

GHSA-2vcf-qxv3-2mgw: Craft CMS has a theoretical bypass for CVE-2025-23209

A new report by VulnCheck exposes a critical command injection flaw (CVE-2025-53652) in the Jenkins Git Parameter plugin.…

A new report by VulnCheck exposes a critical command injection flaw (CVE-2025-53652) in the Jenkins Git Parameter plugin. Find out how this vulnerability, initially rated as medium, could allow hackers to achieve remote code execution and compromise thousands of unauthenticated Jenkins servers.

A new security analysis from the firm VulnCheck has revealed that a vulnerability in the popular Jenkins automation server is more dangerous than previously thought. The flaw, officially identified as CVE-2025-53652, was initially rated as a medium-level threat but has been found to allow for a severe type of attack known as command injection. This could potentially let hackers take complete control of a server.

For your information, Jenkins is a powerful open-source tool companies use for automating tasks in software development. The vulnerability specifically affects a feature called the Git Parameter plugin, which is used to allow developers to easily select and use different versions or branches of code directly within their automated tasks.

According to VulnCheck’s report, shared with Hackread.com, around 15,000 Jenkins servers on the internet currently have their security settings turned off, making them easy targets for this kind of attack.

Of the more than 100,000 internet-facing Jenkins servers, 15,000 have authentication turned off- FOFA (Source: VulnCheck)

The problem lies in how the Git Parameter plugin handles information given to it by users. When a user enters a value, the plugin uses it directly in a command without properly checking if it’s safe. This allows a skilled attacker to inject malicious commands into the system.

VulnCheck’s team confirmed that they could use this flaw to run their own code on the server, a dangerous type of attack called remote code execution (RCE). They were able to use this method to gain control of a test server and even access sensitive information, such as a master key.

Even though the official fix for the vulnerability has been released, VulnCheck warns that the patch can be manually disabled by a system administrator. This means that a server could still be vulnerable even if it has been updated. As a result, the security firm has created a special rule to help companies detect any attempts to exploit this weakness.

While the firm doesn’t believe the flaw will be widely exploited, they note that it’s the kind of weakness that skilled attackers value for specific, targeted attacks or for moving deeper into a company’s network.

Tag

#auth