A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does not enforce restrictions on requests to remote internet addresses, allowing it to also access local addresses. As a result, an attacker could exploit this flaw to perform port scans, access local services, retrieve instance metadata from cloud environments (e.g., Azure, AWS), and interact with servers on the local network. This issue has been fixed in version 0.0.28.

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2025-2828

**LangChain Community SSRF vulnerability exists in RequestsToolkit component**

High severity GitHub Reviewed Published Jun 23, 2025 to the GitHub Advisory Database • Updated Jun 25, 2025

**Package**

pip langchain-community (pip)

**Affected versions**

< 0.0.27

A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain\_community.agent\_toolkits.openapi.toolkit.RequestsToolkit) in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does not enforce restrictions on requests to remote internet addresses, allowing it to also access local addresses. As a result, an attacker could exploit this flaw to perform port scans, access local services, retrieve instance metadata from cloud environments (e.g., Azure, AWS), and interact with servers on the local network. This issue has been fixed in version 0.0.28.

**References**

*   https://nvd.nist.gov/vuln/detail/CVE-2025-2828
*   langchain-ai/langchain@e188d4e
*   https://huntr.com/bounties/8f771040-7f34-420a-b96b-5b93d4a99afc

Published to the GitHub Advisory Database

Jun 23, 2025

Last updated

Jun 25, 2025

GHSA-h5gc-rm8j-5gpr: LangChain Community SSRF vulnerability exists in RequestsToolkit component 

ShortLeash backdoor, used in the China-linked LapDogs campaign since 2023, enables stealth access, persistence, and data theft via compromised SOHO routers and fake certs.

Cybersecurity experts at SecurityScorecard have discovered a widespread cyber espionage operation, dubbed LapDogs, which has compromised an unknown number of devices (probably thousands) around the world since September 2023.

This stealthy campaign, likely originating from a China-based group, focuses on long-term surveillance and data theft, primarily targeting the United States, Japan, South Korea, Taiwan, and Hong Kong.

****Exploiting Everyday Devices****

According to SecurityScorecard’s STRIKE team’s research, unlike typical cyberattacks that aim for quick access, LapDogs uses a clever method involving what experts call Operational Relay Boxes (ORBs). An ORB is a compromised device, often a Small Office/Home Office (SOHO) router or an Internet of Things (IoT) device, that attackers use to secretly route their traffic.

SOHO routers are those used in small businesses or homes, connecting multiple devices to the internet. By using these everyday devices, especially older models from companies like Ruckus Wireless (making up about 55% of compromised hardware) and Buffalo Technology, the attackers can hide their activities and avoid detection for months.

These vulnerable devices often run outdated or unpatched firmware and may expose services like mini\_httpd, embedded management tools with default settings, OpenSSH, or DropBear SSH.

A key part of the LapDogs operation is a custom tool called ShortLeash. This is a malicious program, or backdoor, that gives the attackers hidden control over infected computers and networks enabling silent control, persistence, and lateral movement within networks.

The Linux version of ShortLeash is deployed by a Bash script that checks for Ubuntu or CentOS to place a malicious service file in relevant directories. The ShortLeash payload itself features a two-layer decryption process for its configuration, which includes certificates, private keys, and a URL.

It also runs a server simulating Nginx response and uses random hardcoded query parameters when communicating with its C2 servers. To further cover their tracks, ShortLeash even creates fake security certificates that appear to be from the Los Angeles Police Department (LAPD).

One of the self-signed TLS certificates used in the campaign (Image via SecurityScorecard)

A TLS certificate is a digital document that helps secure internet communication, like a digital ID card for websites. By faking these, the attackers make their actions look legitimate. Researchers also observed 162 distinct intrusion sets, with some sharing common geographical locations or ISPs.

The LapDogs campaign has infiltrated a variety of organizations, including internet service providers (ISPs), hardware makers, and businesses in sectors like IT, networking, real estate, and media. Researchers noted that the attackers are very focused, with signs that they carefully plan their attacks on specific targets.

Therefore, IT administrators for employees from these industries need to be on the lookout and fix vulnerabilities by installing patches. If updates are not available, move on to a different and more secure device.

China-linked LapDogs Campaign Drops ShortLeash Backdoor with Fake Certs

### Impact
XSS - Errors in filters from website page change detection watches were not being filtered.

### Patches

0.50.4

**Exploitability Metrics**

Attack Vector: This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.

Attack Complexity: This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. These are conditions whose primary purpose is to increase security and/or increase exploit engineering complexity. A vulnerability exploitable without a target-specific variable has a lower complexity than a vulnerability that would require non-trivial customization. This metric is meant to capture security mechanisms utilized by the vulnerable system.

Attack Requirements: This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack. These differ from security-enhancing techniques/technologies (ref Attack Complexity) as the primary purpose of these conditions is not to explicitly mitigate attacks, but rather, emerge naturally as a consequence of the deployment and execution of the vulnerable system.

Privileges Required: This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.

User interaction: This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner.

**Vulnerable System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the VULNERABLE SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the VULNERABLE SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the VULNERABLE SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

**Subsequent System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the SUBSEQUENT SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the SUBSEQUENT SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the SUBSEQUENT SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

GHSA-hwpg-x5hw-vpv9: ChangeDetection.io XSS in watch overview

Citrix is recommending its customers upgrade their appliances to mitigate potential exploitation of the vulnerabilities.

Citrix Patches Critical Vulns in NetScaler ADC and Gateway

DUBAI, United Arab Emirates, 23rd June 2025, CyberNewsWire

**DUBAI, United Arab Emirates, June 23rd, 2025, CyberNewsWire**

*   Five dedicated bug bounty programs upgraded across 1inch core components, including smart contracts, wallet and infrastructure.
*   A community-first approach to strengthening DeFi security and resilience.

1inch, the leading DeFi aggregator, has launched an upgraded bug bounty initiative, covering five key areas of its platform, with rewards of up to $500,000. Through this initiative 1inch demonstrates its commitment to maintaining the highest level of security across its smart contracts, wallet, dApp, developer tools and infrastructure.

As DeFi continues to mature, so does the interdependence and complexity of its protocols – as well as the potential for vulnerabilities that are yet to be discovered. From smart contract exploits to infrastructure-level weaknesses, projects must contend with an ever-widening attack surface. By leveraging the efforts of the global white-hat hacker and security researcher community, 1inch aims to strengthen its architecture and encourage responsible disclosure.

**Community-Driven Security at Scale**

Each of the following bounty programs has a clearly defined scope and multi-tiered rewards to encourage maximum participation and impact:

**Bug bounty program 1: 1inch smart contracts – rewards of up to $500,000**

The 1inch ecosystem is built on interconnected smart contracts that aggregate liquidity from various decentralized exchanges to execute optimal token swaps. A detailed explanation of the program and rewards is available here.

**Bug bounty program 2: 1inch Wallet – rewards of up to $100,000**

This bounty program is centered on possible vulnerabilities in 1inch Wallet, a multi-chain non-custodial DeFi crypto wallet with an easy interface for secure storage and transactions. A detailed explanation of the program and rewards is available here.

**Bug bounty program 3: 1inch Developer Portal – rewards of up to $100,000**

The focus of this bounty program is the 1inch Developer Portal, a Web3 cloud SaaS (software as a service) platform featuring multiple APIs. A detailed explanation of the program and rewards is available here.

**Bug bounty program 4: 1inch dApp – rewards of up to $50,000**

The 1inch dApp is the No. 1 DeFi aggregator, offering access to the deepest liquidity and the best token swap rates on various DEXes. Its unique features include partial fill and the ability to find the best swap paths across multiple liquidity sources. A detailed explanation of the program and rewards is available here.

**Bug bounty program 5: 1inch infrastructure – rewards of up to $20,000**

This program focuses on identifying vulnerabilities that impact the 1inch platform’s overall infrastructure, complementing product-specific programs that are described above. A detailed explanation of the program and rewards is available here.

**Sergej Kunz, Co-founder of 1inch, said** “Through our new bug bounty programs, we invite external experts and white-hats to test the strength of our defenses. Even the most skilled in-house security teams, such as ours, can benefit from fresh perspectives. Better to pay bounties than pay for breaches.”

**About 1inch**

1inch accelerates decentralized finance with a seamless crypto trading experience for 23M users. Beyond being the top platform for low-cost, efficient token swaps with $1B in daily trades, 1inch offers a range of innovative tools, including a secure self-custodial wallet, a portfolio tracker for managing digital assets, a developer portal to build on its cutting-edge technology, and even a debit card for easy crypto spending. By continuously innovating, 1inch is simplifying DeFi for everyone. 

Website | Twitter/ X | Explore Blog

**Contact**

**PR lead**  
**Pavel Kruglov**  
**1inch Labs**  
**\[email protected\]**

1inch rolls out expanded bug bounties with rewards up to $500K

A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates resource claim statuses during pod status updates but fails to perform equivalent validation during pod creation. This allows a compromised node to create mirror pods that access unauthorized dynamic resources, potentially leading to privilege escalation.

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.

Attack complexity: More severe for the least complex attacks.

Privileges required: More severe if no privileges are required.

User interaction: More severe when no user interaction is required.

Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.

Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.

Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.

Availability: More severe when the loss of impacted component availability is highest.

GHSA-hj2p-8wj8-pfq4: kubernetes allows nodes to bypass dynamic resource allocation authorization checks

gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.

GHSA-wxj7-3fx5-pp9m: MLFlow SSRF via gateway_proxy_handler

Russian hackers have convinced targets to share their app passwords in very sophisticated and targeted social engineering attacks.

Russian hackers have bypassed Google’s multi-factor authentication (MFA) in Gmail to pull off targeted attacks, according to security researchers at Google Threat Intelligence Group (GTIG).

The hackers pulled this off by posing as US Department of State officials in advanced social engineering attacks, building a rapport with the target and then persuading them into creating app-specific passwords (app passwords).

App passwords are special 16-digit codes that Google generates to allow certain apps or devices to access your Google Account securely, especially when you have MFA enabled.

Normally, when you sign in to your Google account, you use your regular password plus a second verification step like a code sent to your phone. But since some older or less secure apps and devices—like certain email clients, cameras, or older phones—are unable to handle this extra verification step, Google provides app passwords as an alternative way to sign in.

However, because app passwords skip the second verification step, hackers can steal or phish them more easily than a full MFA login.

In an example provided by CitizenLab, the attackers initially made contact by posing as a State Department representative, inviting the target to a consultation in the setting of a private online conversation.

Although the invitation came from a Gmail account, it CCed four @state.gov accounts, giving a false sense of security and making the target believe that other people at the State Department had monitored the email conversation.

Most likely, the attacker fabricated those email addresses, knowing that the State Department’s email server accepts all messages and does not send a bounce response even if the addresses do not exist.

As the conversation unfolded and the target showed interest, they received an official looking document with instructions to register for an “MS DoS Guest Tenant” account. The document outlined the process of  “adding your work account… to our MS DoS Guest Tenant platform,” which included creating an app password to “enable secure communications between internal employees and external partners.”

So, while the target believes they are creating and sharing an app password to access a State Department platform in a secure way, they are actually giving the attacker full access to their Google account.

The targets of this campaign, which ran for months, were prominent academics and critics of Russia, and was set up with so much attention for details and skill that the researchers suspect the attacker was a Russian state-sponsored entity.

**Be safe, avoid app passwords**

Now that this bypass is known, we can expect more social engineering attacks leveraging app-specific passwords in the future. Here’s how to stay safe:

*   Only use app passwords when absolutely necessary. If you have the opportunity to change to apps and devices that support more secure sign-in methods, make that switch.
*   The advice to enable MFA still stands strong, but not all MFA is created equal. Authenticator apps (like Google Authenticator) or hardware security keys (FIDO2/WebAuthn) are more resistant to attacks than SMS-based codes, let alone app passwords.
*   Regularly educate yourself and others about recognizing phishing attempts. Attackers often bypass MFA by tricking users into revealing credentials or app passwords through phishing.
*   Keep an eye on unusual login attempts or suspicious behavior, such as logins from unfamiliar locations or devices. And limit those logins where possible.
*   Regularly update your operating system and the apps you use to patch vulnerabilities that attackers might exploit. Enable automatic updates whenever possible so you don’t have to remember yourself.
*   Use security software that can block malicious domains and recognize scams.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 Gmail&#8217;s multi-factor authentication bypassed by  hackers to pull off targeted attacks 

Malware hidden in fake Minecraft Mods on GitHub is stealing passwords and crypto from players. Over 1,500 devices may be affected, researchers warn.

A new malware campaign has been targeting Minecraft players through fake mod downloads, according to recent findings from Check Point Research (CPR). Shared through GitHub and disguised as popular **Minecraft cheat mods**, the files carry a layered infection that can steal everything from saved passwords to cryptocurrency.

**Malware Hidden Inside Mods**

The campaign, which surfaced in March 2025, focused on active players using mods to enhance their gameplay. Mods like Oringo and Taunahi, widely known in the Minecraft cheat community, were mimicked to attract downloads. But instead of extra features, these files installed malware in three stages.

According to CPR’s **blog post**, first came a Java-based downloader. After confirming the user was running Minecraft and not a sandboxed or virtual environment, it dropped the download of a second-stage stealer which harvested login credentials and other sensitive files.

The final payload, a more advanced spyware tool, dug even deeper. It scanned for data in Discord, Steam, Telegram, web browsers and **crypto wallets.** It could also take screenshots and collect technical details from the infected machine. Data stolen through this campaign was then sent out over Discord, making the exfiltration hard to detect.

****Russian-Speaking Attacker Suspected****

Hints from the malware’s code, including Russian-language comments and UTC+3-based activity patterns, point to a Russian-speaking threat actor. The operation was linked to a group Check Point referred to as the Stargazers Ghost Network, a malware delivery system that uses a distribution-as-a-service model. The same system was **previously seen in July 2024** distributing malware through more than 3,000 fake GitHub accounts.

In the latest Minecraft scam, CPR’s research also traced the campaign across several GitHub repositories, each posing as legitimate mod tools. This helped the malware gain reach while avoiding immediate suspicion. Based on internal traffic analysis, the researchers estimate that at least 1,500 devices may have been compromised so far.

Malicious GitHub repositories (Image via CPR)

****Why Minecraft Was the Perfect Target****

Minecraft’s global popularity makes it a prime target for these kinds of attacks. With over 200 million monthly active users and more than a million modders, the game has built an extensive infrastructure of user-created content. Many players are young and may not be well-equipped to spot fake downloads, especially when they’re presented as performance boosters or cheats.

The modding community thrives on open sharing, but that openness has become a vulnerability. Attackers are betting that users won’t double-check the origin of a mod if it looks familiar.

This is why in October 2021, Minecraft was identified as **the most malware-infected game** after researchers found 44,335 compromised devices and over 300,000 malware cases targeting its players.

****What Players Should Do****

This attack is just another example of how familiar online platforms, especially those used by younger audiences, are being turned into distribution channels for malware. If you’re a Minecraft player or a parent of one, now’s a good time to check your devices and habits:

*   Stick to mods from well-known and verified platforms.
*   Make sure your antivirus and security updates are current.
*   Avoid any mod claiming to offer hacks, cheats or automation.
*   Monitor accounts linked to Discord, gaming platforms or crypto wallets for suspicious activity.

Fake Minecraft Mods on GitHub Found Stealing Player Data

Zyxel users beware: A critical remote code execution flaw (CVE-2023-28771) in Zyxel devices is under active exploitation by a Mirai-like botnet. GreyNoise observed a surge on June 16, targeting devices globally.

A serious security vulnerability, tracked as CVE-2023-28771, is affecting Zyxel networking devices. Security researchers at GreyNoise noticed a sudden sharp rise, and a concentrated effort by attackers to exploit this flaw on June 16th.

The vulnerability allows for remote code execution, which means attackers can run their own programs on vulnerable devices from a distance. This particular weakness is found in how Zyxel devices handle specific internet messages, called Internet Key Exchange (IKE) packets coming through the UDP port 500.

****The Sudden Surge and Its Reach****

While attacks targeting this Zyxel flaw had been minimal, June 16th brought a significant spike in activity. GreyNoise recorded 244 different internet addresses trying to exploit the issue within a single day.

Source: GreyNoise

These attacks are aimed at devices in various countries, with the following being the most targeted:

*   India
*   Spain
*   Germany
*   United States
*   United Kingdom

Interestingly, a review of these 244 attacking addresses showed they had not been involved in any other suspicious network activity in the two weeks leading up to this sudden burst.

****Tracing the Source****

An investigation into the attacking internet addresses revealed they were all registered under Verizon Business infrastructure and appeared to originate from the United States. However, because the attacks use UDP port 500, which allows for spoofing (faking the sender’s address), the true source might be hidden, noted GreyNoise researchers in their blog post shared with Hackread.com.

Further analysis by GreyNoise, supported by checks from VirusTotal, found signs that these attacks might be linked to variants of the Mirai botnet, a type of malicious software that takes over devices.

In response to these active threats, security experts are urging immediate action. It is advised to block all 244 identified malicious IP addresses and to check if any internet-connected Zyxel devices have the necessary security patches for CVE-2023-28771.

Device owners should also watch for any unusual activity after an exploit attempt, as this could lead to further compromise or the device being added to a botnet. Finally, it’s recommended to limit any unnecessary exposure of IKE/UDP port 500 by applying network filters.

It’s important to note that Zyxel devices have faced security challenges in the past. For instance, Hackread.com reported in June 2024, about Zyxel NAS devices being targeted by a Mirai-like botnet exploiting a different recent vulnerability (CVE-2024-29973), highlighting a recurring pattern of issues for the company’s products.

“This was added to the CISA Known Exploited vulnerabilities list on May 31, 2023, requiring agencies to have it resolved before June 21 that same year. The activity observed appears to be the Mirai botnet activity,” said Martin Jartelius, CISO at cybersecurity company Outpost24.

“As the vulnerability has been extensively targeted before, for someone to fall victim now, they would have had to obtain a vulnerable device, deploy it without updates, and expose it to the internet, even though it’s in a known vulnerable state,” explained Martin.

“One would almost say that the chain of incompetence needed to be victimized at this point is borderline impressive, but of course, it can happen. This, however, is not the vulnerability we should all wake up and worry about today. In fact, if you were worried about it, you would have fixed it years ago.”

Tag

#vulnerability