Former Hunters International ransomware gang, now World Leaks, claims 1.3 TB Dell data breach, leaking over 400K files with internal tools and user data.

World Leaks, the rebranded version of the Hunters International ransomware gang, has leaked 1.3 TB of internal data, which the group claims belongs to Dell Technologies Inc., the American multinational tech giant.

The announcement was made earlier today, Monday, July 21, 2025, on the group’s official dark web leak site. According to information reviewed by Hackread.com, the leak contains 416,103 files, all publicly available for download. Many of these files directly reference Dell Technologies and appear consistent with internal corporate data.

World Leaks’ claims on its dark web leak site (Image credit: Hackread.com)

****Analysis of the File List****

A closer look at the leaked file list shows what appears to be internal data from across Dell Technologies’ global network. The files come from various regional systems, including the Americas, Europe, and Asia-Pacific, and cover everything from employee folders and software tools to infrastructure scripts and backup data.

Many of the files mention Dell Technologies and its products, such as PowerPath, PowerStore, and firmware for Dell-branded hardware. There are also references to VMware tools, automation scripts written in Terraform, and files linked to system monitoring and internal testing.

Some paths point to browser profiles, log files, and software packages used in development or support environments. What stands out is how often Dell’s name and tools appear throughout the directories, along with structured naming that suggests the data is pulled from real corporate systems. All of this supports the group’s claim that the files are indeed from inside Dell’s infrastructure.

Screenshot from the file list published by World Leak (Image credit: Hackread.com)

It’s also worth noting that World Leaks has not disclosed when the breach of Dell Technologies occurred, how it was carried out, or how the company responded to it.

****Dell’s Statement****

In a statement to Hackread.com, Dell confirmed that a threat actor accessed its internal “Solution Center,” an environment used for product demos and testing. The company emphasised that this system is isolated from customer and partner networks and is not part of its service infrastructure.

According to Dell, the data obtained was primarily synthetic, publicly available, or related to internal scripts and testing outputs. While Dell did not use the term “breach,” its response indicates that unauthorised access did occur. The company says its investigation is ongoing.

****Who Is World Leaks and How Is It Connected to the Hunters International Ransomware Group?****

As Hackread.com reported in early July 2025, World Leaks is the new name adopted by the group formerly known as Hunters International. The gang has changed its approach, now focusing solely on data theft and extortion rather than deploying ransomware. Their approach focuses on stealing sensitive data and threatening to leak it unless they are paid by their victims.

This approach is completely different from how Hunters International operated, where file encryption was used alongside extortion. World Leaks has dropped the encryption part entirely and is now gambling everything on the pressure that comes from the threat of public exposure.

The change could be a strategic one, especially with law enforcement agencies becoming more aggressive and ransomware profits facing more obstacles. By cutting out the encryption step, they reduce the chances of getting caught while still profiting from the stolen data.

World Leaks now uses a custom exfiltration tool to automatically extract large volumes of data from compromised networks. This tool seems to be a more advanced version of the data theft software previously used by affiliates of the original Hunters International group.

****Dell and Cybersecurity Incidents: Nothing New****

A company as large as Dell is always an attractive target for cybercriminals, and this isn’t the first time hackers have claimed to breach its systems. On May 9, 2024, a hacker using the alias “Menelik” claimed to be selling data from 49 million Dell customer accounts.

The following day, on May 10, Dell confirmed the breach but downplayed its severity, stating that the compromised data posed “no significant risk.” The exposed information included full names, physical addresses, Dell hardware and order details, service tags, item descriptions, order dates, warranty information, and more.

In September 2024, a hacker using the alias “grep” announced three separate data breaches involving Dell. One of the breaches reportedly exposed data belonging to more than 10,000 Dell employees.

World Leaks Claims Dell Data Breach, Leaks 1.3 TB of Files

Improve security in your React app with geolocation-based authentication, adding a strong layer beyond passwords to prevent unauthorised access.

The number of cyberattacks keeps growing every year, and human error is still the main cause of security breaches. While it’s impossible to eliminate the user mistake factor entirely, developers can introduce authentication systems that offer more security compared to traditional password-based algorithms. 

Geolocation-based authentication is only one example of an extra security layer, but the approach has already proven effective for preventing unauthorised access. According to Brainence, a custom React development firm, today, many organisations rely on introducing advanced authentication systems and leveraging location data for accessing sensitive information. Of course, no measure today is 100% breach-proof, but geolocation in React apps is a reasonable approach to balancing safety and usability.

****How Geolocation-Based Authentication Works****

Geolocation authentication uses a device’s physical location as part of the verification process. With React authentication systems, it analyses GPS coordinates, IP addresses, and network information to determine if login attempts come from expected locations.

The system works by establishing location baselines for each user account. Simply put, it stores previous login data and monitors for any suspicious activity, in this case, when someone tries to log in from a new location or IP address.

****How Location Increases Security****

Traditional systems rely on passwords, which are easily compromised. An extra safety layer is the use of tokens, but with today’s ever-growing number of cyberattacks, the system is no longer safe either. Geolocation adds the third factor to the safety net, an analysis of where the user is. 

This contextual approach helps identify compromised credentials immediately_._ The React geolocation logic is clear: if the user has a history of logins from Edinburgh, a sudden attempt to access the account from a Manchester address raises the alarm, triggers additional verification steps, or even blocks the suspicious session.

****React Integration with Geolocation Features** **

The library’s component-based architecture makes it especially well-suited for geolocation features. React Native geolocation capabilities allow developers to seamlessly integrate location services across web and mobile applications without compromising user experience.

Besides, web browsers today allow access to geolocation APIs that React developers can leverage. For example, the HTML5 Geolocation API offers high-accuracy positioning that can be easily integrated into authentication workflows through React hooks and state management systems.

****Security Advantages in Practice****

Organisations implementing geolocation authentication report significant improvements in security metrics. A 2024 survey showed that 83% of companies today require multi-factor authentication, and adding location context further strengthens these protective measures.

**Key security benefits include:**

*   Automatic threat detection from unusual geographic locations.
*   Enhanced fraud prevention by identifying impossible travel patterns.
*   Improved incident response with precise location data for forensic analysis.
*   Strengthened compliance with regulatory requirements for access monitoring.
*   Reduced account takeover incidents through location-based anomaly detection.

These improvements translate to measurable business value, as the average cost of a data breach reached £3.58 million in 2024. So, most prevention investments are usually cost-effective.

****Technical Implementation Strategies****

The React user authentication flow can seamlessly incorporate location checks without disrupting the user experience for legitimate access attempts, but there are a few principles to bear in mind. 

****Privacy and User Consent Considerations****

Location data is highly sensitive personal information that requires explicit user consent coupled with careful handling. React applications must implement clear consent mechanisms and provide granular privacy controls that allow users to understand and control how their location data is used.

Modern browsers enforce strict permissions for geolocation access, requiring HTTPS connections and explicit user approval. React applications should also implement graceful fallbacks for users who decline location sharing while still maintaining baseline security measures.

****Advanced Security Patterns****

Beyond basic location verification, React localisation implementations can detect subtle behavioural patterns that indicate potential security threats. Machine learning algorithms can analyse location histories to identify abnormal access patterns that might otherwise appear legitimate.

Geographic velocity analysis is one example of a powerful technique. The idea is to calculate whether the time between login attempts from different locations is physically possible. This approach can instantly identify credential sharing or account compromise scenarios that traditional authentication methods might miss.

****Integration with Existing Security Infrastructure****

Geolocation authentication works best when integrated with comprehensive security frameworks rather than implemented in isolation. Modern React applications should combine location verification with other security measures, including device fingerprinting, behavioural analysis, and traditional multi-factor authentication methods.

Another important consideration is risk level analysis. An app that can differentiate between low-risk and high-risk scenarios can respond accordingly, for example, initiate standard authentication in the first instance, and require additional verification steps in the second case. 

****Takeaway on Performance & Usability****

Of course, modern React applications must balance security requirements with performance demands. Geolocation lookups should be optimised to minimise latency while providing accurate results. Caching strategies and intelligent data management can ensure that location-based authentication strengthens rather than degrades application performance.

Overall, cloud-based geolocation services offer scalable solutions that can handle high-volume authentication requests while providing consistent accuracy across global user bases. These services integrate seamlessly with React applications through standard API interfaces.

Why You Should Use Geolocation in Your React App’s Authentication Process

July “In the Trend of VM” (#17): vulnerabilities in Microsoft Windows and Roundcube. A traditional monthly roundup. This time, it’s a very short one. 🙂 🗞 Post on Habr (rus)🗒 Digest on the PT website (rus) Only three trending vulnerabilities: 🔻 Remote Code Execution – Internet Shortcut Files (CVE-2025-33053)🔻 Elevation of Privilege – Windows SMB Client […]

**July “In the Trend of VM” (#17): vulnerabilities in Microsoft Windows and Roundcube.** A traditional monthly roundup. This time, it’s a very short one. 🙂

🗞 Post on Habr (rus)  
🗒 Digest on the PT website (rus)

Only three trending vulnerabilities:

🔻 **Remote Code Execution** – Internet Shortcut Files (CVE-2025-33053)  
🔻 **Elevation of Privilege** – Windows SMB Client (CVE-2025-33073)  
🔻 **Remote Code Execution** – Roundcube (CVE-2025-49113)

На русском

Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.

А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.

July “In the Trend of VM” (#17): vulnerabilities in Microsoft Windows and Roundcube

Fake npm website used in phishing attack to steal maintainer token, leading to malware in popular JavaScript packages like eslint-config-prettier.

A phishing campaign targeting JavaScript developers has led to the compromise of several popular npm packages, including eslint-config-prettier. The breach began with an attacker tricking a maintainer using a fake login page hosted on a lookalike domain, npnjs.com.

Once the attacker got hold of the maintainer’s npm token, they pushed malicious versions of key packages directly through the registry, completely bypassing the GitHub repositories.

According to Socket, a developer-first security platform, which first spotted the scam, four versions of eslint-config-prettier (8.10.1, 9.1.1, 10.1.6, 10.1.7) were found to contain a script that executes on install, targeting Windows machines. The script attempts to launch a node-gyp.dll file using rundll32, which could allow the attacker to execute arbitrary code on affected systems. Security researchers assigned the issue a CVSS score of 7.5 and confirmed a new CVE (CVE-2025-54313) is being tracked.

Socket’s blog post shared with Hackread.com revealed that the attack went undetected for a while since there were no commits or pull requests in the GitHub repo linked to the new versions.

Instead, the attacker relied on their npm credentials to publish directly, avoiding detection until users started noticing suspicious activity. Other affected packages discovered by researchers included the following:

*   synckit: 0.11.9
*   @pkgr/core: 0.2.8
*   napi-postinstall: 0.3.1
*   eslint-plugin-prettier: 4.2.2 and 4.2.3

These packages are widely used in front-end and Node.js projects. Because many developers rely on automated tools like Dependabot or Renovate, compromised versions may have been pulled into projects without anyone noticing. Once installed, the payload could provide remote access to Windows machines running affected builds.

The phishing email used in the campaign (Image via Socket)

The good news is that the maintainer whose token was compromised acted quickly after learning of the breach. The malicious versions were deprecated and removed, credentials were rotated, and npm support was brought in to assist with the cleanup.

Socket has been monitoring the situation and continues to scan for other suspicious activity across the npm registry. Their tools flag any new versions with unexpected install scripts or binary payloads, which could help developers detect issues early before the malicious code spreads.

Nigel Douglas, Head of Developer Relations at Cloudsmith, commented on the wider implications. He pointed out that this is yet another example of how dependency chains can turn into attack vectors. “CI/CD pipelines pull in hundreds of transitive dependencies by default, each with its own maintainers, update cycles, and exposure history,” he said. “Without secure dependency retrieval processes, it only takes one upstream breach to cause chaos in production.”

Douglas also stressed that it’s unreasonable to expect developers to catch every vulnerability on their own. “If a single stolen maintainer token can push malicious code into one of the most widely used linting tools on npm, that should tell us something. You can’t fix this just by focusing on individual packages,” he added.

He called for stronger maintainer practices like scoped tokens and 2FA, along with registry-level safeguards and secure artifact management systems that support things like version immutability and trusted source verification.

Fake npm Website Used to Push Malware via Stolen Token

### Impact
A potential security issue has been mitigated on old account deployment functions from the factory. Smart wallets in use on all existing supported networks are not impacted.
### Patches
Please direct creation of new wallets to either `createSemiModularAccount` on `AccountFactory.sol` or `createWebAuthnAccount` on `WebAuthnFactory.sol`.

**Exploitability Metrics**

Attack Vector: This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.

Attack Complexity: This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. These are conditions whose primary purpose is to increase security and/or increase exploit engineering complexity. A vulnerability exploitable without a target-specific variable has a lower complexity than a vulnerability that would require non-trivial customization. This metric is meant to capture security mechanisms utilized by the vulnerable system.

Attack Requirements: This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack. These differ from security-enhancing techniques/technologies (ref Attack Complexity) as the primary purpose of these conditions is not to explicitly mitigate attacks, but rather, emerge naturally as a consequence of the deployment and execution of the vulnerable system.

Privileges Required: This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.

User interaction: This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner.

**Vulnerable System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the VULNERABLE SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the VULNERABLE SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the VULNERABLE SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

**Subsequent System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the SUBSEQUENT SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the SUBSEQUENT SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the SUBSEQUENT SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

GHSA-56r6-ccm5-8hg3: Alchemy Non-SMA and Webauthn Account Security Advisory

Ring users on TikTok, Reddit, and X are reporting multiple unauthorized device logins all dating back to May 28.

In the last week, countless Amazon Ring users on TikTok, Reddit, and X have been saying they believe their Ring cameras were hacked starting May 28.

Many posted screenshots of their accounts, showing multiple unauthorized device logins, making these claims hard to ignore. Forbes looked into the issue and even the journalist found several logins on his own device.

However, on Friday Ring claimed it’s just a minor issue with the displayed date:

> “We are aware of a bug that incorrectly displays prior login dates as May 28, 2025.

Visitors who go to Ring’s site are shown the following (correct at the time of writing):

> “We are aware of an issue where information is displaying inaccurately in Control Center. This is the result of a backend update, and we’re working to resolve this. We have no reason to believe this is the result of unauthorized access to customer accounts.”

This message was posted on Friday, July 18. We spoke to one user who let us know that, as of Monday morning (July 21), he was unable to log in through the website. He was, however, able to log in through the app and saw no May 28 logins.

So, what’s Ring claiming here? That it did an update and messed up the database? In a later message it claimed:

> “Ring made a backend update that resulted in prior login dates for client devices to be inaccurately displayed as May 28, 2025, and device names to be incorrectly displayed as ‘Device name not found’.“

But if you look at any of the plethora of screenshots, you’ll see that there are plenty of device names displayed.

The Ring software release notes show no updates for the doorbells on or around May 28, so we think it’s safe to assume that Ring is right about it being a backend update that caused this.

There is one other thing that’s interesting in this puzzle. On July 17, founder and now CEO Jamie Siminoff announced some drastic changes. Siminoff reinstated Ring’s original mission statement, “Make neighborhoods safer,” which might suggest the business is going back to its founding identity as a crime prevention tool.

Before Siminoff came back as CEO he wasn’t working for Ring, and in that time the company leaned into a more community-focused brand, distancing itself from the surveillance tool image. Last year, the company discontinued “Request for Assistance,” a feature that allowed law enforcement officers to ask people for camera footage through Ring’s Neighbors app. At the time, the company said it would only let police request footage during “emergencies.”

However, in April, Ring announced a partnership with Axon that effectively reintroduces video sharing with law enforcement.

The two issues could be completely unrelated, but reintroducing this functionality does sound like it would need a backend update.

Either way, Amazon will not be happy about this issue, shortly after having to warn over 200 million Prime customers that their accounts are under attack.

**Worried your Ring camera has been hacked?**

Again, we should reiterate that Ring says that its cameras have not been hacked. However, if you’re worried, there are some things you can do:

*   Since there is no evidence of an actual breach yet, the best thing to do for now is wait and keep an eye on the updates by Ring about this issue.
*   In the Ring app’s **Control Center**, check the list of authorized devices that have access to your account and remove any unfamiliar ones.
*   If you’re worried about unauthorized access and you have an alternative camera or can cope without one for a bit, you could temporarily disable your Ring doorbell and/or cameras until we hear more on the situation.
*   Consider resetting your Ring account password using a strong, unique password that you have never used before and enable two step verification. There’s no harm in doing this so you may as well take this extra security step.
*   Phishers and other scammers might try to take advantage of the situation by sending you emails or messages hoping to get you to click or hand over personal details. If you receive a message that appears to come from Ring, double check via another means that it really is from Ring.

**We don’t just report on threats – we help safeguard your entire digital identity**

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 &#8220;Ring cameras hacked&#8221;? Amazon says no, users not so sure 

About Remote Code Execution – Internet Shortcut Files (CVE-2025-33053) vulnerability. A vulnerability from the June Microsoft Patch Tuesday. This vulnerability immediately showed signs of exploitation in the wild. This flaw allows a remote attacker to execute arbitrary code when a victim opens a specially crafted .url file, delivered, for example, through a phishing attack. 🔹 The […]

**About Remote Code Execution – Internet Shortcut Files (CVE-2025-33053) vulnerability.** A vulnerability from the June Microsoft Patch Tuesday. This vulnerability immediately showed signs of exploitation in the wild. This flaw allows a remote attacker to execute arbitrary code when a victim opens a specially crafted .url file, delivered, for example, through a phishing attack.

🔹 The vulnerability was reported by Check Point researchers. On June 10, the day of Microsoft’s June Patch Tuesday, they published technical details on their website. The vulnerability had been exploited by the APT group Stealth Falcon since at least March 2025. The exploitation led to the download and execution of malware (Horus Agent) from the attacker’s WebDAV server.

🔹 Exploits for this vulnerability have been available on GitHub since June 12.

На русском

Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.

А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.

About Remote Code Execution – Internet Shortcut Files (CVE-2025-33053) vulnerability

Microsoft has released new security updates to fix two serious vulnerabilities affecting on-premises SharePoint servers, warning that attackers…

Microsoft has released new security updates to fix two serious vulnerabilities affecting on-premises SharePoint servers, warning that attackers are already exploiting them in active campaigns.

The vulnerabilities, identified as CVE-2025-53770 and CVE-2025-53771, are not present in SharePoint Online, but on-premises environments using SharePoint 2019 and the SharePoint Subscription Edition are directly at risk.

According to Microsoft’s updated guidance, fixes for SharePoint 2019 and Subscription Edition are now available and fully address both vulnerabilities. However, SharePoint 2016 customers are still waiting, as Microsoft says updates for that version are still in development. In the meantime, the company recommends that affected users apply existing patches, enable key protections, and prepare for additional updates.

The two vulnerabilities are dangerous because they allow attackers to execute code and plant web shells on vulnerable servers. Microsoft says these attacks have already been seen in the wild, and one clear sign of compromise is the presence of a suspicious file called spinstall0.aspx. Security analysts recommend checking SharePoint server directories for this file, as it often signals post-exploitation activity.

While fixes are available for some versions, Microsoft emphasises that patching alone is not enough. Customers should also rotate machine keys and restart IIS to fully fix the issue. These steps are particularly important for those running SharePoint Server 2019 and Subscription Edition, where patches are available today.

> Microsoft has released security updates that fully protect customers using SharePoint Subscription Edition and SharePoint 2019 against the risks posed by CVE-2025-53770, and CVE-2025-53771. These vulnerabilities apply to on-premises SharePoint Servers only. Customers should apply…
> 
> — Security Response (@msftsecresponse) July 21, 2025

To protect your system from exploitation, Microsoft is urging organisations to take a layered approach: update immediately, enable the Antimalware Scan Interface (AMSI), rotate machine keys, and deploy endpoint protection.

Microsoft Defender Antivirus and Defender for Endpoint are equipped to detect known behaviour tied to this threat, including specific malware signatures like HijackSharePointServer.A and SuspSignoutReq.A.

The company also recommends deploying Microsoft Defender for Endpoint or a similar threat detection tool, as it provides alerts that could flag exploitation attempts. These might show up in logs as unusual activity in w3wp.exe processes or encoded PowerShell commands tied to web shell deployment.

While Microsoft continues to support 2016 and 2019, older editions like SharePoint 2010 and 2013 are no longer eligible for security updates, exposing your system to further attacks. Therefore, if you’re still using older or unsupported versions of SharePoint, upgrade them to the latest.

Microsoft Confirms Hackers Exploiting SharePoint Flaws, Patch Now

About Remote Code Execution – Roundcube (CVE-2025-49113) vulnerability. Roundcube is a popular open-source webmail client (IMAP). An authenticated attacker can exploit this vulnerability to execute arbitrary code on the Roundcube Webmail server. The issue is caused by the Deserialization of Untrusted Data (CWE-502). 🔹 On June 1, the vendor released patched versions 1.6.11 and 1.5.10. […]

**About Remote Code Execution – Roundcube (CVE-2025-49113) vulnerability.** Roundcube is a popular open-source webmail client (IMAP). An authenticated attacker can exploit this vulnerability to execute arbitrary code on the Roundcube Webmail server. The issue is caused by the Deserialization of Untrusted Data (CWE-502).

🔹 On June 1, the vendor released patched versions 1.6.11 and 1.5.10. Within 48 hours, attackers had analyzed the patch, and exploit sale offers began appearing on the dark web.

🔹 On June 3, PT SWARM experts successfully reproduced the vulnerability.

🔹 Since June 5, public exploits have been available on GitHub.

🔹 On June 6, Kirill Firsov, the researcher who reported the vulnerability, published a detailed write-up. He claims the vulnerability existed in the code for 10 years and that it shows signs of exploitation in the wild.

🔹 On June 16, reports emerged of a successful attack on a German email hosting provider using this vulnerability.

На русском

Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.

А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.

About Remote Code Execution – Roundcube (CVE-2025-49113) vulnerability

A 72-hour sprint that produced working solutions for one of game development's hardest problems: making it accessible to non-programmers.

The game development industry has a fundamental accessibility problem. Creating a simple game requires knowledge of programming languages, asset creation tools, physics engines, and complex workflows that take years to master. GameForge AI, organized by UK-based Hackathon Raptors, challenged developers to solve this problem using AI in just 72 hours.

The results were remarkable. Following Hackathon Raptors‘ signature format, where participants tackle focused AI challenges over 72 hours, teams built functional tools that could generate playable games from text prompts, create 3D models through conversation, and produce game-ready character assets with built-in accessibility features.

Like their previous RetroAI Quest event that challenged developers to create AI-powered text adventures, GameForge AI pushed boundaries further by expanding beyond text into full game creation. These weren’t demos or mockups, they were deployed, and working systems were evaluated by Raptors’ distinctive two-tier judging process, which combined technical expertise with industry perspective.RetryClaude can make mistakes. Please double-check responses.

****The Distinguished Judging Panel****

The hackathon assembled industry professionals as judges, with five distinguished experts bringing diverse perspectives to the evaluation:

Subhash Bondhala, Network Security Engineer at Dominion Energy with over 11 years of experience protecting critical infrastructure, evaluated the security aspects of AI-powered game development tools. His network defense and data protection expertise proved crucial when assessing how these tools handle user data and prevent potential exploits.

“Security in AI game development isn’t optional when tools execute code based on natural language; the attack surface expands dramatically,” Bondhala noted during evaluations.

Santosh Bompally, Cloud Security Engineering Team Lead at Humana, brought his expertise in multi-cloud security and DevSecOps to assess the infrastructure scalability of submissions. With certifications including AWS Security Speciality and experience building secure systems across AWS, Azure, and GCP, Bompally focused on whether these tools could scale securely.

“The winning projects understood that democratizing game development means building infrastructure that can handle thousands of concurrent users while maintaining security,” he observed.

Denys Riabchenko, Senior Software Developer and Tech Lead at APARAVI, evaluated the projects’ frontend architecture and user experience aspects. With over 10 years of experience in JavaScript, TypeScript, and PHP development, Riabchenko assessed how teams built interfaces that could handle complex AI operations while remaining responsive. His experience leading development teams proved valuable in identifying sustainable architectural patterns.

Ananda Kanagaraj Sankar, Engineering Leader at Thumbtack with previous experience at Uber, brought a unique perspective from building marketplace systems and aviation platforms. Having founded and scaled engineering teams from 0 to 20 engineers at Uber Elevate, Sankar evaluated projects based on their potential to create ecosystems rather than just tools.

“The best submissions weren’t just building features, they were creating platforms that could support entire communities of game creators,” he explained.

Feride Osmanova, a Python Backend Developer at LOVAT COMPLIANCE LTD, assessed the submissions’ backend architecture and API design. With six years of experience building high-load tax automation platforms serving clients in over 47 countries, Osmanova focused on the reliability and efficiency of backend systems. Her expertise with the Django REST Framework and Celery helped identify which projects could handle production workloads.

****Technical Challenges and Solutions****

Creating games through AI requires solving multiple interconnected problems. Teams had to generate consistent visual assets, implement game logic ensuring playability, optimize real-time interaction performance, and create interfaces simple enough for non-technical users.

The winning projects each took different approaches to these challenges:

****First Place: Blender MCP Integration****

Solo developer Abdibrokhim created a Model Context Protocol (MCP) that connects Blender with AI language models. Instead of trying to generate entire games, this project focused on solving one specific problem exceptionally well: enabling 3D modeling through natural language.

                # Simplified example of MCP command translation
    class BlenderMCPServer:
        def translate_natural_language_to_blender(self, prompt):
            # Parse user intent
            intent = self.ai_model.analyze_intent(prompt)
            
            # Map to Blender operations
            if intent.action == "create":
                return self.generate_creation_commands(intent.object_type, intent.parameters)
            elif intent.action == "modify":
                return self.generate_modification_commands(intent.target, intent.changes)
            
        def generate_creation_commands(self, object_type, parameters):
            # Convert high-level request to Blender Python API calls
            if object_type == "character":
                return [
                    "bpy.ops.mesh.primitive_cube_add()",
                    f"bpy.ops.transform.resize(value=({parameters.width}, {parameters.depth}, {parameters.height}))",
                    "bpy.ops.object.modifier_add(type='SUBSURF')"

The system handles complex modeling workflows through conversation, maintaining context across multiple operations. Users can refine models iteratively using natural language rather than learning Blender’s interface.

****Second Place: Game Genie****

Team Game Coders built a complete game prototyping platform. Their approach was to create a pipeline that handles every step from concept to playable game:

**Pipeline Stage**

**Function**

**Technology**

Concept Parser

Interprets game ideas

GPT-4 API

Asset Generator

Creates consistent visuals

Stable Diffusion

Logic Builder

Implements game mechanics

Custom rule engine

Performance Optimizer

Ensures playability

WebAssembly

Export System

Multi-platform deployment

Unity WebGL

The system can generate a playable prototype in under 5 minutes. For example, input “a puzzle game where players guide water through pipes” produces a functional game with generated pipe graphics, physics simulation, and level progression.

****Third Place: AI Character Generator Canvas****

Team NPC focused on a specific but critical need: generating game-ready character assets. Their tool stands out for its attention to quality and accessibility:

    // Character generation with style consistency
    class CharacterGenerator {
        constructor() {
            this.styleCache = new Map();
            this.qualityPresets = {
                draft: { resolution: 512, iterations: 20 },
                production: { resolution: 2048, iterations: 50 }
            };
        }
        
        async generateCharacter(params) {
            // Ensure style consistency across generations
            const styleEmbedding = await this.getOrCreateStyleEmbedding(params.style);
            
            // Generate with progressive quality
            const draftResult = await this.generate(params, this.qualityPresets.draft);
            
            // Show draft immediately
            this.displayDraft(draftResult);
            
            // Generate final quality in background
            const finalResult = await this.generate(params, this.qualityPresets.production);
            
            return {
                draft: draftResult,
                final: finalResult,
                metadata: this.generateAssetMetadata(params)
            };
        }
    }

The tool supports 39 art styles and includes WCAG 2.2 accessibility compliance, making it usable by developers with disabilities, an often overlooked aspect of development tools.

****Infrastructure and Security Considerations****

Building tools that democratize game development requires a strong infrastructure capable of handling varied workloads while maintaining security. The judges’ diverse expertise highlighted different aspects of this challenge.

Bondhala’s security perspective emphasized the importance of sandboxing AI-generated code: “When you allow natural language to generate executable code, you need multiple layers of protection. The winning projects implemented proper isolation and validation.”

Bompally’s cloud architecture experience informed his assessment of scalability approaches: “These tools need to handle burst traffic when thousands of users decide to create games simultaneously. The best projects implemented auto-scaling and efficient resource management.”

The winning teams implemented several key patterns:

****Request Prioritization****

User-facing operations get priority over background processing. Game Genie queues asset generation requests and processes them based on user activity patterns.

****Intelligent Caching****

Generated assets are cached with semantic indexing. When users request “a medieval sword,” the system can return previously generated swords that match the style rather than developing new ones.

****Security Sandboxing****

All AI-generated code runs in isolated containers with limited permissions, preventing potential exploits from affecting the host system.

****Backend Architecture Excellence****

Osmanova’s evaluation focused on how teams structured their backend systems to handle the unique demands of AI-powered game generation.

“Building reliable backend systems for AI applications requires different patterns than traditional web services,” she explained. “You must handle long-running operations, manage queues efficiently, and ensure consistency across distributed components.”

The winning projects demonstrated sophisticated backend architectures:

    # Example from Game Genie's backend architecture
    class GameGenerationService:
        def __init__(self):
            self.task_queue = Celery()
            self.cache = Redis()
            self.storage = S3()
            
        @task_queue.task(bind=True, max_retries=3)
        def generate_game_async(self, task_id, game_spec):
            # Long-running game generation process
            try:
                # Check cache for similar games
                cached_assets = self.find_reusable_assets(game_spec)
                
                # Generate missing components
                new_assets = self.generate_new_assets(game_spec, cached_assets)
                
                # Compile game package
                game_package = self.compile_game(cached_assets, new_assets)
                
                # Store results
                self.storage.upload(f"games/{task_id}", game_package)
                
                return {"status": "complete", "url": self.get_download_url(task_id)}
                
            except Exception as e:
                # Retry with exponential backoff
                raise self.retry(countdown=2 ** self.request.retries)

****Frontend Performance and User Experience****

Riabchenko’s expertise in frontend development provided crucial insights into how teams managed the complexity of AI operations while maintaining responsive interfaces. “The challenge isn’t just making it work, it’s making it feel instant even when AI operations take seconds to complete,” he noted.

The Character Generator Canvas particularly impressed with its progressive loading approach:

    // Progressive UI updates during AI generation
    class ProgressiveRenderer {
        private renderStages = [
            { stage: 'outline', time: 500, quality: 0.2 },
            { stage: 'basic', time: 1500, quality: 0.5 },
            { stage: 'detailed', time: 3000, quality: 0.8 },
            { stage: 'final', time: 5000, quality: 1.0 }
        ];
        
        async renderProgressive(generationPromise: Promise<Asset>) {
            // Show placeholder immediately
            this.showPlaceholder();
            
            // Render progressive updates
            for (const { stage, time, quality } of this.renderStages) {
                setTimeout(() => {
                    this.renderQuality(stage, quality);
                }, time);
            }
            
            // Replace with final result when ready
            const finalAsset = await generationPromise;
            this.renderFinal(finalAsset);
        }
    }

****Building Sustainable Platforms****

Sankar’s experience building and scaling engineering teams at Uber provided a unique perspective on creating platforms rather than features. “The winning projects weren’t just solving immediate problems, they were building foundations for ecosystems,” he observed.

His evaluation highlighted projects that demonstrated:

*   Extensibility: Plugin architectures allowing third-party enhancements
*   Documentation: Comprehensive guides for both users and developers
*   API Design: Clean, versioned APIs that other developers could build upon
*   Community Features: Built-in sharing, collaboration, and feedback mechanisms

****Performance Metrics and Real-World Viability****

The judges evaluated performance across multiple dimensions:

    Performance Benchmarks (Average across winning projects):
    - Time to first playable result: 2-5 minutes
    - Asset generation speed: 3-10 seconds per asset
    - Memory usage: 200-500MB client-side
    - API response time: <2 seconds for 95% of requests
    - Concurrent user support: 100-1000 users per instance

These metrics demonstrate that AI game development tools can achieve performance suitable for production use, not just demonstrations.

****Security Implementation Details****

Bondhala’s security expertise highlighted several critical implementations in the winning projects:

Input Validation – All natural language inputs pass through multiple validation layers before execution 

Rate Limiting – API calls are throttled per user to prevent abuse 

Audit Logging – Every AI operation is logged for security analysis 

Data Isolation – User data is strictly separated, with no cross-contamination possible

****Technical Lessons and Best Practices****

The hackathon revealed several important principles for AI-assisted development:

1.  Focused Solutions Win – Projects that solved specific problems well outperformed those attempting to do everything.
2.  Security First – With AI executing code, security can’t be an afterthought; it must be built into the architecture.
3.  Performance Matters – AI operations must be fast enough to maintain creative flow, requiring clever caching and optimization.
4.  Progressive Enhancement – Show something immediately, even if imperfect, then improve quality in the background.
5.  Platform Thinking – Build APIs and extensibility from the start to enable ecosystem growth.

****Future Directions****

The GameForge AI projects point toward several future developments:

Collaborative AI – Multiple users working with AI to create games together in real-time 

Security Frameworks – Standardized security patterns for AI-powered development tools 

Performance Optimization – Specialized hardware and algorithms for faster AI game generation 

Community Platforms – Marketplaces for sharing AI-generated game assets and templates

****Conclusion****

GameForge AI 2025 demonstrated that AI can meaningfully democratize game development. The winning projects weren’t just technical demonstrations but practical tools addressing real needs with proper attention to security, scalability, and user experience.

The diverse expertise of the judging panel, from security and cloud architecture to frontend development and platform building, ensured that winning projects met professional standards across all dimensions. As these tools mature and reach wider audiences, they promise to expand the number of people who can participate in creating interactive experiences.

Tools that eliminate technical barriers while maintaining security and performance standards don’t just enable more creators, they enable entirely new forms of creative expression. The 72 hours of GameForge AI may ultimately be remembered when game development began transforming from a specialized skill to a universal creative medium.

_GameForge AI was organized by Hackathon Raptors, a UK Community Interest Company (15557917) focused on running impactful technical challenges. Learn more at raptors.dev_

Tag

#web