In the wake of Luigi Mangione’s alleged killing of a health care CEO with a partially 3D-printed pistol, we built the exact same weapon ourselves—and test-fired it.

We 3D-Printed Luigi Mangione’s Ghost Gun. It Was Entirely Legal

Amber Scorah and Psst are building a “digital safe” to help people shine a light on the bad things their bosses are doing, without getting found out.

Amber Scorah knows only too well that powerful stories can change society—and that powerful organizations will try to undermine those who tell them. In 2015, her 3-month-old son Karl died on his first day of day care. Heartbroken and furious that she hadn’t been with him, Scorah wrote an op-ed about the poor provision for parental leave in the US; her story helped New York City employees win their fight for improved family leave. In 2019 she wrote a memoir about leaving her tight-knit religion, the Jehovah’s Witnesses, that exposed issues within the secretive organization. The book cost her friends and family members, but she heard from many people who had also been questioning some of the religion’s controversial practices.

Then, while working at a media outlet that connects whistleblowers with journalists, she noticed parallels in the coercive tactics used by groups trying to suppress information. “There is a sort of playbook that powerful entities seem to use over and over again,” she says. “You expose something about the powerful, they try to discredit you, people in your community may ostracize you.”

In September 2024, Scorah cofounded Psst, a nonprofit that helps people in the tech industry or the government share information of public interest with extra protections—with lots of options for specifying how the information gets used and how anonymous a person stays.

Psst’s main offering is a “digital safe”—which users access through an anonymous end-to-end encrypted text box hosted on Psst.org, where they can enter a description of their concerns. (It accepts text entries only and not document uploads, to make it harder for organizations to find the source of leaks.)

To safely share secrets, tech whistleblowers can go to psst.org and enter details in an encrypted text-box.

Photograph: Ali Cherkis

What makes Psst unique is something it calls its “information escrow” system—users have the option to keep their submission private until someone else shares similar concerns about the same company or organization.

As the organization was preparing to launch, members of Psst’s team helped a group of Microsoft employees who were unhappy with how the company was marketing its AI products to fossil-fuel companies. Only one employee was willing to speak publicly, but others provided supporting documents anonymously. With help from Psst’s team of lawyers, the workers filed a complaint with the Securities and Exchange Commission against the company and aired their concerns in a story published by The Atlantic.

Combining reports from multiple sources defends against some of the isolating effects of whistleblowing and makes it harder for companies to write off a story as the grievance of a disgruntled employee, says Psst cofounder Jennifer Gibson. It also helps protect the identity of anonymous whistleblowers by making it harder to pinpoint the source of a leak. And it may allow more information to reach daylight, as it encourages people to share what they know even if they don’t have the full story.

Only members of Psst’s in-house legal team can access information in the safe. In countries including the US and UK, communications between lawyers and their clients usually benefit from legal privilege, meaning the information is kept confidential.

This is one reason tech companies have such large legal departments, says Gibson, who leads Psst’s in-house legal team: “They’re designed to put lawyers in the room so the information isn’t disclosable. To some extent, we’re using their playbook.”

Amber Scorah with Psst co-founders Jennifer Gibson and Rebecca Petras.

Photograph: Ali Cherkis

At the moment, Psst lawyers first manually review the entries in the safe without reading the contents. Users can tag their entries with the company name and the category of their concern—“trust and safety” or “fraud,” for instance. If the lawyers find matches, and the contributor consents, the lawyers decrypt and read the entries to see if they may form part of the same story, while keeping the different contributors’ identities protected from one another.

Psst plans to automate some of this process—in the future an algorithm running in a secure enclave built into the hardware of a computer will decrypt and compare information looking for potential matches while keeping it shielded from human eyes.

What happens next depends on various factors, but often Psst will involve an independent investigative journalist or publish accounts on its own website. Sometimes, whistleblowers might want to alert regulators without going public.

One challenge, Gibson says, is that regulation often lags behind technological advances, as with AI safety. “You’re then in this no-man’s-land,” she says—even if something’s not illegal, reporting it may be in the public interest.

Scorah hopes Psst’s impact on the tech world will be similar to what she experienced when telling her own stories, by using insiders’ accounts to shed light on broader industry issues. “Whether it’s a religion operating off the radar with policies that cause harm or an AI company whose product or policies are causing harm, I have seen the same thing,” she says. “Sunlight has a sanitizing effect.”

For Tech Whistleblowers, There’s Safety in Numbers

Non-human identities—also known as machine or workload identities—are becoming increasingly critical as organizations adopt cloud-native ecosystems and advanced AI workflows. For workloads spanning multiple cloud platforms, adhering to zero trust principles becomes challenging as they cross identity domains. A unified identity framework provides consistency in automating identity issuance and enforcing access control policies across diverse environments. SPIFFE/SPIRE, an open source identity issuance framework, enables organizations to implement centralized, scalable identity management on

Non-human identities—also known as machine or workload identities—are becoming increasingly critical as organizations adopt cloud-native ecosystems and advanced AI workflows. For workloads spanning multiple cloud platforms, adhering to zero trust principles becomes challenging as they cross identity domains. A unified identity framework provides consistency in automating identity issuance and enforcing access control policies across diverse environments. SPIFFE/SPIRE, an open source identity issuance framework, enables organizations to implement centralized, scalable identity management on par with cloud platforms. This article will introduce the zero trust workload identity manager, an operator designed to bring SPIFFE/SPIRE capabilities to Red Hat OpenShift, empowering customers with security capabilities to manage workload identities across various cloud infrastructures.  

**Solving the “bottom turtle” problem **

The Secure Production Identity Framework for Everyone (SPIFFE) and SPIRE projects, part of the Cloud Native Computing Foundation (CNCF), were born out of a vision by Kubernetes co-founderJoe Beda,, to standardize how software components are identified—enabling security-focused, consistent identity across distributed systems, regardless of environment or location. SPIFFE provides the framework for issuing and managing identities through cryptographically verifiable documents called SVIDs with SPIFFE IDs embedded in x509 certificates or JSON Web Tokens (JWTs). SPIRE, the SPIFFE Runtime Environment, implements SPIFFE for strong machine identities and addresses the 'secret zero' or 'bottom turtle' problem of establishing a foundational source of trust upon which all other identities and credentials rely. 

By taking advantage of kernel-level introspection, SPIRE gathers reliable information about the calling workload without requiring it to present credentials, thereby bootstrapping trust in a security-focused and scalable manner. It issues identities using X.509 certificates and JWTs, ensuring broad compatibility with existing infrastructure. This approach eliminates the legacy model of binding workload identity to network location—a method insufficient for today’s dynamic, cloud-native ecosystems.

**Unified Identity Management Framework**

The SPIFFE/SPIRE federation enables binding trust and allows services across different cloud topologies, such as separate clusters, datacenters or cloud providers to communicate with enhanced security capabilities. Federation is achieved through the exchange of trust bundles containing certificates and public keys necessary for identity validation. SPIRE supports both static and dynamic federation configurations. Static federation is configured via the spire-server.conf file, while dynamic federation utilizes the Trust Domain API. Additionally, SPIRE can serve as a SPIFFE bundle endpoint, enabling other SPIRE servers to fetch trust bundles. This federation capability facilitates secure communication across diverse environments without sharing secrets or private keys.

SPIRE’s OpenID Connect (OIDC) federation capability allows workloads to authenticate to external systems using short-lived OIDC credentials. This is achieved through an OIDC Discovery Provider, which exposes metadata and public keys that external services can use to verify JWT-SVIDs issued by SPIRE. By adopting this model, organizations can extend their identity trust to providers like Microsoft Entra ID, HashiCorp Vault, Red Hat Build Of Keycloak and other OIDC-compliant systems. This approach simplifies identity federation and enhances security by relying on short-lived, cryptographically verifiable credentials rather than static API keys or credentials.

**MFA for machine authentication**

Attestation is the primary differentiator with SPIRE. Unlike OIDC tokens or mTLS certificates, which are often issued without verifying the workload, SPIRE performs both node and workload attestation before issuing identities— strengthening multifactor authentication. Node attestation verifies the identity of the system running the SPIRE Agent using platform-specific data, like cloud instance metadata or Kubernetes Service Account tokens. Once verified, the SPIRE server provides the agent with a signing certificate. Workload attestation then checks the identity of applications using attributes such as process or container metadata. If validated, the agent issues an identity for the workload. This layered attestation approach supports a zero trust model and security-focused service communication. With flexible architecture SPIRE can adapt to diverse environments, with attestation sources and selectors configured through the agent and server settings. For more information, see SPIRE concepts.

**Benefits of using SPIRE on Red Hat OpenShift with Red Hat’s zero trust workload identity operator  **

The zero trust workload identity manager operator delivers enterprise-grade SPIFFE/SPIRE integration for Red Hat OpenShift. Over the past year, we’ve worked closely with customers to understand their workload identity needs and deliver a solution tailored for production environments. We’ve provided in-depth insights into deploying and operating SPIRE on Red Hat OpenShift through blogs, tutorials and conferences. Recently, our talk on using SPIRE for agentic AI workloads at the Workload Identity Day Zero event during KubeCon London 2025 received  positive feedback.

Zero trust workload identity manager is a Day 2 operator for Red Hat OpenShift and can be installed on existing clusters. Key capabilities include:

*   Simplified installation and lifecycle management
*   SPIFFE CSI Driver, enabling streamlined secret injection into workloads
*   SPIRE Server with OIDC Discovery, allowing integration with OIDC-compatible services
*   SPIRE Controller Manager plug-in, providing automated workload registration for user-defined applications while filtering out control plane and system workloads
*   End-to-end validation on Red Hat OpenShift, supported by comprehensive documentation for installation and troubleshooting
*   SPIRE Agent and Server Metrics that can be sent to Prometheus 

Contact Red Hat to tailor the zero trust workload identity manager operator for your unique deployment needs and enterprise use cases and support multifactor authentication for workloads.

Zero trust workload identity manager now available in tech preview

I’m done preparing the slides for my talk about Vulristics at PHDays. 😇 I’ll be speaking on the last day of the festival – Saturday, May 24, at 16:00 in Popov Hall 25. If you’re there at that time, I’d be glad to see you. If not – join online! 😉 I’ll have an hour […]

**I’m done preparing the slides for my talk about Vulristics at PHDays. 😇** I’ll be speaking on the last day of the festival – Saturday, May 24, at 16:00 in Popov Hall 25. If you’re there at that time, I’d be glad to see you. If not – join online! 😉

I’ll have an hour to dive into Vulristics, vulnerability analysis & prioritization. 🤩 I’ll walk through the Vulristics report structure, typical tasks (like analyzing Microsoft Patch Tuesday, Linux Patch Wednesday, individual trending CVEs, and vulnerability sets), how the work with data sources is organized, the challenges of accurately detecting vulnerability types and vulnerable products. Finally, I’ll discuss Vulristics integration into pipelines. Feel free to use the code – Vulristics is MIT-licensed. 🆓

➡️ Talk on the PHDays website – you can download the .ics calendar file there 😉  
⏰ May 24, 2025, 16:00 (MSK)  
📍 Luzhniki, Popov Hall 25

На русском

Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.

А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.

I’m done preparing the slides for my talk about Vulristics at PHDays

ESET reports on RoundPress, a cyber espionage campaign by Russia’s Fancy Bear (Sednit) targeting Ukraine-related organizations via webmail…

ESET reports on RoundPress, a cyber espionage campaign by Russia’s Fancy Bear (Sednit) targeting Ukraine-related organizations via webmail vulnerabilities and SpyPress malware.

Cybersecurity researchers at ESET have revealed a sophisticated cyber espionage campaign, codenamed RoundPress, assessing with “medium confidence” that it is orchestrated by the Russian-backed Sednit group (aka APT28, Fancy Bear). This operation is actively targeting organizations linked with the ongoing conflict in Ukraine, aiming to exfiltrate confidential data from vulnerable webmail servers like RoundCube.

The Sednit group, linked by the US Department of Justice to the 2016 Democratic National Committee (DNC) hack and tracked by Hackread.com in attacks on TV5Monde and WADA, has been employing targeted spearphishing emails in the RoundPress campaign.

These emails exploit Cross-Site Scripting (XSS) vulnerabilities in various webmail platforms to inject malicious JavaScript code, dubbed SpyPress, into the victim’s browser.

****Exploiting Known and Zero-Day Vulnerabilities in Webmail Systems****

In ESET’s blog post, shared with Hackread.com, researchers noted that over the past two years, espionage groups have targeted webmail servers like Roundcube and Zimbra for email theft due to their outdated nature and remote vulnerability triggers making targeting easier.

In 2023, researchers observed Sednit exploiting CVE-2020-35730 in Roundcube. However, in 2024, the campaign expanded to target vulnerabilities in:

*   Horde (an older XSS flaw)

*   Roundcube (CVE-2023-43770, patched on September 14, 2023)

*   Zimbra (CVE-2024-27443, also known as ZBUG-3730, patched on March 1, 2024)

*   MDaemon (CVE-2024-11182, a zero-day reported by researchers on November 1, 2024, and patched in version 24.5.1 on November 14, 2024)

Compromise Chain (Source: ESET)

ESET noted a specific spearphishing email sent on September 29, 2023, from katecohen1984@portugalmailpt exploiting CVE‑2023‑43770 in Roundcube. The emails often mimic news content to entice victims to open them, such as an email to a Ukrainian target on September 11, 2024, from kyivinfo24@ukrnet about an alleged arrest in Kharkiv, and another to a Bulgarian target on November 8, 2024, from office@terembgcom regarding Putin and Trump.

The primary targets of Operation RoundPress in 2024, as identified through ESET telemetry and VirusTotal submissions, are predominantly Ukrainian governmental entities and defence companies in Bulgaria and Romania, some of which are producing Soviet-era weapons for Ukraine.

Researchers also observed targeting of national governments in Greece, Cameroon, Ecuador, Serbia, and Cyprus (an academic in environmental studies), a telecommunications firm for the defence sector in Bulgaria and a civil air transport company and transportation state company in Ukraine.

The SpyPress malware variants (SpyPress.HORDE, SpyPress.MDAEMON, SpyPress.ROUNDCUBE, and SpyPress.ZIMBRA) share obfuscation techniques and communicate with C2 servers via HTTP POST requests. However, their capabilities vary.

For instance, SpyPress.ROUNDCUBE has been observed creating Sieve rules to forward all incoming emails to an attacker-controlled address, such as srezoska@skiffcom (Skiff being a privacy-oriented email service). SpyPress.MDAEMON demonstrated the ability to create App Passwords, granting persistent access.

Researchers concluded that the ongoing exploitation of webmail vulnerabilities by groups like Sednit underscores the importance of timely patching and strong security measures to protect sensitive information from such targeted spying campaigns.

J Stephen Kowski, Field CTO at SlashNext Email Security+ commented on the latest development, stating, _“_Attacks like Operation RoundPress show how quickly hackers can shift targets, especially when they find weaknesses in popular email platforms._“_

_“_Whether you’re using paid commercial email systems or free, self-hosted open-source options like RoundCube, no solution is completely safe – self-hosted systems often give a false sense of security since they still need regular updates and expert maintenance,_“_ he warned.

_“_The best way to stay ahead is by making sure email systems are always updated and patched, using strong protections like multi-factor authentication, and having tools that can spot and block phishing emails before they reach users_,”_ Kowski advised.

Russia-Linked SpyPress Malware Exploits Webmails to Spy on Ukraine

FBI has warned about a sophisticated vishing and smishing campaign using AI-generated voice memos to impersonate senior US…

FBI has warned about a sophisticated vishing and smishing campaign using AI-generated voice memos to impersonate senior US officials and target their contacts.

The Federal Bureau of Investigation (FBI) has issued a warning regarding a growing threat where malicious individuals are using artificial intelligence (AI) to mimic the voices of high-ranking United States officials. These AI-generated voice memos, combined with deceptive text messages, are being used in attempts to target current/former government officials, and individuals in their contact lists.

According to the FBI’s announcement, since April 2025, these “malicious actors” have employed techniques known as “smishing” (using SMS or text messages) and “vishing” (using voice messages) to create memos that appear as if they originate from senior US officials. The goal is to build trust and establish a connection with the targeted individuals. The FBI explicitly stated, “If you receive a message claiming to be from a senior US official, do not assume it is authentic.”

****Tactics Used to Gain Access****

According to the FBI, once contact is made, the perpetrators try to access the personal accounts of their targets. One method involves sending malicious links within these messages, which when victims click, will move the conversation to a different, supposedly more secure messaging platform. However, in reality, these links likely lead to malicious websites designed to steal login credentials or install malware.

The FBI warns of a potential cascading effect where one successful compromise could lead to multiple others. These “bad actors” can use compromised accounts to target other US officials or their associates, and the stolen information can be used to craft convincing impersonations or launch further social engineering attacks. The FBI also cautioned that “contact information acquired through social engineering schemes could also be used to impersonate contacts to elicit information or funds.”

****Growing Trend of AI-Powered Deception****

While the FBI did not disclose the specific US officials being impersonated, their announcement indicated that most of the targets are “current or former senior US federal or state government officials and their contacts.” This suggests a widespread campaign targeting individuals with potentially sensitive information or access.

In December 2024, the FBI had concerns about the increasing use of generative AI by criminals to conduct various financial fraud schemes on a larger scale. This technology allows for the creation of realistic text, images, audio, and video, making it easier to deceive unsuspecting victims into sending money or falling prey to other scams. Moreover, experts have noted a significant rise in the use of AI-based voice cloning. According to a report by CrowdStrike, the weaponization of this technology saw a dramatic increase of 442% between the first and second halves of 2024.

Now this latest warning from the FBI highlights the continuous rise in sophisticated AI tools being weaponized for social engineering attacks, posing a significant risk to high-profile individuals and possibly national security. The agency urges vigilance when receiving unsolicited messages, especially those claiming to be from senior officials.

**Max Gannon, Intelligence Manager at Cofense** commented on the latest announcement stating, “While the IC3 alert does say ‘malicious actors typically use software to generate phone numbers that are not attributed to a specific mobile phone or subscriber,’ it is important to note that threat actors can also spoof known phone numbers of trusted organizations or people, adding an extra layer of deception to the attack._“_

“Additionally, phone filtering does not typically detect when the number is being spoofed, giving a false sense of security to users who rely on their phones to tell them when something is a scam call_,”_ Max explained.

FBI Warns of AI Voice Scams Impersonating US Govt Officials

The company behind the Signal clone used by at least one Trump administration official was breached earlier this month. The hacker says they got in thanks to a basic misconfiguration.

During a recent cabinet meeting, President Donald Trump’s then national security adviser, Mike Waltz, must have been bored. Apparently unaware of the photographer behind him, he was caught clandestinely checking his Signal messages under the table.

Only he wasn’t using the official Signal app, which is widely considered to be the gold standard of encrypted messaging apps. He was actually using a clone of Signal called TeleMessage Signal, or TM SGNL. This app, made by TeleMessage (which was recently acquired by Smarsh), works in almost exactly the same way as Signal, except that it also archives copies of all the messages passing through it, shattering all of its security guarantees.

Two days after the photo of Waltz was published, an anonymous source told me that they had hacked TeleMessage. “I would say the whole process took about 15 to 20 minutes,” the hacker said, as Joseph Cox and I reported in 404 Media. “It wasn’t much effort at all.” Representatives from TeleMessage and Smarsh did not respond to a request for comment.

The exploit that the hacker used was incredibly simple. At the time, we chose not to publish any details about it because it would be so easy for others to replicate. Since then, TeleMessage has temporarily suspended all services, which is now why WIRED can share exactly how this hack took place without risking anyone’s private data.

“I first looked at the admin panel **secure.telemessage.com** and noticed that they were hashing passwords to MD5 on the client side, something that negates the security benefits of hashing passwords, as the hash effectively becomes the password,” the hacker said. (Hashing is a way of cryptographically obfuscating a password stored on a system, and MD5 is an inadequate version of the algorithms used to do so.) Drop Site News has since reported that it appears that this admin panel exposed email addresses, passwords, usernames, and phone numbers to the public.

The weak password hashing, and the fact that the TeleMessage site was programmed with JSP—an early 2000s-era technology for creating web apps in Java—gave the hacker “the impression that their security must be poor.” Hoping to find vulnerable JSP files, the hacker then used feroxbuster, a tool that can quickly find publicly available resources on a website, on **secure.telemessage.com**.

The hacker also used feroxbuster on **archive.telemessage.com**, another domain used by TeleMessage, which is where they discovered the vulnerable URL, which ended in **/heapdump**.

When they loaded this URL, the server responded with a Java heap dump, which is a roughly 150-MB file containing a snapshot of the server’s memory at the moment the URL was loaded.

The hacker said they “knew from past experience that heap dumps from web servers” will include the “bodies” of http requests, they said, “and this may include credentials of users logging in.” And for TM SGNL, they did. By downloading a heap dump and then searching for “password,” the hacker could see usernames and passwords of random users.

They tried logging into **secure.telemessage.com** using a pair of these credentials and discovered that they had just hacked a user with an email address associated with US Customs and Border Protection, one of the agencies implementing Trump’s draconian immigration policy. CBP has since confirmed that it was a TeleMessage customer.

After spending a few more minutes digging through the heap dump, the hacker also discovered plaintext chat logs. “I can read Coinbase internal chats, this is incredible,” the hacker said. (Coinbase did not respond to WIRED's request for comment, but did tell 404 Media that “there is no evidence any sensitive Coinbase customer information was accessed or that any customer accounts are at risk, since Coinbase does not use this tool to share passwords, seed phrases, or other data needed to access accounts.”)

At this point, the hacker says they had spent 15 to 20 minutes poking at TeleMessage’s servers, and had already compromised one of their federal government customers, along with one of the world’s biggest cryptocurrency exchanges.

As I discovered from analyzing TM SGNL’s source code, TeleMessage apps—like the one running on Mike Waltz’s phone—uploaded unencrypted messages to **archive.telemessage.com** (I call this the archive server), which then forwards the messages to the customer’s final destination. This contradicts TeleMessage’s public marketing material, where they claimed TM SNGL uses “end-to-end encryption from the mobile phone through to the corporate archive.”

The archive server is programmed in Java and is built using Spring Boot, an open source framework for creating Java applications. Spring Boot includes a set of features called Actuator that helps developers monitor and debug their applications. One of these features is the heap dump endpoint, which is the URL the hacker used to download heap dumps.

According to Spring Boot Actuator’s documentation: “Since Endpoints may contain sensitive information, careful consideration should be given about when to expose them.” In the case of TeleMessage’s archive server, the heap dumps contained usernames, passwords, unencrypted chat logs, encryption keys, and other sensitive information.

If anyone on the internet had loaded the heap dump URL right as Mike Waltz was texting using the TM SGNL app, the heap dump file would have contained his unencrypted Signal messages, too.

A 2024 post on the cloud security company Wiz’s blog lists “Exposed HeapDump file” as the number one common misconfiguration in Spring Boot Actuator. “Up until version 1.5 (released in 2017), the /heapdump endpoint was configured as publicly exposed and accessible without authentication by default. Since then, in later versions Spring Boot Actuator has changed its default configuration to expose only the /health and /info endpoints without authentication (these are less interesting for attackers),” the author wrote. “Despite this improvement, developers often disable these security measures for diagnostic purposes when deploying applications to test environments, and this seemingly small configuration change may remain unnoticed and thereby persist when an application is pushed to production, inadvertently allowing attackers to obtain unauthorized access to critical data.”

In a 2020 post on Walmart’s Global Tech Blog, another developer gave a similar warning. “Apart from /health and /info, all actuator endpoints are risky to open to end users because they can expose application dumps, logs, configuration data and controls,” the author wrote. “The actuator endpoints have security implications and SHOULD NEVER EVER be exposed in production environment.”

The hacker’s quick exploit of TeleMessage indicates that the archive server was badly misconfigured. It was either running an eight-year-old version of Spring Boot, or someone had manually configured it to expose the heap dump endpoint to the public internet.

This is why it took a hacker about 20 minutes of prodding before it cracked open, with sensitive data spilling out.

Despite this critical vulnerability and other security issues with TeleMessage’s products—most notably, that the Israeli firm that builds the products can access all its customer’s chat logs in plaintext—someone in the Trump administration deployed it to Mike Waltz’s phone while he was serving as national security adviser.

How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes

Ivanti EPMM users urgently need to patch against actively exploited 0day vulnerabilities (CVE-2025-4427, CVE-2025-4428) that enable pre-authenticated remote…

Ivanti EPMM users urgently need to patch against actively exploited 0day vulnerabilities (CVE-2025-4427, CVE-2025-4428) that enable pre-authenticated remote code execution, warns watchTowr.

Cybersecurity researchers at watchTowr have shared details of two security vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software, identified as CVE-2025-4427 and CVE-2025-4428 that can be combined to gain complete control over affected systems and are actively exploited by attackers.

Ivanti EPMM is a Mobile Device Management (MDM) solution system, crucial for enterprise security, acting as a central point to control software deployment and enforce policies on employee devices. However, the abovementioned flaws are turning this management tool into a potential entry point for malicious actors. watchTowr’s analysis, shared with Hackread.com, indicates that exploiting these vulnerabilities is surprisingly straightforward.

****Chained Exploits Lead to Full System Compromise****

The first vulnerability, CVE-2025-4427, is an authentication bypass flaw, which allows attackers to access protected parts of the Ivanti EPMM system without needing proper login credentials. The second vulnerability, CVE-2025-4428, is a remote code execution (RCE) flaw, which, if exploited, can let attackers run their own malicious code on the server.

Ivanti itself has acknowledged the severity when these issues are combined, stating that “successful exploitation could lead to unauthenticated remote code execution.” They have also reported awareness of a “very limited number of customers who have been exploited” since the vulnerabilities were disclosed.

This suggests that while the attacks might be targeted currently, they could become more widespread. watchTowr notes that once such targeted attacks become public, it’s common for attackers to start mass exploitation to find any remaining vulnerable systems.

Interestingly, Ivanti stated that the vulnerabilities are not in their own code but are “associated with two open-source libraries integrated into EPMM.” They emphasized that using open-source code is a standard practice in the tech industry.

****Technical Details and Exploitation****

watchTowr discovered an RCE vulnerability (CVE-2025-4428) in the hibernate-validator library, allowing attackers to inject malicious code through a parameter called “format” in API requests. watchtower successfully demonstrated this vulnerability by sending a simple web request that executed a calculation, proving code injection was possible. Moreover, they could execute system commands, like creating a file on the server.

The authentication bypass (CVE-2025-4427) is an “order of operations” issue rather than a traditional bypass. A crafted “format” parameter in a request to the /api/v2/featureusage_history endpoint triggers the vulnerable validation process before the authentication check, allowing an unauthenticated attacker to trigger the code execution vulnerability. The presence of the parameter changes the processing order, eliminating the need to log in first.

watchTowr successfully chained these two vulnerabilities in the Ivanti EPMM server by sending a crafted web request to the /rs/api/v2/featureusage endpoint with a malicious “format” parameter, allowing them to execute system commands without logging in, thus, creating a pre-authenticated RCE scenario.

These vulnerabilities pose a critical risk to organizations using affected versions. Patches are available for versions 11.12.0.5, 12.3.0.2, 12.4.0.2, and 12.5.0 and organizations using older unpatched versions are advised to update immediately

Ivanti EPMM Hit by Two Actively Exploited 0day Vulnerabilities

ReversingLabs discovers dbgpkg, a fake Python debugger that secretly backdoors systems to steal data. Researchers suspect a pro-Ukraine…

ReversingLabs discovers dbgpkg, a fake Python debugger that secretly backdoors systems to steal data. Researchers suspect a pro-Ukraine hacktivist group is behind the attack on the PyPI repository especially those used by Russian developers.

Cybersecurity researchers at ReversingLabs (RL) have discovered a new malicious Python package, named dbgpkg, that masquerades as a debugging tool but instead installs a backdoor on developers’ systems. This backdoor allows attackers to run malicious code and steal sensitive information. By analysing the techniques used, RL suspects a hacktivist group known for targeting Russian interests in support of Ukraine may be involved.

****Sophisticated Backdoor Uses Sneaky Python Tricks****

Reportedly, the dbgpkg package, detected on Tuesday by the RL threat research team, contained no actual debugging features. Instead, it was designed to trick developers into installing a backdoor, effectively turning their development machines into compromised assets.

What made “dbgpkg” particularly noteworthy was its sophisticated method of implanting the backdoor. Upon installation, the package’s code cleverly modifies the behaviour of standard Python networking tools (_requests_ and _socket_ modules) using a technique called “function wrapping” or “decorators.” This allows the malicious code to remain hidden until these networking functions are used by the developer.

Source: ReversingLabs

As per RL’s investigation, shared with Hackread.com, the malicious wrapper code first checks for a specific file, likely to see if the backdoor is already present. If not, it executes three commands. The first downloads a public key from the online Pastebin service.

The second installs a tool called Global Socket Toolkit, designed to bypass firewalls, and uses the downloaded key to encrypt a secret needed to connect to the backdoor. The third command then sends this encrypted secret to a private online location. This multi-stage process, along with using function wrappers on trusted modules, makes the malicious activity harder to detect.

****Links to Previous Pro-Ukraine Activity****

RL researchers found similarities between the dbgpkg backdoor and malware previously employed by the Phoenix Hyena hacktivist group, which has been active since 2022 and is known for targeting Russian entities.

This group typically steals and leaks confidential information on their Telegram channel “DumpForums.” One notable incident linked to this group was the alleged breach of the Russian cybersecurity firm Dr. Web in September 2024.

Another similarity was an earlier malicious package involved in the same campaign, discordpydebug (discovered in early May by Socket), which had the same backdoor as an earlier version of dbgpkg. Discordpydebug, posing as a debugging tool for Discord bot developers, was uploaded shortly after Russia invaded Ukraine in March 2022. Another package, requestsdev, also part of this campaign and uploaded by the same likely impersonated author (\[email protected\], mimicking popular developer Cory Benfield), contained the same malicious payload.

However, RL researchers couldn’t definitively attribute this campaign to Phoenix Hyena based on backdooring techniques as it could be a copycat’s work too. Nevertheless, the timeline of related malicious packages suggests a politically motivated operation by a persistent threat actor.

“And, with a campaign driven by geopolitical tensions and the continuing hostility between Russia and Ukraine, RL researchers believe that more malicious packages are almost certain to be created as part of this campaign,” researchers concluded.

Pro-Ukraine Group Targets Russian Developers with Python Backdoor

### Summary

When Tornado's ``multipart/form-data`` parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous.

### Affected versions

All versions of Tornado prior to 6.5.0 are affected. The vulnerable parser is enabled by default.

### Solution

Upgrade to Tornado version 6.5. In the meantime, risk can be mitigated by blocking `Content-Type: multipart/form-data` in a proxy.

Skip to content

**Navigation Menu**

*   *   GitHub Copilot
        
        Write better code with AI
        
    *   GitHub Advanced Security
        
        Find and fix vulnerabilities
        
    *   Actions
        
        Automate any workflow
        
    *   Codespaces
        
        Instant dev environments
        
    *   Issues
        
        Plan and track work
        
    *   Code Review
        
        Manage code changes
        
    *   Discussions
        
        Collaborate outside of code
        
    *   Code Search
        
        Find more, search less
        
    

*   Explore
    
    *   Learning Pathways
    *   Events & Webinars
    *   Ebooks & Whitepapers
    *   Customer Stories
    *   Partners
    *   Executive Insights
    
*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   *   Enterprise platform
        
        AI-powered developer platform
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

Appearance settings

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2025-47287

**Tornado vulnerable to excessive logging caused by malformed multipart form data**

High severity GitHub Reviewed Published May 15, 2025 in tornadoweb/tornado • Updated May 16, 2025

**Package**

pip tornado (pip)

**Affected versions**

< 6.5.0

**Description**

**Summary**

When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs, constituting a DoS attack. This DoS is compounded by the fact that the logging subsystem is synchronous.

**Affected versions**

All versions of Tornado prior to 6.5.0 are affected. The vulnerable parser is enabled by default.

**Solution**

Upgrade to Tornado version 6.5. In the meantime, risk can be mitigated by blocking Content-Type: multipart/form-data in a proxy.

**References**

*   GHSA-7cx3-6m66-7c5m
*   https://nvd.nist.gov/vuln/detail/CVE-2025-47287
*   tornadoweb/tornado@b39b892

Published to the GitHub Advisory Database

May 16, 2025

Last updated

May 16, 2025

**EPSS score**

Tag

#web