The UK Legal Aid Agency has suffered a major cyberattack, with “significant” sensitive data, including criminal records, stolen.…

The UK Legal Aid Agency has suffered a major cyberattack, with “significant” sensitive data, including criminal records, stolen. The MoJ is investigating, and data dating back to 2010 may be affected.

The United Kingdom’s Ministry of Justice (MoJ) has confirmed that a significant cyberattack targeted the Legal Aid system, resulting in the theft of a substantial amount of data, including sensitive criminal records. Reportedly, the MoJ became aware of the security breach on April 23rd when unauthorized access to data stretching back to 2010 was detected.

This incident is the latest in a series of cyberattacks, causing mass disruption. Recently, Harrods restricted internet access to its sites after a cyberattack, Marks & Spencer lost millions of pounds due to an attack that disrupted its services, while Co-op shut down parts of its IT systems and disrupted fresh stock deliveries following a similar incident.

Initial reports earlier in May from the MoJ described an ongoing “security incident” with potential access to payment details. Initially, the MoJ had indicated a “security incident” under investigation, suggesting potential access to payment details. However, the scope of the attack appears far more serious.

While the exact figure of 2.1 million records cited by the group claiming responsibility remains unconfirmed by the Ministry, they acknowledge that a “significant amount” of data was stolen. However, the Ministry believes it is the work of a criminal gang rather than a state-sponsored actor.

This stolen data may include a range of highly sensitive personal details belonging to legal aid applicants, such as contact information, dates of birth, national identification numbers, criminal histories, employment statuses, and financial data like contribution amounts, debts, and payments. it is also likely that the attackers gained access to information related to barristers, solicitors, and various organizations, including non-profit entities, that work with the Legal Aid Agency.

The head of the Legal Aid Agency, Jane Harbottle, has expressed regret and apologized for the incident, stating she understands the news “will be shocking and upsetting for people.”

The MoJ is now working alongside the National Crime Agency and the National Cyber Security Centre to secure their compromised systems. The UK’s data protection authority, the Information Commissioner, has also been informed.

In a comment to Hackread.com, Wayne Cleghorn, Data Protection and Cybersecurity Partner at Excello Law, in London stated, “Cyberattacks of all kinds are rising. Any type of organisation can be a victim. The urgent response is to go back to basics: check key data protection practices, review GDPR compliance, strengthen basic information security safeguards and encourage important suppliers to be on high alert”

_“_The problem with data breaches of highly sensitive and special category data is not just the immediate exposure and vulnerabilities caused, it is the unknown future nefarious uses of the stolen data, which can be surprising and very harmful to all involved,_“_ Wayne warned.

For your information, the Legal Aid Agency plays a crucial role in the UK’s justice system, providing funding to over 2,000 legal aid providers. In the 2023/24 period alone, the agency administered approximately £2.3 billion. As a direct consequence of the cyberattack, the agency’s online digital services have been taken offline.

The MoJ has urged individuals who have applied for legal aid since 2010 to take proactive measures to protect themselves. These include being cautious about unsolicited calls and text messages and updating weak passwords. Furthermore, the agency advises the public to independently verify their identity before providing any information if they doubt the legitimacy of digital or phone communications.

UK Legal Aid Agency Hit by Cyberattack, Sensitive Data Stolen

Eric Council Jr. sentenced for 2024 SIM swap that led to fake Bitcoin ETF tweet from SEC’s X account, briefly impacting crypto markets.

A Huntsville, Alabama resident, Eric Council Jr., 26, has received a 14-month prison sentence for his involvement in a scheme to hack the US Securities and Exchange Commission’s (SEC) official social media account on X, formerly Twitter.

Council’s sentencing in May 2025 follows his guilty plea in February 2025 to charges including conspiracy to commit aggravated identity theft and access device fraud. The incident, which occurred in January 2024, involved the posting of false information about Bitcoin that briefly impacted the cryptocurrency’s value.

Court documents detailed how Council (aka Ronin and Agiantschnauzer) created a fake identification card using the personal information (PII) of a victim, which he obtained from others involved in the conspiracy. This fake ID was then used to conduct a SIM swap attack, which involves deceiving mobile phone carriers into transferring a victim’s phone number to a SIM card controlled by the attacker.

This allowed the conspirators to intercept two-factor authentication (2FA) codes intended for the SEC’s account, ultimately granting them unauthorized access. However, investigations later revealed that the SEC’s X account did not have 2FA enabled at the time of the hack, making it easier for the attackers.

As Hackread.com reported at the time, the SEC’s X account was then manipulated by Council’s co-conspirators with a fabricated announcement claiming that the SEC chairman Gary Gensler had approved Bitcoin Exchange Traded Funds (ETFs).

This unauthorized tweet from the official @SECGov handle a day before the anticipated decision caused significant confusion and volatility in the cryptocurrency market. It gained 1 million views and raised bitcoin price to over $1000 per BTC. However, the gain was short-lived as the SEC clarified the false information 15 minutes later, causing Bitcoin’s price to decline by over $2000 per BTC.

US Attorney Jeanine Pirro for the District of Columbia strongly condemned such actions, emphasizing that “Schemes of this nature threaten the health and integrity of our market system.” She also warned that perpetrators “will be caught, prosecuted, and will pay the price for the damage your actions create.”

Further investigation revealed that Council received approximately $50,000 for his role in the SIM-swapping attack. Following a search of his residence in June 2024, the FBI discovered the fake ID card, a portable ID card printer, and a laptop containing incriminating internet searches related to the “SECGOV hack” and “telegram sim swap.”

Despite setting his chats to delete after two weeks, messages discussing SIM swap hacks with people likely living outside the US were found. Nevertheless, this case shows the real-world consequences of cybercrime and the importance of employing fail-proof security measures for all organizations, including government agencies.

Man Behind SEC Bitcoin Hoax Tweet Sentenced in SIM Swap Hack

A new report from Zimperium is alerting users about growing threats facing iOS devices, particularly those tied to…

A new report from Zimperium is alerting users about growing threats facing iOS devices, particularly those tied to unvetted and sideloaded mobile apps. While iPhones are often viewed as secure by design, the company’s analysis reveals how certain apps can quietly bypass Apple’s protections, leaving users and enterprises exposed.

The report, which draws from real-world incidents and active threat research, outlines how attackers are increasingly targeting iOS through methods like privilege escalation, the misuse of private APIs, and sideloading exploits that bypass Apple’s app review process entirely.

****The Hidden Risk in Trusted Devices****

Mobile devices have become central to business operations. However, as Zimperium points out, most organizations still overlook one of the most common weak spots: third-party apps, especially those not sourced from the official App Store.

Even apps that appear harmless can abuse permissions or carry hidden malicious code. A flashlight app requesting access to your contacts or microphone might not raise immediate suspicion, but Zimperium stresses that these kinds of requests can lead to sensitive data exfiltration or system compromise.

Third-party app stores and sideloaded apps are an even greater risk. These apps bypass Apple’s security checks and may exploit undocumented features or embed harmful components that can silently track users or access corporate systems.

****Real-World Exploits: TrollStore, SeaShell, and MacDirtyCow****

Zimperium’s report highlights a series of real-world examples where threat actors have successfully exploited iOS flaws.

TrollStore, for instance, uses known vulnerabilities in Apple’s CoreTrust and AMFI modules to sideload apps with modified entitlements. These entitlements, normally restricted to system-level functions, can allow an app to bypass sandboxing or spy on users without detection.

Apps distributed through TrollStore are often disguised as harmless tools but may secretly access system logs, record audio, or connect to external servers. This opens the door for full-device compromise.

One such framework that builds on this technique is SeaShell, a publicly available post-exploitation tool that gives attackers remote control of compromised iPhones. SeaShell lets threat actors extract data, persist on the device, and manipulate files using a secure connection. Zimperium has already observed live malware samples based on SeaShell being shared through unofficial channels.

Another case, MacDirtyCow (CVE-2022-46689), involves a race condition in the iOS kernel that allows temporary changes to protected system files. Although the changes don’t survive a reboot, they’re long enough to tamper with iOS permissions or bypass restrictions. A newer vulnerability, known as KFD, targets updated iOS versions using similar methods.

Together, these exploits show how attackers can escalate access far beyond what the user has granted, often without leaving clear traces.

****Why Businesses Should Care****

The stakes are high. Data breaches caused by app-based attacks can result in financial losses, regulatory penalties, and long-term damage to reputation. Industries governed by strict compliance rules, such as healthcare or finance, are particularly at risk.

Zimperium reports that it has identified over 40,000 apps using private entitlements and more than 800 relying on private APIs. While some of these may be legitimate in-house tools, many are not. Without proper vetting, it becomes nearly impossible to separate safe apps from dangerous ones.

****How to Strengthen App Security****

Zimperium recommends organizations take a multi-layered approach:

*   Implement strict app vetting before allowing apps on corporate devices. This includes static and dynamic analysis to catch suspicious behaviours like privilege abuse, API misuse, or sandbox evasion.

*   Monitor permissions and reject apps that request excessive access not justified by their function.

*   Detect sideloaded apps and third-party store use, which are common pathways for malware.

*   Analyze developer credentials to validate the source of the app and identify reputational risks.

In addition, Zimperium’s Mobile Threat Defense (MTD) platform offers automated detection for sideloaded apps, system compromise, and behavioural anomalies. These tools help identify threats early and block malicious activity before it spreads.

****What’s Next?****

As attackers continue to find new ways to bypass mobile security, organizations must shift their focus from reactive controls to preemptive analysis. App vetting is no longer optional, it is a key part of securing mobile endpoints.

With active threats like TrollStore and SeaShell in circulation, and exploits like MacDirtyCow and KFD still being abused, mobile security teams have little room for error. The message from Zimperium is clear: don’t trust an app just because it runs on iOS. Know what it does, where it comes from, and how it behaves.

_For more technical insights, visit Zimperium’s blog post._

Over 40,000 iOS Apps Found Exploiting Private Entitlements, Zimperium

Mozilla Firefox experiments with AI-powered Perplexity Search Engine in its address bar for version 139, signalling a potential…

Mozilla Firefox experiments with AI-powered Perplexity Search Engine in its address bar for version 139, signalling a potential shift in search partnerships and user experience.

Mozilla Firefox, a long-standing web browser, is experimenting with integrating the AI-driven Perplexity Search Engine directly into its user interface. Currently being tested in Firefox version 139, this initiative involves a pop-up advertisement within the address bar, appearing when Firefox is in Search Mode, inviting users to try Perplexity as a “new way to search in Firefox.”

This move suggests Firefox is exploring alternatives to its long-standing reliance on Google for search, potentially aiming to diversify its offerings and revenue streams.

According to Windows Report, Mozilla is closely monitoring its progress. A project note mentions an engineer, @Mandy Cheang, who is working on the “draft experiment recipe” for this integration, targeting the Firefox 139 release.

The pop-up message itself reads: “Introducing Perplexity: a new way to search in Firefox. Ask questions. Get complete, well-cited answers. Try Perplexity or Dismiss.” This direct promotion within the browser’s primary search interface marks a significant step beyond simply listing Perplexity as an alternative search option.

Screenshot via Windows Report

****Perplexity: An AI-Driven Approach to Search****

Perplexity is different from other search engines like Google due to the integration of artificial intelligence to generate direct, well-cited answers to user queries. Instead of presenting a list of links, Perplexity synthesizes information from various sources into a conversational, chat-like format, often providing citations to support its responses. Users can also engage in follow-up questions to get an in-depth understanding. This approach helps address the common issue of information overload as seen in conventional searches, where users get bombarded with numerous links to find relevant information.

Mozilla’s exploration of Perplexity could be a strategic move to secure alternative revenue streams. While Google reportedly pays Mozilla over $400 million annually, to be the default search engine in Firefox, this experiment signals an openness to AI-centric search solutions. It’s important to note that Perplexity recently launched Comet, a competitor to Google Chrome, and Mozilla and Perplexity have not yet publicly confirmed any financial agreements or the duration of this testing phase.

While the exact targeting of this test, whether by specific regions or a percentage of Firefox 139 users, remains unconfirmed by Mozilla, it indicates a potential shift in how the browser approaches web search. Firefox currently offers users search options including Google, Bing, DuckDuckGo, and Wikipedia.

The outcome of this experiment will determine whether Perplexity could become a more permanent addition to this list and change the way most users search online. Beyond this specific integration, Firefox will also soon prompt users to agree to updated terms of use upon startup.

Firefox Tests AI-Powered Perplexity Search Engine Directly in Browser

Disciplined, well-trained, and well-equipped, AI agents are digital soldiers. They operate independently to carry out their orders, working…

Disciplined, well-trained, and well-equipped, AI agents are digital soldiers. They operate independently to carry out their orders, working tirelessly to get the job done efficiently. But even the greatest soldiers can only achieve limited results when working alone. It’s only when formed into ranks, brigades, and divisions that soldiers are capable of truly changing the world.

Right now, the onchain landscape is awash with lone wolves: individual agents carrying out the mission they’ve been tasked with, be it identifying the optimum DeFi yield or spotting arbitrage opportunities for their human taskmasters. Imagine what could be achieved if these agents were capable of cooperating, forming groups of digital soldiers that collaborate across different networks and ecosystems? One agent is a mere soldier. But put 1,000 of them in lockstep and suddenly you’ve got a brigade capable of achieving something far greater than the sum of their parts.

This, essentially, is the vision of Coral Protocol, one of the leading advocates of the quest to make AI agents work as one. It believes that the future of onchain agents lies in providing the infrastructure for them to self-organize and work together to improve complex workflows. By communicating and optimizing as a single entity – or brigade – Coral is confident that it can create a cohesive army of agents. Their aims might be peaceful, but these agents operate like a well-drilled army brigade.

****Crypto’s Fragmentation Problem****

It’s no secret that the onchain landscape is fragmented. Due to the number of blockchains that have sprung up in recent years, including L2s and L3s, liquidity, users, and developers are scattered. Some ply their trade on EVM networks; others do their thing on Solana; while still others operate on newer chains such as TON and Sui.

Crypto is now large enough to support this level of activity: DeFi no longer needs to be on Ethereum or memecoins on Solana. But the downside to this balkanization is that it’s resulted in an onchain environment in which economic opportunities are scattered to the four winds. A user operating on Base can’t easily take advantage of superior pricing on Solana when swapping into stablecoins. Similarly, an Ethereum staker can’t use their LSTs to earn a yield on Sui.

AI agents – envoys dispatched by users to do their bidding – find themselves in a similar predicament. They can take care of business on the network on which they’ve been deployed but are powerless to react to events on far-flung blockchains. To return to the soldier analogy, they are troops that have been parachuted into the jungle, with no means of engaging in the conflict being fought hundreds of miles away on the beaches.

For this reason, getting the agentic economy to realize its full potential calls for finding a way to transform these solo operators into team players who can communicate and cooperate to achieve shared goals. This is the key to elevating agents into a fighting force that’s capable of governing the entire onchain landscape.

****Organizing the Agentic Economy****

In an attempt to organize all of this onchain activity, and bring cohesion and unity to the scattered agent economy, Coral Protocol has devised a standardized framework to support an Internet of Agents. At present, getting an agent from Project A to work with one from Project B is extremely difficult – especially if those agents are on different networks. Coral wants to streamline this process so that agents from different vendors and frameworks can collaborate.

This makes sense because onchain events don’t happen in a vacuum. A whale market buying $1M of ETH on Ethereum _does_ affect the price of ETH on Arbitrum, Optimism, and Avalanche. But a user on one of these chains has little opportunity to take advantage of this. Similarly, a lending protocol offering boosted rewards on a new network is of little use to a lender using its protocol on a different chain. 

But agents, working together to share information, transfer liquidity, and obtain maximum yield, can react to such events. This is where solutions such as Coral’s have a chance to shine, elevating the entire agentic economy by increasing the use cases and functions that agents can execute.

> Coral Protocol helps AI agents work across several systems at the same time.
> 
> For example, a Coralised Deep Research agent can concurrently:
> 
> → support B2B sales  
> → drive hackathon planning  
> → assist with software testing
> 
> Coralise once, use everywhere. 🪸 pic.twitter.com/7jRy8VH7Ok
> 
> — Coral Protocol (@Coral\_Protocol) May 19, 2025

****Who Watches the Watchmen?****

“Quis custodiet ipsos custodes?” is a Latin phrase commonly translated as “Who will watch the watchmen?” In a web3 context, it’s an apposite means of describing the role played by an aspiring cross-chain solution tasked with keeping AI agents on their toes. If agents are unwilling or unable to collaborate, there needs to be an overarching framework capable of ensuring this. A war general, devising strategy and issuing orders that filter down to the troops on the ground.

Coral’s vendor-neutral infrastructure is designed to ensure that no single entity can wield unilateral control. In other words, Agents are free to perform actions like managing transactions, automating workflows, and governing decentralized systems, but there’s a guiding hand ensuring that all of this activity is harmonious and steering the work towards collective goals.

Significantly, this direction isn’t implemented in a top-down manner characteristic of centralized organizations: rather it’s achieved by giving “cells” of agents the ability to communicate with fellow cells and team up to complete missions. One of how Coral facilitates this is through a universal messaging protocol for AI agents, which enables consistent communication regardless of the underlying technology or vendor. It’s analogous to TCP/IP, providing a common language for the Internet of Agents.

Coral also includes a flexible system for orchestrating multi-agent tasks. This supports dynamic workflows where agents can collaborate and complete complex tasks without centralized control. It allows agents to form trusted groups dynamically for specific tasks, using cryptographic protocols to verify identities and ensure secure collaboration. This is ideal for creating ad-hoc partnerships among agents, critical for decentralized environments where trust cannot necessarily be assumed.

****Agent Armies Are Imminent****

A near future in which armies of agents rove onchain, acting as powerful yet peaceful forces, is inevitable. Not only is it the logical way to coordinate cross-chain agentic activity, but it’s the only practical way in which to do so. Until such a solution takes root and sees widescale adoption, the capabilities of onchain agents will remain significantly impaired.

The only question still to be settled is which infra solution will become the default layer for enabling agents to work as one. Coral isn’t the only protocol vying for this role, but this much can at least be said with confidence: its vision (PDF) is compelling and its logic impeccable.

Once advanced features like payments between agents are implemented – facilitated using the recently MEXC-listed CORAL token – there will be little that AI agents can’t achieve. They may have started out as simple soldiers, but agents are well on their way to becoming a conquering army with mastery of the entire onchain landscape.

Coordinated Intelligence: The Next Frontier for Onchain AI Agents

ESET reports on RoundPress, a cyber espionage campaign by Russia’s Fancy Bear (Sednit) targeting Ukraine-related organizations via webmail…

ESET reports on RoundPress, a cyber espionage campaign by Russia’s Fancy Bear (Sednit) targeting Ukraine-related organizations via webmail vulnerabilities and SpyPress malware.

Cybersecurity researchers at ESET have revealed a sophisticated cyber espionage campaign, codenamed RoundPress, assessing with “medium confidence” that it is orchestrated by the Russian-backed Sednit group (aka APT28, Fancy Bear). This operation is actively targeting organizations linked with the ongoing conflict in Ukraine, aiming to exfiltrate confidential data from vulnerable webmail servers like RoundCube.

The Sednit group, linked by the US Department of Justice to the 2016 Democratic National Committee (DNC) hack and tracked by Hackread.com in attacks on TV5Monde and WADA, has been employing targeted spearphishing emails in the RoundPress campaign.

These emails exploit Cross-Site Scripting (XSS) vulnerabilities in various webmail platforms to inject malicious JavaScript code, dubbed SpyPress, into the victim’s browser.

****Exploiting Known and Zero-Day Vulnerabilities in Webmail Systems****

In ESET’s blog post, shared with Hackread.com, researchers noted that over the past two years, espionage groups have targeted webmail servers like Roundcube and Zimbra for email theft due to their outdated nature and remote vulnerability triggers making targeting easier.

In 2023, researchers observed Sednit exploiting CVE-2020-35730 in Roundcube. However, in 2024, the campaign expanded to target vulnerabilities in:

*   Horde (an older XSS flaw)

*   Roundcube (CVE-2023-43770, patched on September 14, 2023)

*   Zimbra (CVE-2024-27443, also known as ZBUG-3730, patched on March 1, 2024)

*   MDaemon (CVE-2024-11182, a zero-day reported by researchers on November 1, 2024, and patched in version 24.5.1 on November 14, 2024)

Compromise Chain (Source: ESET)

ESET noted a specific spearphishing email sent on September 29, 2023, from katecohen1984@portugalmailpt exploiting CVE‑2023‑43770 in Roundcube. The emails often mimic news content to entice victims to open them, such as an email to a Ukrainian target on September 11, 2024, from kyivinfo24@ukrnet about an alleged arrest in Kharkiv, and another to a Bulgarian target on November 8, 2024, from office@terembgcom regarding Putin and Trump.

The primary targets of Operation RoundPress in 2024, as identified through ESET telemetry and VirusTotal submissions, are predominantly Ukrainian governmental entities and defence companies in Bulgaria and Romania, some of which are producing Soviet-era weapons for Ukraine.

Researchers also observed targeting of national governments in Greece, Cameroon, Ecuador, Serbia, and Cyprus (an academic in environmental studies), a telecommunications firm for the defence sector in Bulgaria and a civil air transport company and transportation state company in Ukraine.

The SpyPress malware variants (SpyPress.HORDE, SpyPress.MDAEMON, SpyPress.ROUNDCUBE, and SpyPress.ZIMBRA) share obfuscation techniques and communicate with C2 servers via HTTP POST requests. However, their capabilities vary.

For instance, SpyPress.ROUNDCUBE has been observed creating Sieve rules to forward all incoming emails to an attacker-controlled address, such as srezoska@skiffcom (Skiff being a privacy-oriented email service). SpyPress.MDAEMON demonstrated the ability to create App Passwords, granting persistent access.

Researchers concluded that the ongoing exploitation of webmail vulnerabilities by groups like Sednit underscores the importance of timely patching and strong security measures to protect sensitive information from such targeted spying campaigns.

J Stephen Kowski, Field CTO at SlashNext Email Security+ commented on the latest development, stating, _“_Attacks like Operation RoundPress show how quickly hackers can shift targets, especially when they find weaknesses in popular email platforms._“_

_“_Whether you’re using paid commercial email systems or free, self-hosted open-source options like RoundCube, no solution is completely safe – self-hosted systems often give a false sense of security since they still need regular updates and expert maintenance,_“_ he warned.

_“_The best way to stay ahead is by making sure email systems are always updated and patched, using strong protections like multi-factor authentication, and having tools that can spot and block phishing emails before they reach users_,”_ Kowski advised.

Russia-Linked SpyPress Malware Exploits Webmails to Spy on Ukraine

FBI has warned about a sophisticated vishing and smishing campaign using AI-generated voice memos to impersonate senior US…

FBI has warned about a sophisticated vishing and smishing campaign using AI-generated voice memos to impersonate senior US officials and target their contacts.

The Federal Bureau of Investigation (FBI) has issued a warning regarding a growing threat where malicious individuals are using artificial intelligence (AI) to mimic the voices of high-ranking United States officials. These AI-generated voice memos, combined with deceptive text messages, are being used in attempts to target current/former government officials, and individuals in their contact lists.

According to the FBI’s announcement, since April 2025, these “malicious actors” have employed techniques known as “smishing” (using SMS or text messages) and “vishing” (using voice messages) to create memos that appear as if they originate from senior US officials. The goal is to build trust and establish a connection with the targeted individuals. The FBI explicitly stated, “If you receive a message claiming to be from a senior US official, do not assume it is authentic.”

****Tactics Used to Gain Access****

According to the FBI, once contact is made, the perpetrators try to access the personal accounts of their targets. One method involves sending malicious links within these messages, which when victims click, will move the conversation to a different, supposedly more secure messaging platform. However, in reality, these links likely lead to malicious websites designed to steal login credentials or install malware.

The FBI warns of a potential cascading effect where one successful compromise could lead to multiple others. These “bad actors” can use compromised accounts to target other US officials or their associates, and the stolen information can be used to craft convincing impersonations or launch further social engineering attacks. The FBI also cautioned that “contact information acquired through social engineering schemes could also be used to impersonate contacts to elicit information or funds.”

****Growing Trend of AI-Powered Deception****

While the FBI did not disclose the specific US officials being impersonated, their announcement indicated that most of the targets are “current or former senior US federal or state government officials and their contacts.” This suggests a widespread campaign targeting individuals with potentially sensitive information or access.

In December 2024, the FBI had concerns about the increasing use of generative AI by criminals to conduct various financial fraud schemes on a larger scale. This technology allows for the creation of realistic text, images, audio, and video, making it easier to deceive unsuspecting victims into sending money or falling prey to other scams. Moreover, experts have noted a significant rise in the use of AI-based voice cloning. According to a report by CrowdStrike, the weaponization of this technology saw a dramatic increase of 442% between the first and second halves of 2024.

Now this latest warning from the FBI highlights the continuous rise in sophisticated AI tools being weaponized for social engineering attacks, posing a significant risk to high-profile individuals and possibly national security. The agency urges vigilance when receiving unsolicited messages, especially those claiming to be from senior officials.

**Max Gannon, Intelligence Manager at Cofense** commented on the latest announcement stating, “While the IC3 alert does say ‘malicious actors typically use software to generate phone numbers that are not attributed to a specific mobile phone or subscriber,’ it is important to note that threat actors can also spoof known phone numbers of trusted organizations or people, adding an extra layer of deception to the attack._“_

“Additionally, phone filtering does not typically detect when the number is being spoofed, giving a false sense of security to users who rely on their phones to tell them when something is a scam call_,”_ Max explained.

FBI Warns of AI Voice Scams Impersonating US Govt Officials

You’ve got an important choice to make: HubSpot or Salesforce?

On the surface, both of these leading CRM platforms have a lot to offer, from AI to end-to-end tools covering every customer-facing task. But choosing the right CRM isn’t just about sorting through a checklist of features. Before you invest in Salesforce or HubSpot implementation services, you need to think about how well the system fits with your business. 

By 2032, the CRM software market will be worth more than $262.74 billion. Businesses are doubling down on customer relationships, and for good reason. Acquiring a new customer can cost five times more than keeping an existing one. With buyer journeys now stretching across multiple channels and platforms, keeping track of everything manually is impossible. 

That’s why the right CRM is a crucial catalyst for growth. All you need to decide is whether you should be investing in HubSpot’s intuitive, marketing-first system, or Salesforce’s power-packed, flexible architecture.  

****HubSpot vs Salesforce: A Quick Overview** **

Sometimes, you don’t have the time or energy to sort through endless CRM feature lists. If you want to know quickly how HubSpot and Salesforce stack up against each other, here are the basics: 

**Feature** 

**HubSpot** 

**Salesforce**  

Best for 

Startups, small-to-midsize teams 

Mid-size to large enterprises 

Ease of Use 

Incredibly user-friendly, visual 

Steeper learning curve 

Marketing Features 

Built-in, strong native tools 

Requires add-ons or integrations 

Sales Features 

Pipeline management, sales automation, email tracking, etc 

Enhanced sales forecasting, AI insights, sales automation and lead scoring.  

Customization 

Limited without coding 

Extremely flexible, developer-friendly 

Integrations 

Native integrations + app marketplace 

Extensive AppExchange ecosystem 

AI Capabilities 

AI capabilities with advanced Breeze Agent features  

Einstein AI for deep analytics and Agentforce 

Pricing Model 

Freemium base, scales with needs 

Higher upfront cost, modular pricing 

Support & Resources 

Solid, fast-growing knowledge base 

Comprehensive but sometimes slower 

****What is HubSpot? Key Features & Who It’s For**  **

HubSpot is one of the most user-friendly CRM solutions out there. It’s sleek, focused, and ideal for businesses who want to hit the ground running without spending weeks on training. 

The CRM itself is completely free to start. That alone draws a ton of startups. But that’s just the tip of the iceberg. What makes HubSpot special is its comprehensive approach.  

It has “Hubs” for everything, like the Marketing Hub, Sales Hub, Service Hub, and the very underrated CMS Hub. It’s one of the few platforms where marketing automation, blogging, SEO tools, email campaigns, and lead scoring all live under the same roof. 

You’ll get customizable sales pipelines, email templates, chatbot builders, help desk tools, and even social media scheduling options. The interface is refreshingly visual and straightforward, and most of the time, you won’t need a developer to take advantage of core features.  

Salesforce is ideal for small and mid-sized businesses, scrappy startups, and B2B or SaaS companies that want to unify sales, marketing, and customer support without the stress.  

****What is Salesforce? Core Features & Who It’s For** **

Salesforce is the grand champion of CRM providers, with the biggest market share by far. Salesforce is big. Not just in market share, but in capability. It’s the enterprise-grade CRM juggernaut for teams that want to build exactly what they need, even if that means pulling in developers, consultants, or an entire internal operations team.  

It’s modular, customizable, and endlessly extendable, especially with products like Sales Cloud, Service Cloud, Marketing Cloud, and AppExchange. Features are extensive, ranging from lead tracking to opportunity management, AI-based forecasting with Einstein, automated workflows, case resolution, analytics dashboards and so much more. 

With Agentforce, companies can even tap into the benefits of customizable agentic AI solutions. The issue with Salesforce it isn’t plug-and-play. It takes a lot of effort and expertise to use properly. 

That’s why Salesforce is best suited to larger enterprises and corporations that want real customization opportunities, flexible features, and scale.  

****Salesforce vs HubSpot: Key Feature Showdown** **

Comparing Salesforce and HubSpot can be tricky. While there’s a lot of overlap between them on the surface – they’re still very different. One’s streamlined, agile, and great for beginners. The other is a powerhouse that can crush anything if you’ve got the right people running it. 

Here’s a look at some of the biggest factors side-by-side: 

****Ease of Use** **

HubSpot is cleaner, friendlier, and doesn’t make you feel like you need an IT degree to get going. The menus make sense, the UX is smooth, and the setup is fast. For smaller teams or non-technical users, it’s an ideal choice that leaves unnecessary complexity behind. 

Salesforce is powerful but dense. The interface can be a lot harder to navigate, and getting everything set up and aligned takes a lot of work. For teams with dedicated admins or consultants, that complexity is an asset, allowing for more customization, but for smaller teams, it’s a challenge.  

****Marketing Features** **

HubSpot shines from a marketing perspective. It’s one of the initial inbound marketing pioneers and offers companies tools for email workflows, landing page builders, form tracking, blog hosting, and SEO. The Marketing Hub gives you a full toolkit, with no plugins required. 

Salesforce has its Marketing Cloud, which offers a brilliant selection of tools for companies running multichannel, data-driven campaigns. You get built-in AI to help you personalize strategies and intuitive automation solutions, but there is an extra cost. 

****Sales Features**  **

Both platforms handle sales well but in different ways. HubSpot makes tasks visual and straightforward with drag-and-drop pipelines, activity timelines, call tracking, and email logging. It feels modern and human. 

Salesforce offers more heavyweight tools like opportunity scoring, advanced forecasting, territory management, and role-based access. If your team handles hundreds of leads across multiple regions, Salesforce might be the stronger option.  

****Reporting & Dashboards** **

Salesforce dominates on the data front. You can create insanely detailed reports, cross-object dashboards, and predictive forecasting. But it comes with a steep learning curve, and building reports sometimes requires custom logic or developer support. 

HubSpot offers a solid middle ground. Their dashboards are visual, pre-built templates help non-technical folks a lot, and the custom report builder is intuitive. For most teams, it’s more than enough, unless you’re in data analytics deep-dive mode 24/7. 

****AI and Automation Capabilities** **

HubSpot has strong automation for email workflows, lead nurturing, internal tasks, and custom triggers. You can build smart sequences in minutes. From an AI perspective, you get AI content writers, AI reporting assistants, and Breeze AI agents.  

Salesforce goes deeper with Process Builder and Flow, which let you automate practically anything. But it’s not plug-and-play. It requires someone who knows what they’re doing, or you’ll be staring at a flowchart in confusion. For AI, Salesforce offers a range of Einstein tools, as well as the new Agentforce system for agentic AI.  

****Integration Ecosystem and Customization**  **

HubSpot has a rapidly growing App Marketplace with 1,000+ integrations with tools like Slack, Zoom, Stripe, Shopify, you name it. Most connect in a few clicks, and HubSpot implementation can take minutes, particularly when working with a company like Routine Automation. However, you will be limited when it comes to custom integrations and configurations.  

Salesforce has an incredible AppExchange. If it exists, it probably plugs into Salesforce. But setup isn’t always seamless, and some third-party apps require development work to get humming. You do get exceptional customization options though, without limitations.  

****Pricing & Total Cost of Ownership** **

HubSpot starts with a strong freemium model, so you can grow into it. Pricing scales as you unlock features or add contacts, but it’s transparent and easy to follow.  

Salesforce, on the other hand, has a more complex pricing model. Per-user fees, product-specific costs, and potential integration fees all add up. But if you’re using the full feature set, the value is there. 

****Choosing the Right CRM For You** **

Examining the features of both platforms is just the first step. Before you can make the right decision, you need to ask a few crucial questions:  

1.  **Simplicity vs scalability, which matters most?** If you’re looking for simplicity, HubSpot is the obvious winner. However, if you want more advanced features, customization options, and scalability, Salesforce is the better choice. You’ll just need help managing the learning curve. 
2.  **What do your workflows look like?** If your reps live in their inbox and need a fast way to log calls and deals, choose HubSpot. If they’re juggling accounts across regions, reporting up to five different people, pick Salesforce. 
3.  **How much do you need to integrate?** Salesforce is virtually limitless when it comes to integration options. HubSpot offers fewer options, so if you’ve got a complicated tech stack already, you might want to consider Salesforce. 
4.  **How much support do you need?** Are you looking for end-to-end documentation, training, and a large consultant network? Salesforce could be the better bet. HubSpot has great self-help resources too, but they’re not always as in-depth. 
5.  **What’s your Budget?** HubSpot grows with you, cost-wise. Salesforce can be a heavy initial investment, but might pay off fast if you’re scaling rapidly and need those deep analytics. 

Beyond all that, remember to think about your specific needs. What kind of security and compliance standards do you need to adhere to? Should your tools be mobile-accessible? Are there any industry-specific features that matter to you? 

****Implementing HubSpot or Salesforce the Right Way** **

HubSpot or Salesforce? The right answer depends less on which has the flashiest features and more on which one fits your team. One’s built for speed, simplicity, and marketing-driven growth. The other is a customizable powerhouse for complex workflows and big-picture visibility. 

The truth is, the results you get from either CRM, Salesforce or HubSpot, depend on how you set your technology up. Implementation matters. And doing it right doesn’t just mean turning things on. You’ll need to configure pipelines to match your sales processes, automate the right tasks, set up dashboards, and make sure everything is aligned.  

This is where a partner steps in. Someone who understands not just the tools, but how to make them work for your team. Don’t just pick a CRM platform and hope for the best. Make sure your technology works for you, with the right implementation partner.  

(Image by TyliJura from Pixabay)

HubSpot vs Salesforce: Which CRM Fits Your Business? 

The beginning of Pwn2Own Berlin 2025, hosted at the OffensiveCon conference, has concluded its first two days with…

The beginning of Pwn2Own Berlin 2025, hosted at the OffensiveCon conference, has concluded its first two days with notable achievements in cybersecurity research. A total of $695,000 has been awarded for 39 unique **zero-day vulnerabilities**, with the final day scheduled for Saturday, May 17.

****Day One: Major Exploits and AI Category Debut****

On May 15, the competition commenced with 11 exploit attempts, including the first-ever AI category. Researchers earned $260,000 for successful demonstrations across various platforms.

****Key Highlights:****

*   **Windows 11:** Chen Le Qi of STAR Labs SG combined a use-after-free and integer overflow to escalate privileges to SYSTEM, earning $30,000 and 3 Master of Pwn points.

*   **Red Hat Linux**: Pumpkin from the DEVCORE Research Team exploited an integer overflow for privilege escalation, securing $20,000 and 2 points.

*   **Oracle VirtualBox:** Team Prison Break achieved a virtual machine escape via an integer overflow, receiving $40,000 and 4 points.

*   **Docker Desktop:** Billy and Ramdhan of STAR Labs demonstrated a container escape using a Linux kernel vulnerability, earning $60,000 and 6 points.

*   **AI Category:** Sina Kheirkhah of Summoning Team exploited the Chroma AI application database, marking the first success in this category and earning $20,000 and 2 points.

Additional awards were given for other successful exploits, including a type confusion bug in Windows 11 by Hyeonjin Choi of Out Of Bounds, who earned $15,000 and 3 points.

****Day Two: Continued Success and High-Value Exploits****

The second day, May 16, saw researchers uncovering 20 unique zero-day vulnerabilities, resulting in $435,000 in awards.

*   **Microsoft SharePoint:** Dinh Ho Anh Khoa of Viettel Cyber Security combined an authentication bypass and insecure deserialization to exploit SharePoint, earning $100,000 and 10 points.

*   **VMware ESXi:** Synacktiv demonstrated a successful exploit, securing $80,000 and 8 points.

*   **NVIDIA Triton Inference Server:** Mohand Acherir and Patrick Ventuzelo of FuzzingLabs earned $15,000 and 1.5 points for their exploit, which was a known but unpatched vulnerability.

Other successful exploits included attacks on Firefox, Redis, and additional AI systems.  
SecurityWeek

> Wrapping up Day Two of #Pwn2Own Berlin 2025. We’ve awarded $695,000 for 20 unique 0-days, with one more day to go! pic.twitter.com/x2oBfaSfKS
> 
> — Trend Zero Day Initiative (@thezdi) May 16, 2025

****Day Three: Anticipated Final Challenges****

The final day, Saturday, May 17, is expected to feature remaining scheduled attempts, including further AI category exploits and other high-profile targets. With $695,000 already awarded, the total prize pool is projected to surpass $1,000,000.

****Master of Pwn Standings****

As of the end of Day Two, STAR Labs SG leads the Master of Pwn standings, having demonstrated multiple successful exploits across various categories. The final standings will be determined after the conclusion of Day Three.

Pwn2Own Berlin 2025 has showcased the growing **challenges in cybersecurity**, highlighting the importance of proactive vulnerability research. The introduction of the AI category reflects the growing focus on securing emerging technologies.

_Note: The above information is based on the latest available data from the Pwn2Own Berlin 2025 event. For detailed results and updates, refer to the Zero Day Initiative’s **official blog**._

Pwn2Own Berlin 2025: Windows 11, VMware, Firefox and Others Hacked

Ivanti EPMM users urgently need to patch against actively exploited 0day vulnerabilities (CVE-2025-4427, CVE-2025-4428) that enable pre-authenticated remote…

Ivanti EPMM users urgently need to patch against actively exploited 0day vulnerabilities (CVE-2025-4427, CVE-2025-4428) that enable pre-authenticated remote code execution, warns watchTowr.

Cybersecurity researchers at watchTowr have shared details of two security vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software, identified as CVE-2025-4427 and CVE-2025-4428 that can be combined to gain complete control over affected systems and are actively exploited by attackers.

Ivanti EPMM is a Mobile Device Management (MDM) solution system, crucial for enterprise security, acting as a central point to control software deployment and enforce policies on employee devices. However, the abovementioned flaws are turning this management tool into a potential entry point for malicious actors. watchTowr’s analysis, shared with Hackread.com, indicates that exploiting these vulnerabilities is surprisingly straightforward.

****Chained Exploits Lead to Full System Compromise****

The first vulnerability, CVE-2025-4427, is an authentication bypass flaw, which allows attackers to access protected parts of the Ivanti EPMM system without needing proper login credentials. The second vulnerability, CVE-2025-4428, is a remote code execution (RCE) flaw, which, if exploited, can let attackers run their own malicious code on the server.

Ivanti itself has acknowledged the severity when these issues are combined, stating that “successful exploitation could lead to unauthenticated remote code execution.” They have also reported awareness of a “very limited number of customers who have been exploited” since the vulnerabilities were disclosed.

This suggests that while the attacks might be targeted currently, they could become more widespread. watchTowr notes that once such targeted attacks become public, it’s common for attackers to start mass exploitation to find any remaining vulnerable systems.

Interestingly, Ivanti stated that the vulnerabilities are not in their own code but are “associated with two open-source libraries integrated into EPMM.” They emphasized that using open-source code is a standard practice in the tech industry.

****Technical Details and Exploitation****

watchTowr discovered an RCE vulnerability (CVE-2025-4428) in the hibernate-validator library, allowing attackers to inject malicious code through a parameter called “format” in API requests. watchtower successfully demonstrated this vulnerability by sending a simple web request that executed a calculation, proving code injection was possible. Moreover, they could execute system commands, like creating a file on the server.

The authentication bypass (CVE-2025-4427) is an “order of operations” issue rather than a traditional bypass. A crafted “format” parameter in a request to the /api/v2/featureusage_history endpoint triggers the vulnerable validation process before the authentication check, allowing an unauthenticated attacker to trigger the code execution vulnerability. The presence of the parameter changes the processing order, eliminating the need to log in first.

watchTowr successfully chained these two vulnerabilities in the Ivanti EPMM server by sending a crafted web request to the /rs/api/v2/featureusage endpoint with a malicious “format” parameter, allowing them to execute system commands without logging in, thus, creating a pre-authenticated RCE scenario.

These vulnerabilities pose a critical risk to organizations using affected versions. Patches are available for versions 11.12.0.5, 12.3.0.2, 12.4.0.2, and 12.5.0 and organizations using older unpatched versions are advised to update immediately

Source

HackRead