Damascened Peacock: Russian hackers targeted UK Ministry of Defence

May 30, 2025

The UK’s Ministry of Defence has revealed that it was the target of a sophisticated cyber attack that saw Russia-linked hackers pose as journalists.

Read more in my article on the Hot for Security blog.

Source: Read More

Previous ArticleNew EDDIESTEALER Malware Bypasses Chrome’s App-Bound Encryption to Steal Browser Data

Next Article AI Won’t Replace Developers, But It Will Leave Some Behind

Highlights

CVE-2025-52572 – Hikka Telegram Userbot Remote Code Execution and Account Takeover Vulnerability

June 24, 2025

CVE ID : CVE-2025-52572

Published : June 24, 2025, 9:15 p.m. | 4 hours, 14 minutes ago

Description : Hikka, a Telegram userbot, has vulnerability affects all users on all versions of Hikka. Two scenarios are possible. 1. Web interface does not have an authenticated session: attacker can use his own Telegram account to gain RCE to the server by authorizing in the dangling web interface. 2. Web interface does have an authenticated session: due to insufficient warning in the authentication message, users were tempted to click “Allow” in the “Allow web application ops” menu. This gave an attacker access not only to remote code execution, but also to Telegram accounts of owners. Scenario number 2 is known to have been exploited in the wild. No known patches are available, but some workarounds are available. Use `–no-web` flag and do not start userbot without it; after authorizing in the web interface, close the port on the server and/or start the userbot with `–no-web` flag; and do not click “Allow” in your helper bot unless it is your explicit action that needs to be allowed.

Severity: 10.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: A Unique Way to Primary Key

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

I’m a wearables editor and here are the 7 Pixel Watch 4 rumors I’m most curious about

8 ways I quickly leveled up my Linux skills – and you can too

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

Execute Ping Commands and Get Back Structured Data in PHP

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

“I don’t think I changed his mind” — NVIDIA CEO comments on H20 AI GPU sales resuming in China following a meeting with President Trump

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Damascened Peacock: Russian hackers targeted UK Ministry of Defence

GPT-5 is Coming: Revolutionizing Software Testing

Win the Accessibility Game: Combining AI with Human Judgment

CVE-2025-47811 – Wing FTP Server Privilege Escalation Vulnerability

CVE-2025-7094 – Belkin Webs Stack-Based Buffer Overflow Vulnerability

Windows Phone just got its first AI ChatGPT-style app. No, really.

DistroWatch Weekly, Issue 1122

CVE-2025-52572 – Hikka Telegram Userbot Remote Code Execution and Account Takeover Vulnerability

CVE-2025-6058 – WordPress WPBookit Arbitrary File Upload Vulnerability

CVE-2025-0993 – GitLab Denial of Service

CVE-2025-43922 – FileWave Windows Privilege Escalation

Damascened Peacock: Russian hackers targeted UK Ministry of Defence

Related Posts