Swiss government warns attackers have stolen sensitive data, after ransomware attack at Radix

July 2, 2025

The Swiss government has issued a warning after a third-party service provider suffered a ransomware attack, which saw sensitive information stolen from its systems and leaked onto the dark web.

Read more in my article on the Fortra blog.

Source: Read More

Previous ArticleNorth Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign

Next Article Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits

Highlights

CVE-2025-52888 – “Allure Report XXE Injection Vulnerability”

June 24, 2025

CVE ID : CVE-2025-52888

Published : June 24, 2025, 8:15 p.m. | 1 hour, 11 minutes ago

Description : Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity (XXE) vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure the XML parser (`DocumentBuilderFactory`) and allows external entity expansion when processing test result .xml files. This allows attackers to read arbitrary files from the file system and potentially trigger server-side request forgery (SSRF). Version 2.34.1 contains a patch for the issue.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The AI productivity paradox in software engineering: Balancing efficiency and human skill retention

The impact of gray work on software development

CSS Intelligence: Speculating On The Future Of A Smarter Language

Hallucinated code, real threat: How slopsquatting targets AI-assisted development

Xbox is cancelling Rare’s ‘Everwild’ and ZeniMax’s new MMORPG IP as part of broader cuts — with ‘Perfect Dark’ impacted as well

Microsoft is closing down Xbox studio The Initiative, with Perfect Dark killed as well — joining Everwild and ZeniMax’s new IP, and other unannounced projects

No, Microsoft and Xbox’s Phil Spencer isn’t stepping down any time soon — here’s the truth

Everwild’s cancellation has me worried for one of my favorite dev teams and Xbox itself — It needs creative new games to thrive and refresh its identity

Trust but Verify: The Curious Case of AI Hallucinations

Trust but Verify: The Curious Case of AI Hallucinations

From Flow to Fabric: Connecting Power Automate to Microsoft Fabric

Flutter Web Hot Reload Has Landed – No More Refreshes!

Xbox is cancelling Rare’s ‘Everwild’ and ZeniMax’s new MMORPG IP as part of broader cuts — with ‘Perfect Dark’ impacted as well

Xbox is cancelling Rare’s ‘Everwild’ and ZeniMax’s new MMORPG IP as part of broader cuts — with ‘Perfect Dark’ impacted as well

Microsoft is closing down Xbox studio The Initiative, with Perfect Dark killed as well — joining Everwild and ZeniMax’s new IP, and other unannounced projects

No, Microsoft and Xbox’s Phil Spencer isn’t stepping down any time soon — here’s the truth

Swiss government warns attackers have stolen sensitive data, after ransomware attack at Radix

Actively Exploited Google Chrome Zero-Day (CVE-2025-6554) Added to CISA’s KEV Catalog, PoC Available

CVE-2025-20309 affects Cisco Unified CM

From Flow to Fabric: Connecting Power Automate to Microsoft Fabric

CVE-2025-4672 – Offsprout Page Builder WordPress Privilege Escalation Vulnerability

CVE-2025-46675 – NASA CryptoLib Cryptographic Key State Validation Bypass

CVE-2025-49446 – Minhlaobao Admin Notes CSRF Vulnerability

CVE-2025-52888 – “Allure Report XXE Injection Vulnerability”

book is a simple bookmark manager

CVE-2023-28907 – Skoda Superb III MIB3 CAN Bus CPU Core Isolation Bypass

UX And Design Files Organization Template

Swiss government warns attackers have stolen sensitive data, after ransomware attack at Radix

Related Posts