CVE-2025-34291 是在 Langflow AI 代理与工作流平台中发现的一个严重漏洞链，安全评分达到 CVSS v4.0: 9.4。该漏洞允许攻击者通过诱导用户访问恶意网页，实现对 Langflow 实例的完全账户接管和远程代码执行（RCE）。

CVE-2025-55182漏洞受影响版本中React 19引入，Next.js App Router 将来自客户端的 RSC 序列化数据直接交由 ReactFlightReplyServer 反序列化，未对模型结构、引用路径与 Server Reference 元数据进行充分校验。攻击者可构造恶意 RSC请求，引导 parseModelString、getOutlinedModel、loadServerReference、initializeModelChunk 等解析链路进入异常状态，在模块加载与引用绑定阶段控制调用目标，最终在 Next.js 中可触发任意服务端代码执行。

This report is based on the five core attack surfaces consisting of AI AI critical links from AI Assistants, Agents, Tools, Models, and Storage, with targeted security risks, defense architectures, and solutions.

Group-IB researchers observed a threat actor named Bloody Wolf launching a cyberattack campaign against Kyrgyzstan targeting the delivery of the NetSupport RAT beginning in June 2025.By early October 2025, its attacks expanded to Uzbekistan. By masquerading as the Kyrgyz Ministry of Justice, the attackers utilized official-looking PDF documents and domains, which in turn hosted malicious Java Archive (JAR) files designed to deploy the NetSupport RAT. The attack uses social engineering and easy-to-access tools via phishing emails to trick recipients into clicking on a link to download a malicious JAR loader file and install the Java Runtime, which in turn executes the loader in order to obtain the NetSupport RAT and establish persistence. Geofencing restrictions were also added to the attack against Uzbekistan.

CVE-2025-47812 is an extremely high-risk vulnerability with a confirmed exploit in the wild. Due to its low threshold of exploitation and high destructive power, it is recommended that all organizations using Wing FTP Server give it the highest priority for disposal, and must complete version upgrades or implement effective traffic blocking policies as soon as possible.

CVE-2025-6554 is a Type Confusion vulnerability in the Google Chrome V8 JavaScript engine. Type Confusion is a common class of memory corruption vulnerabilities that can lead to unsafe memory operations when a program incorrectly interprets one data type as another, allowing an attacker to execute arbitrary code on the victim's system.

In 2025, industrial control system security will face unprecedented challenges, mainly in the form of two-way risks of technological innovation and theft, double hazards brought about by the coexistence of old and new technologies, intensified supply chain security crises, as well as zero-day loopholes and stealth strategy failures

The Apple iMessage Zero-Click vulnerability allows an attacker to remotely compromise a device by sending a maliciously crafted iMessage message without user interaction. It has been exploited by Graphite spyware to launch attacks against journalists.

The vulnerability stems from the V8 TurboFan compiler's incorrect handling of dynamic index loading when performing store-store elimination optimization, which leads to misclassification of alias relationships and incorrect elimination of critical store operations, which in turn leads to memory access out-of-bounds. An attacker can construct a specially crafted HTML page to induce user access, trigger malicious JavaScript code execution, exploit the vulnerability to achieve remote code execution and sandbox escape, and ultimately take full control of the victim's device.

Aim Security has discovered the "EchoLeak" vulnerability, which exploits a design flaw typical of RAG Copilot, allowing an attacker to automatically steal any data in the context of M365 Copilot without relying on specific user behavior. The main attack chain consists of three different vulnerabilities, but Aim Labs has identified other vulnerabilities during its research that may enable exploitation.