The final ShmooCon hacker conference was held last weekend in Washington, D.C. The conference organizers, Heidi and Bruce Potter, cited a desire to go out on a high note as the reason for ending the 20-year event. The conference featured presentations on cybersecurity, a small exhibit hall for vendors, and stories of hacking exploits. A notable presentation was by Carl Vincent who explained how he had covertly collected information about users of certain hacking software by hiding a “back door” within it.

Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457)
A suspected Chinese advanced persistent threat (APT) group exploited CVE-2025-22457, a previously unexploitable buffer overflow bug, to compromise devices running Ivanti Connect Secure (ICS) and