🚨 CISA KEV 2[−]
3 Jun KEVVulnerability Report - May 2025submitted by cm0002 to cybersecurity 2 points | 0 comments Introduction This vulnerability report has been generated using data aggregated on Vulnerability-Lookup , with contributions from the platform’s community. It highlights the most frequently mentioned vulnerability for May…INFOSEC.PUB
3 Jun KEVCISA Adds Three Known Exploited Vulnerabilities to CatalogCISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-21479 Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability CVE-2025-21480 Qualcomm Multiple Chipsets Incorrect Authorizat…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 12[−]
3 Jun KEVNew Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band PatchGoogle on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the wild. The high-severity flaw is being tracked as CVE-2025-5419, and has been flagged as an out-of-bounds read a…THEHACKERNEWS.COM
3 JunNew ModSecurity WAF Vulnerability Enables Attackers to Crash SystemsA high-severity denial-of-service (DoS) vulnerability (CVE-2025-48866) has been identified in ModSecurity’s Apache module (mod_security2), threatening web application firewall stability. Rated 7.5/10 on the CVSS scale, this flaw enables attackers to crash servers by exploiting ar…GBHACKERS.COM
3 JunSplunk Enterprise XSS Flaw Enables Attackers to Execute Unauthorized JavaScriptSplunk has disclosed a reflected Cross-Site Scripting (XSS) vulnerability in its Enterprise and Cloud Platform products, tracked as CVE-2025-20297 and detailed in advisory SVD-2025-0601. The flaw, rated medium with a CVSSv3.1 score of 4.3, affects the dashboard PDF generation com…GBHACKERS.COM
3 JunSplunk Universal Forwarder for Windows Flaw Grants Non-Admin Users Full Content AccessA critical security advisory (SVD-2025-0602) has been issued for Splunk Universal Forwarder for Windows, addressing a high-severity vulnerability (CVE-2025-20298) that exposes Windows systems to potential privilege escalation. The flaw, rated 8.0 (High) on the CVSSv3.1 scale (CVS…GBHACKERS.COM
3 JunNew Linux VulnerabilitiesThey’re interesting : Tracked as CVE-2025-5054 and CVE-2025-4598 , both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like Apport and systemd-coredump are designed to handle crash reporting…SCHNEIER.COM
3 JunCisco Wireless LAN Controllers under threat again after critical exploit details go publicThe heat is back on Wireless LAN Controllers (WLCs) running Cisco IOS XE after technical details of a recently disclosed max-severity exploit were made public. A patch diffing performed by Horizon3.ai, a cybersecurity outfit specialized in pen-testing and attack simulation, revea…CSOONLINE.COM
3 Jun KEVCISA Alerts on ConnectWise ScreenConnect Authentication Vulnerability Actively ExploitedA critical improper authentication vulnerability has been discovered in ConnectWise ScreenConnect, tracked as CVE-2025-3935 and mapped to CWE-287 (Improper Authentication). This flaw affects all ScreenConnect versions up to and including 25.2.3, exposing them to ViewState code in…GBHACKERS.COM
3 JunCritical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious CodeCybersecurity researchers have disclosed details of a critical security flaw in the Roundcube webmail software that has gone unnoticed for a decade and could be exploited to take over susceptible systems and execute arbitrary code. The vulnerability, tracked as CVE-2025-49113, ca…THEHACKERNEWS.COM
3 JunvBulletin Exploits (CVE-2025-48827, CVE-2025-48828), (Tue, Jun 3rd)Last week, Ryan Dewhurst disclosed an interesting and easily exploitable vulnerability in vBulltin. These days, bulletin boards are not quite as popular as they used to be, but they are still being used, and vBulletin is one of the most common commercially supported platforms to …ISC.SANS.EDU
3 Jun KEVGoogle patches third zero-day flaw in Chrome this yearThe Google Chrome team issued an update to fix a high-severity vulnerability that is being actively exploited in the wild. The issue was also mitigated by a configuration change pushed out last Thursday to users of the stable Chrome version, which didn’t require a browser update.…CSOONLINE.COM
3 JunChromium: CVE-2025-5068 Use after free in BlinkThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.MSRC.MICROSOFT.COM
3 JunChromium: CVE-2025-5419 Out of bounds read and write in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information. Google is aware that an exploit for CVE-2025-5419 ex…MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 45[−]
3 Jun KEVNew Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patchsubmitted by cm0002 to cybersecurity 1 points | 0 comments https://thehackernews.com/2025/06/new-chrome-zero-day-actively-exploited.htmlINFOSEC.PUB
3 JunWas ist Federated Identity Management?Federated Identity optimiert Komfort und Sicherheit auf Kosten der Komplexität. PeachShutterStock | shutterstock.com Im Kern der Enterprise Security steht die Zerreißprobe zwischen Benutzerkomfort und Security-Anforderungen. Dabei handelt es sich um einen Balanceakt, der regelmäß…CSOONLINE.COM
3 JunThreat-Intelligence-Plattformen – ein KaufratgeberThreat-Intelligence-Plattformen erleichtern es, Bedrohungen zu durchdringen und wirksame Abwehrmaßnahmen zu ergreifen. specnaz | shutterstock.com Der erste Schritt zu einem soliden Enterprise-Security-Programm besteht darin, eine geeignete Threat-Intelligence-Plattform (TIP) ausz…CSOONLINE.COM
3 JunColoCrossing - 7,183 breached accountsIn May 2025, hosting provider ColoCrossing identified a data breach that impacted customers of their ColoCloud virtual server product . ColoCrossing advised the incident was isolated to their cloud/VPS platform and stemmed from a single sign-on vulnerability. 7k email addresses w…HAVEIBEENPWNED.COM
3 Jun„In der Security geht es vor allem um Resilienz“srcset="https://b2b-contenthub.com/wp-content/uploads/2025/05/Timo-W-Foto-Interview.png?quality=50&strip=all 1422w, https://b2b-contenthub.com/wp-content/uploads/2025/05/Timo-W-Foto-Interview.png?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.com/w…CSOONLINE.COM
3 JunCritical HPE StoreOnce Flaws Allow Remote Code Execution by AttackersHewlett-Packard Enterprise (HPE) has issued a critical security bulletin (HPESBST04847 rev. 1) warning users of multiple high-impact vulnerabilities in its StoreOnce Software, specifically affecting versions before 4.3.11. The vulnerabilities, if exploited, could allow attackers …GBHACKERS.COM
3 JunAI gives superpowers to BEC attackersAs much as it has been used to defend and make some taxing jobs easier, AI is also being extensively employed by attackers, helping them collect specific data that is used on business email compromise (BEC) attempts. AI is already getting better in deep research and with that mak…CSOONLINE.COM
3 Jun159: VastaamoJoe Tidy investigates what may be the cruelest and most disturbing cyber attack in history. A breach so invasive it blurred the line between digital crime and psychological torture. This story might make your skin crawl. Get more from Joe linktr.ee/joetidy . Get the book Ctrl + A…DARKNETDIARIES.COM
3 JunSolarWinds Dameware Vulnerability Could Let Attackers Gain Elevated PrivilegesJune 3, 2025 – SolarWinds Worldwide, LLC has announced the release of Dameware 12.3.2, a critical service update focused on bug fixes, security enhancements, and library upgrades. The release, dated June 2, 2025, addresses several technical issues reported by users and security r…GBHACKERS.COM
3 JunThreat Actors Target PerimeterX CAPTCHA to Automate Microsoft Account CreationA recent post on an underground forum has brought renewed attention to the escalating arms race between cybercriminals and anti-bot security vendors. The solicitation, offering USD 1,500 for a working bypass of PerimeterX (PX) anti-fraud protections—specifically targeting the “ho…GBHACKERS.COM
3 JunGoogle Researchers Find New Chrome Zero-DayReported by the Google Threat Analysis Group, the vulnerability might have been exploited by commercial spyware. The post Google Researchers Find New Chrome Zero-Day appeared first on SecurityWeek .SECURITYWEEK.COM
3 JunAIs, MCPs, and the Acutal Work that LLMs Are Generating - ASW #333The recent popularity of MCPs is surpassed only by the recent examples deficiencies of their secure design. The most obvious challenge is how MCPs, and many more general LLM use cases, have erased two decades of security principles behind separating code and data. We take a look …YOUTUBE.COM
3 Jun53% of cyber department leaders eyeing the exitSecurity department heads — those directly reporting to the CISO — are decidedly looking to leave their posts. But various factors, including a weak economy, are delaying their exoduses, which could give CISOs time to change their minds. According to the 2025 IANS Cybersecurity S…CSOONLINE.COM
3 JunMalicious NPM Packages Exploit Ethereum Wallets with Obfuscated JavaScriptA recent wave of malicious NPM packages has emerged as a significant threat to cryptocurrency users, specifically targeting Ethereum wallet holders. Cybersecurity researchers have uncovered a sophisticated campaign where attackers leverage the widely-used Node Package Manager (NP…GBHACKERS.COM
3 JunGoogle patches new Chrome zero-day bug exploited in attacksGoogle has released an emergency security update to fix the third Chrome zero-day vulnerability exploited in attacks since the start of the year. [...]BLEEPINGCOMPUTER.COM
3 JunThe high cost of misconfigured DevOps: Global cryptojacking hits enterprisesA massive ongoing cryptojacking operation is actively exploiting misconfigured DevOps tools, including Nomad, Consul, Docker, and Gitea, to hijack computing power for cryptocurrency mining, Wiz Threat Research revealed. Dubbed Jinx-0132 by researchers, the campaign has compromise…CSOONLINE.COM
3 JunThreat Actors Exploit DevOps Web Server Misconfigurations to Deploy MalwareThreat actors have increasingly turned their attention to exploiting misconfigurations in DevOps-managed web servers to deploy malicious payloads. Recent investigations into web server vulnerabilities reveal a sophisticated pattern of attacks targeting poorly secured environments…GBHACKERS.COM
3 JunAustralia Enforces Ransomware Payment ReportingCovered organizations in Australia are now required to report ransomware and other cyber extortion payments within three days. The post Australia Enforces Ransomware Payment Reporting appeared first on SecurityWeek .SECURITYWEEK.COM
3 JunNew Research Uncovers Strengths and Vulnerabilities in Cloud-Based LLM GuardrailsCybersecurity researchers have shed light on the intricate balance of strengths and vulnerabilities inherent in cloud-based Large Language Model (LLM) guardrails. These safety mechanisms, designed to mitigate risks such as data leakage, biased outputs, and malicious exploitation,…GBHACKERS.COM
3 JunHackers Abuse AI Tool Misconfigurations to Execute Malicious AI-Generated PayloadsA malicious threat actor has exploited a misconfigured instance of Open WebUI, a widely-used self-hosted AI interface with over 95,000 stars on GitHub, designed to enhance large language models (LLMs). This incident underscores the growing risks associated with internet-exposed A…GBHACKERS.COM
3 JunNew Safari XSS Vulnerability Exploits JavaScript Error Handling to Run Arbitrary CodeCross-site scripting (XSS) remains one of the most persistent threats in web security, but most discussions focus on traditional vectors. A lesser-known but intriguing avenue is exploiting JavaScript TypeError messages in Safari to achieve XSS. This technique leverages how Safari…GBHACKERS.COM
3 JunQualcomm fixes three Adreno GPU zero-days exploited in attackssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/qualcomm-fixes-three-adreno-gpu-zero-days-exploited-in-attacks/SH.ITJUST.WORKS
3 JunHackers Exploit AI Tools Misconfiguration To Run Malicious AI-generated Payloadssubmitted by kid to cybersecurity 2 points | 0 comments https://cybersecuritynews.com/hackers-exploit-ai-tools-misconfiguration/SH.ITJUST.WORKS
3 JunOne hacker, many names: Industry collaboration aims to fix cyber threat label chaosWhen the same Russian hacking group goes by Midnight Blizzard, Cozy Bear, APT29, or UNC2452, depending on which security vendor is tracking them, you know there’s a problem. Microsoft and CrowdStrike have announced that they are working together to solve one of cybersecurity’s mo…CSOONLINE.COM
3 Jun KEVNew Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patchsubmitted by kid to cybersecurity 3 points | 0 comments https://thehackernews.com/2025/06/new-chrome-zero-day-actively-exploited.htmlSH.ITJUST.WORKS
3 JunApple iOS Activation Flaw Enables Injection of Unauthenticated XML PayloadsA severe vulnerability in Apple’s iOS activation infrastructure has been uncovered, posing a significant risk to device security during the setup phase. This flaw, identified in the iOS Activation Backend at the endpoint https://humb.apple.com/humbug/baa, allows attackers to inje…GBHACKERS.COM
3 JunCISA warns of ConnectWise ScreenConnect bug exploited in attacksCISA is alerting federal agencies in the U.S. of hackers exploiting a recently patched ScreenConnect vulnerability that could lead to executing remote code on the server. [...]BLEEPINGCOMPUTER.COM
3 Jun1,000 Instantel Industrial Monitoring Devices Possibly Exposed to HackingA critical command execution vulnerability has been found by a researcher in Instantel Micromate monitoring units. The post 1,000 Instantel Industrial Monitoring Devices Possibly Exposed to Hacking appeared first on SecurityWeek .SECURITYWEEK.COM
3 JunAembit Extends Workload IAM to Microsoft Ecosystem, Securing Hybrid Access for Non-Human IdentitiesAembit, the workload identity and access management (IAM) company, today announced a major expansion of its platform to support Microsoft environments. With this launch, enterprises can now enforce secure, policy-based access for software workloads and agentic AI running on Windo…GBHACKERS.COM
3 JunIf You Touch Tech, You’re in Security 👨💻 #ITRealityMost people think cybersecurity is just for the IT team... but that's no longer true. In this short, Jeff Man breaks down why every employee is now part of the security equation. If you touch tech, you’re part of the defense. From using internal tools to simply doing your job — s…YOUTUBE.COM
3 JunScattered Spider: Three things the news doesn’t tell youScattered Spider isn't one group — it's an identity-first threat model evolving fast. From vishing to AiTM phishing, they're exploiting MFA gaps to hijack the cloud. Watch the Push Security webinar to learn how their identity-based tactics work — and how to stop them. [...]BLEEPINGCOMPUTER.COM
3 JunAndroid Security Update Addresses High-Severity Privilege Escalation FlawsThe Android Security Bulletin for June 2025, published on June 2, details a series of high-severity vulnerabilities affecting a wide range of Android devices. Security patch levels of 2025-06-05 or later address all reported issues, with source code patches set for imminent relea…GBHACKERS.COM
3 JunNews alert: Aembit brings ‘Workload IAM’ to Microsoft stack, secures hybrid AI and app accessSilver Spring, MD, June 3, 2025, CyberNewswire — Aembit , the workload identity and access management (IAM) company, today announced a major expansion of its platform to support Microsoft environments. With this launch, enterprises can now enforce secure, policy-based acces…LASTWATCHDOG.COM
3 JunResearchers Reveal Container-Based Attacks Through Host-Based Log AnalysisCybersecurity researchers have shed light on the often-underestimated vulnerabilities in containerized environments, emphasizing the critical role of host-based log analysis in uncovering sophisticated attacks. Containers, widely adopted for their ability to encapsulate applicati…GBHACKERS.COM
3 JunNew Linux PumaBot Targets IoT Devices with SSH Credential Brute-Force AttackA new and insidious threat has surfaced in the cybersecurity landscape as Darktrace’s Threat Research team uncovers PumaBot, a Go-based Linux botnet meticulously designed to exploit embedded Internet of Things (IoT) devices. Unlike conventional botnets that cast a wide net throug…GBHACKERS.COM
3 JunMalicious RubyGems pose as Fastlane to steal Telegram API dataTwo malicious RubyGems packages posing as popular Fastlane CI/CD plugins redirect Telegram API requests to attacker-controlled servers to intercept and steal data. [...]BLEEPINGCOMPUTER.COM
3 JunCISA Releases Three Industrial Control Systems AdvisoriesCISA released three Industrial Control Systems (ICS) advisories on June 3, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-153-01 Schneider Electric Wiser Home Automation ICSA-25-153-02 Schnei…CISA.GOV
3 JunDollyWay is infecting WordPress sites | Kaspersky official blogDollyWay has been exploiting WordPress plugins and themes to infect websites and redirect traffic to malicious pages since 2016.KASPERSKY.COM
3 JunNew Unrestricted AI Tool Can Assist in CybercrimeResearchers at Certo warn that a new AI chatbot called “Venice[.]ai” can allow cybercriminals to easily generate phishing messages or malware code.KNOWBE4.COM
3 JunCoinbase breach tied to bribed TaskUs support agents in IndiaA recently disclosed data breach at Coinbase has been linked to India-based customer support representatives from outsourcing firm TaskUs, who threat actors bribed to steal data from the crypto exchange. [...]BLEEPINGCOMPUTER.COM
3 JunPhone chipmaker Qualcomm fixes three zero-days exploited by hackersGoogle's Threat Analysis Group, which investigates government-backed hacks, was credited with the discovery of the zero-days.TECHCRUNCH.COM
3 JunWarning: Critical PHP Deserialization Vulnerability in Roundcube Webmail, Patch Immediately! | CCB Safeonwebsubmitted by kid to cybersecurity 2 points | 0 comments https://ccb.belgium.be/advisories/warning-critical-php-deserialization-vulnerability-roundcube-webmail-patch-immediatelySH.ITJUST.WORKS
3 JunOne-third of top U.S. cyber force has left since Trump took officesubmitted by cm0002 to cybersecurity 3 points | 0 comments https://www.axios.com/2025/06/03/cisa-staff-layoffs-resignations-trump-cutsINFOSEC.PUB
3 JunThe Cyber Vendor You Trusted? It Might Be Game Over.One of the most trusted cybersecurity vendors might be on its last leg… In this short clip, cybersecurity experts Adrian Sanabria and Sean Metcalf break down the massive disruption hitting the vulnerability management space. With Microsoft and CrowdStrike entering the ring alongs…YOUTUBE.COM
3 JunMultiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of the most severe of these vulnerabilities could allow for arbit…CISECURITY.ORG
📋 SECURITY BULLETINS 1[−]
3 JunHewlett Packard Enterprise warns of critical StoreOnce auth bypassHewlett Packard Enterprise (HPE) has issued a security bulletin to warn about eight vulnerabilities impacting StoreOnce, its disk-based backup and deduplication solution. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 7[−]
3 JunTrump’s CISA budget lays out deep job cuts, program reductionssubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.cybersecuritydive.com/news/cisa-trump-2026-budget-proposal/749539/INFOSEC.PUB
3 JunGoogle Chrome to Distrust Two Certificate Authorities Over Compliance and Conduct IssuesGoogle has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock citing "patterns of concerning behavior observed over the past year." The changes are expected to be introduced in Chrome 139, which is scheduled for public release in ear…THEHACKERNEWS.COM
🔥 INCIDENT REPORTING 16[−]
3 JunCartier discloses data breach amid fashion brand cyberattackssubmitted by cm0002 to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/cartier-discloses-data-breach-amid-fashion-brand-cyberattacks/INFOSEC.PUB
3 JunLyrix Ransomware Targets Windows Users with Advanced Evasion TechniquesA formidable new strain of ransomware, dubbed Lyrix, has recently surfaced, posing a significant threat to Windows users worldwide. Cybersecurity researchers have identified Lyrix as a highly advanced malicious software designed to encrypt critical files and demand substantial ra…GBHACKERS.COM
3 JunVolkswagen data breach claim falls flat on proof | Cybernewssubmitted by kid to cybersecurity 1 points | 0 comments https://cybernews.com/security/volkswagen-data-breach-claim-lacks-evidence/SH.ITJUST.WORKS
3 JunCartier Data Breach: Luxury Retailer Warns Customers That Personal Data Was Exposed - SecurityWeeksubmitted by kid to cybersecurity 1 points | 0 comments https://www.securityweek.com/cartier-data-breach-jewelry-maker-warns-customers-that-personal-data-was-exposed/SH.ITJUST.WORKS
3 JunPotato packer suffers data breach, hackers claim | Cybernewssubmitted by kid to cybersecurity 1 points | 0 comments https://cybernews.com/news/nokota-packers-potato-hack/SH.ITJUST.WORKS
3 JunMainStreet reports third-party breach of bank customer data • The Registersubmitted by kid to cybersecurity 1 points | 0 comments https://www.theregister.com/2025/06/02/mainstreet_bancshares_says_thirdparty_breach/SH.ITJUST.WORKS
3 JunMainStreet Bank Data Breach Impacts Customer Payment CardsThe incident occurred in March and impacted the personally identifiable information of approximately 4.65% of MainStreet Bancshares’ customers. The post MainStreet Bank Data Breach Impacts Customer Payment Cards appeared first on SecurityWeek .SECURITYWEEK.COM
3 JunVictoria’s Secret delays earnings release after security incidentFashion retail giant Victoria's Secret has delayed its first quarter 2025 earnings release because of ongoing corporate system restoration efforts following a May 24 security incident. [...]BLEEPINGCOMPUTER.COM
3 JunHealth giant Kettering still facing disruption weeks after ransomware attackA healthcare giant with dozens of facilities across Ohio is still recovering after shutting down nearly all its operations following a ransomware attack.TECHCRUNCH.COM
3 JunNorth Face Fashion Brand Alerts Customers to Credential Stuffing AttackThe North Face, a prominent outdoor fashion brand under VF Outdoor, LLC, detected unusual activity on its website, thenorthface.com. Following a swift and thorough investigation, the company identified the incident as a small-scale credential stuffing attack. Unauthorized Access …GBHACKERS.COM
3 JunState-Sponsored Groups Intensify Attacks on Manufacturing Sector and OT SystemsThe manufacturing sector has emerged as a prime target for cyber attackers in 2024, with a staggering 71% surge in active threat actors compared to the previous year, according to a recent report by Forescout Technologies. Between 2024 and the first quarter of 2025, 29 threat act…GBHACKERS.COM
3 JunRussian Hacker Black Owl Targets Critical Industries to Steal Financial DataA pro-Ukrainian hacktivist group known as BO Team, also operating under aliases such as Black Owl, Lifting Zmiy, and Hoody Hyena, has emerged as a formidable threat to Russian organizations in 2025. This group, which publicly declared its intentions via a Telegram channel in earl…GBHACKERS.COM
3 JunIndian grocery startup KiranaPro was hacked and its servers deleted, CEO confirmsThe company said the cyberattack destroyed its servers and customer data.TECHCRUNCH.COM
3 JunThe Worsening Landscape of Educational CybersecurityLast year, KnowBe4's report " Exponential Growth in Cyber Attacks Against Higher Education Institutions " illustrated the growing cyber threats facing universities and colleges.KNOWBE4.COM
3 JunMore Tools ≠ More SecurityToo many cybersecurity tools, not enough results? In this eye-opening short, security experts break down the hidden danger of overloaded tech stacks. It’s not about how many tools you have — it’s about how well they work together. With insights from seasoned CISOs and a harsh rea…YOUTUBE.COM
3 JunAustralia Begins New Ransomware Payment Disclosure Rulessubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.darkreading.com/threat-intelligence/australia-ransomware-payment-disclosure-rulesINFOSEC.PUB
🕵️ THREAT INTELLIGENCE 30[−]
3 JunISC Stormcast For Tuesday, June 3rd, 2025 https://isc.sans.edu/podcastdetail/9476, (Tue, Jun 3rd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
3 JunFalschinformationen im Netz werden nur selten erkanntsrcset="https://b2b-contenthub.com/wp-content/uploads/2025/06/shutterstock_2572510425.jpg?quality=50&strip=all 7186w, https://b2b-contenthub.com/wp-content/uploads/2025/06/shutterstock_2572510425.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.c…CSOONLINE.COM
3 JunMicrosoft and CrowdStrike Launch Shared Threat Actor Glossary to Cut Attribution ConfusionMicrosoft and CrowdStrike have announced that they are teaming up to align their individual threat actor taxonomies by publishing a new joint threat actor mapping. "By mapping where our knowledge of these actors align, we will provide security professionals with the ability to co…THEHACKERNEWS.COM
3 JunMicrosoft, CrowdStrike Lead Effort to Map Threat Actor NamesMicrosoft and CrowdStrike are running a project that aims to align threat actor names, and Google and Palo Alto Networks will also contribute. The post Microsoft, CrowdStrike Lead Effort to Map Threat Actor Names appeared first on SecurityWeek .SECURITYWEEK.COM
3 JunIs public WiFi actually dangerous?submitted by milicent_bystandr to cybersecurity 2 points | 0 comments I came across a Reddit thread about someone using a neighbour’s WiFi, and the (unknown) neighbour later changed the ssid to the user’s gaming handle. Lots of comments saying that public WiFi can be a trap, and …SH.ITJUST.WORKS
3 JunBeware: Fake Booking.com Sites Spread AsyncRAT Malware to Infect DevicesCybercriminals have launched a devious campaign targeting users of gaming sites, social media platforms, and even sponsored ads by redirecting links to counterfeit Booking.com websites. According to recent Report by Malwarebytes, approximately 40% of travelers book their trips th…GBHACKERS.COM
3 JunGoogle Online Security Blog: Sustaining Digital Certificate Security - Upcoming Changes to the Chrome Root Storesubmitted by kid to cybersecurity 1 points | 0 comments https://security.googleblog.com/2025/05/sustaining-digital-certificate-security-chrome-root-store-changes.htmlSH.ITJUST.WORKS
3 JunOver 30 Vulnerabilities Patched in AndroidThe latest Android updates fix vulnerabilities in Runtime, Framework, System, and third-party components of the mobile OS. The post Over 30 Vulnerabilities Patched in Android appeared first on SecurityWeek .SECURITYWEEK.COM
3 JunNew Report: Governments Struggle to Regain Backdoor Access to Secure CommunicationsA crucial point has been reached in the conflict between personal privacy and governmental monitoring in a time when digital communication is essential. Governments worldwide are grappling with the proliferation of strong encryption in messaging apps, social media platforms, and …GBHACKERS.COM
3 JuneSentire | When Samsung's Magic Turns Tragic: A Tale of Unauthorized Miningsubmitted by kid to cybersecurity 2 points | 0 comments https://www.esentire.com/blog/when-samsungs-magic-turns-tragic-a-tale-of-unauthorized-miningSH.ITJUST.WORKS
3 JunDocker, HashiCorp, Gitea servers targeted in cryptojacking campaign | SC Mediasubmitted by kid to cybersecurity 1 points | 0 comments https://www.scworld.com/news/docker-hashicorp-gitea-servers-targeted-in-cryptojacking-campaignSH.ITJUST.WORKS
3 JunScattered Spider: Understanding Help Desk Scams and How to Defend Your Organizationsubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2025/06/scattered-spider-understanding-help.htmlSH.ITJUST.WORKS
3 JunThe North Face warns customers of April credential stuffing attacksubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/the-north-face-warns-customers-of-april-credential-stuffing-attack/SH.ITJUST.WORKS
3 JunZero Networks Raises $55 Million for Microsegmentation SolutionMicrosegmentation provider Zero Networks has raised $55 million in a Series C funding round led by Highland Europe. The post Zero Networks Raises $55 Million for Microsegmentation Solution appeared first on SecurityWeek .SECURITYWEEK.COM
3 JunBeyond the Pond Phish: Unraveling Lazarus Group's Evolving Tactics | BitMEX Blogsubmitted by kid to cybersecurity 1 points | 0 comments https://blog.bitmex.com/bitmex-busts-lazarus-group/SH.ITJUST.WORKS
3 JunCyberheistNews Vol 15 #22 If I Had Only 20 Seconds To Teach People How To Avoid ScamsKNOWBE4.COM
3 JunWhy Scamming Can’t Be Stopped—But It Can Be ManagedWith crime-as-a-service lowering the barrier to entry and prosecution lagging behind, enterprise security teams must rethink their strategies to detect and disrupt scams at scale. The post Why Scamming Can’t Be Stopped—But It Can Be Managed appeared first on SecurityWeek .SECURITYWEEK.COM
3 JunMikko Hypponen Leaves Anti-Malware Industry to Fight Against DronesMikko Hypponen has joined the Finnish anti-drone company Sensofusion as Chief Research Officer after three decades of fighting malware. The post Mikko Hypponen Leaves Anti-Malware Industry to Fight Against Drones appeared first on SecurityWeek .SECURITYWEEK.COM
3 JunTop Russian Dark Web Market Tools Drive Surge in Credential Theft AttacksIn a chilling revelation for cybersecurity professionals, the Russian Market has solidified its position as the leading hub for stolen credentials, fueling a dramatic rise in credential theft attacks worldwide. According to a 2024 report by ReliaQuest’s GreyMatter Digital Risk Pr…GBHACKERS.COM
3 JunAndroid Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Walletssubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2025/06/android-trojan-crocodilus-now-active-in.htmlSH.ITJUST.WORKS
3 JunCybersecurity Challenges in the Energy and Utilities SectorIBM and Palo Alto Networks are collaborating to address five key security challenges and their solutions. The post Cybersecurity Challenges in the Energy and Utilities Sector appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
3 JunHow Microsoft Defender for Endpoint is redefining endpoint securityLearn why many CISOs prefer Microsoft Defender for Endpoint for comprehensive cyberthreat protection across devices and platforms. The post How Microsoft Defender for Endpoint is redefining endpoint security appeared first on Microsoft Security Blog .MICROSOFT.COM
3 JunThe UK Brings Cyberwarfare Out of the ClosetThe UK’s 2025 Strategic Defence Review outlines a unified approach to modern warfare, integrating cyber, AI, and electromagnetic capabilities across military domains. The post The UK Brings Cyberwarfare Out of the Closet appeared first on SecurityWeek .SECURITYWEEK.COM
3 JunCan You Beat These Cyber Pros in Malware Trivia? 🧑💻👾When a group of veteran cybersecurity pros are put to the test on classic malware worms... things get hilarious! From Conficker to Code Red and even Morris, watch them try (and fail) to list the top 10 malware of all time. Perfect for infosec nerds and cyber trivia lovers—can you…YOUTUBE.COM
3 JunWhy VPNs Might Be Your Weakest Link 😵💫 #technewsMost people think VPNs protect everything—but cybersecurity expert Sam Bowne reveals a shocking truth: routers, firewalls, and even VPN concentrators are now prime targets for hackers. This short dives into the overlooked danger hiding in your edge devices and why threat detectio…YOUTUBE.COM
3 JunMY TAKE: Are we ‘Super f**ked’ by agentic AI — or finally able to take charge of what comes next?When VC mogul Chris Sacca declared AI is the death knell for professional services, I flinched. Not because he’s wrong — but because it’s only half the story. Related: GenAI grows up – at RSAC 2025 As a journalist who’s … (more…) The post MY TAKE: Are we ‘Super f**ked…LASTWATCHDOG.COM
3 JunFake Docusign Pages Deliver Multi-Stage NetSupport RAT Malwaresubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/fake-docusign-pages-deliver-rat/SH.ITJUST.WORKS
3 JunThe Most Overused Phrase in CybersecurityEvery cybersecurity pro has that moment — when someone confidently says “single pane of glass” like it’s a magic fix. In this hilarious short, a group of cyber experts roasts the phrase we’ve all heard too many times. From props to punchlines, this clip captures what security mee…YOUTUBE.COM
3 Jun90% Right is Enough When You’re Debugging at 3AMWhen cybersecurity pros are stuck debugging late at night, they don't need perfection—they need direction. This short shows how modern LLMs (large language models) can break down complex code, line by line, giving developers just enough clarity to reverse engineer and move forwar…YOUTUBE.COM
3 JunBovril, Deranged, Crocodilus, Cartier, Jinx, Conti, Scattered Spider, Josh Marpet... - SWN #482Bovril, Deranged Hookworm, Crocodilus, Cartier, Jinx, Conti, Scattered Spider, Josh Marpet, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-482YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
3 JunAndroid Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto WalletsA growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South America. The malware, according to a new report published by ThreatFabric, has also adopted improved obfuscation techniques to…THEHACKERNEWS.COM
3 JunAndroid malware Crocodilus adds fake contacts to spoof trusted callersThe latest version of the 'Crocodilus' Android malware has introduced a new mechanism that adds a fake contact on the infected device's contact list to deceive victims. [...]BLEEPINGCOMPUTER.COM
3 JunFake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell AttackThreat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their machines and infect them with the NetSupport RAT malware. The DomainTools Investigations (DTI) team said it identified "m…THEHACKERNEWS.COM
🎙️ PODCASTS 1[−]
3 JunThe AI Fix #53: An AI uses blackmail to save itself, and threats make AIs work betterIn episode 53 of The AI Fix, our hosts suspect the CEO of Duolingo has been kidnapped by an AI, Sergey Brin says AIs work better if you threaten them with physical violence, Graham wonders how you put a collar on a headless robot dog, Mark asks why kickboxing robots wear head gua…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 9[−]
3 JunScattered Spider: Understanding Help Desk Scams and How to Defend Your OrganizationIn the wake of high-profile attacks on UK retailers Marks & Spencer and Co-op, Scattered Spider has been all over the media, with coverage spilling over into the mainstream news due to the severity of the disruption caused — currently looking like hundreds of millions in lost…THEHACKERNEWS.COM
3 JunMozilla launches new system to detect Firefox crypto drainer add-onsMozilla has developed a new security feature for its add-on portal that helps block Firefox malicious extensions that drain cryptocurrency wallets. [...]BLEEPINGCOMPUTER.COM
3 JunWhy This Hacker Wants to Showcase His Biggest Mistake 🔥James Kettle, a cybersecurity researcher known for his work at Black Hat USA, has an unexpected "Plan B" — if his research ever fails spectacularly, he'll present a talk about every mistake he made along the way. Instead of hiding his failures, he's ready to put them in the spotl…YOUTUBE.COM
3 JunMicrosoft adds quick machine recovery to Windows 11 settingsMicrosoft is testing a dedicated page in Windows Settings for quick machine recovery, which will provide users with additional configuration options. [...]BLEEPINGCOMPUTER.COM
3 JunHe Cracked the Code… But It Took Him 2 Years to Start ⏳James Kettle reveals a harsh truth about cybersecurity research — most people sit on brilliant ideas for years without ever taking action. In this eye-opening short, he shares why experience only comes from trying, failing, and learning. If you've ever doubted whether your resear…YOUTUBE.COM
3 JunChatGPT rolls out Memory upgrade for free usersChatGPT's memory feature is now better and capable of referencing past conversations for free accounts. [...]BLEEPINGCOMPUTER.COM
3 JunOpenAI is hopeful GPT-5 will compete a little moreOpenAI's next big foundational model is GPT-5, and the AI startup is hoping that the model will compete a little more with rivals. [...]BLEEPINGCOMPUTER.COM