102Articles
7Categories
2025-06-11Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 13[−]
11 JunInsyde UEFI Flaw Enables Digital Certificate Injection via NVRAM VariableA critical vulnerability (CVE-2025-4275) in Insyde H2O UEFI firmware allows attackers to bypass Secure Boot protections by injecting malicious digital certificates via an unprotected NVRAM variable. Dubbed Hydroph0bia, this flaw enables pre-boot execution of unsigned code, posing…GBHACKERS.COM
11 JunHPE Aruba Network Flaw Exposes Sensitive Data to Potential HackersHPE Aruba Networking has issued a critical security advisory regarding a high-severity vulnerability in its Private 5G Core Platform. Tracked as CVE-2025-37100, the flaw enables unauthorized access to sensitive system files, posing a significant risk to enterprise confidentiality…GBHACKERS.COM
11 JunCVE-2025-33053: RCE in WebDAV | Kaspersky official blogMicrosoft has fixed the CVE-2025-33053 vulnerability in Web Distributed Authoring and Versioning (WebDAV), which allowed attackers to remotely execute arbitrary code on a victim's computer.KASPERSKY.COM
11 JunCoreDNS Vulnerability Allows Attackers to Exhaust Server Memory via Amplification AttackA high-severity vulnerability (CVE-2025-47950) in CoreDNS’s DNS-over-QUIC (DoQ) implementation enables remote attackers to crash DNS servers through stream amplification attacks. Patched in v1.21.2, this flaw highlights risks in modern protocol adoption for cloud-native systems G…GBHACKERS.COM
11 JunMultiple Microsoft Office Vulnerabilities Enable Remote Code Execution by AttackersMicrosoft has disclosed four critical remote code execution (RCE) vulnerabilities in its Office suite as part of the June 2025 Patch Tuesday updates, posing significant risks to organizations and individuals who depend on the widely used productivity software. The vulnerabilities…GBHACKERS.COM
11 JunCVE-2025-32711 M365 Copilot Information Disclosure VulnerabilityAi command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
11 JunWindows Task Scheduler Flaw Allows Attackers to Escalate PrivilegesA critical elevation of privilege vulnerability has been identified in the Windows Task Scheduler service, tracked as CVE-2025-33067. Officially published on June 10, 2025, by Microsoft as the assigning CNA (CVE Numbering Authority), this flaw allows attackers to potentially gain…GBHACKERS.COM
11 JunWindows Common Log File System Driver Flaw Allows Attackers to Escalate PrivilegesMicrosoft addressed a critical security flaw (CVE-2025-32713) in the Windows Common Log File System (CLFS) driver during its June 2025 Patch Tuesday. The heap-based buffer overflow vulnerability enables local attackers to escalate privileges to SYSTEM-level access, posing signifi…GBHACKERS.COM
11 JunOutlook Vulnerability Allows Remote Execution of Arbitrary Code by AttackersMicrosoft confirmed a critical security vulnerability (CVE-2025-47176) in Microsoft Office Outlook, enabling attackers to execute arbitrary code. Despite the “Remote Code Execution” title, the attack vector is local, requiring attackers to run code from a user’s own machine. Howe…GBHACKERS.COM
11 JunInsyde UEFI Application Vulnerability Enables Digital Certificate Injection Through NVRAM VariableA critical vulnerability in Insyde H2O UEFI firmware (tracked as CVE-2025-XXXX) allows attackers to bypass Secure Boot protections by injecting malicious digital certificates via an unprotected NVRAM variable. This flaw exposes millions of devices to pre-boot malware and kernel-l…GBHACKERS.COM
11 JunJune Patch Tuesday advice for CSOs: Defense-in-depth needed to stop RCEsThis month’s Patch Tuesday fixes highlight a troubling pattern of remote code execution (RCE) holes being found in Microsoft’s core enterprise products, says an expert. “This trend reinforces the need for defense-in-depth strategies that extend well beyond patching,” says Mike Wa…CSOONLINE.COM
11 JunNew Secure Boot Vulnerability Allows Attackers to Install Malware in PC and Server Boot ProcessesSecurity researchers from Binarly have uncovered a major software vulnerability in the Unified Extensible Firmware Interface (UEFI) ecosystem, specifically impacting the Secure Boot mechanism used by almost all modern PCs and servers. Dubbed CVE-2025-3052 (BRLY-2025-001), this me…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 30[−]
11 JunPatch Tuesday, June 2025 EditionMicrosoft today released security updates to fix at least 67 vulnerabilities in its Windows operating systems and software. Redmond warns that one of the flaws is already under active attack, and that software blueprints showing how to exploit a pervasive Windows bug patched this…KREBSONSECURITY.COM
11 JunIs attacker laziness enabled by genAI shortcuts making them easier to catch?OpenAI’s recent report detailing various defenses it has deployed to fight fraudsters, especially those leveraging its LLM to impersonate people on social media, has met with mixed reactions from experts. One prominent analyst group, Gartner, sees it as more of a PR stunt than ac…CSOONLINE.COM
11 JunMultiple Chrome Flaws Enable Remote Code Execution by AttackersGoogle Chrome’s Stable channel is being updated to version 137.0.7151.103 for Windows and Mac, with Linux receiving version 137.0.7151.103 as well. The rollout will take place gradually over the coming days and weeks, ensuring smooth deployment and minimal disruption for users. T…GBHACKERS.COM
11 Jun8 things CISOs have learned from cyber incidentsWhen a cyber incident happens, it’s more than just an isolated event. For many CISOs, it reshapes their approach to resilience, risk management, and even their personal well-being in the job. Several security leaders reflect on the lessons from real-world incidents and why it’s v…CSOONLINE.COM
11 JunCybersecurity Today: State-Backed ChatGPT Misuse, Dark Gaboon Attacks, and Starlink Installation ControversyThis episode of 'Cybersecurity Today' hosted by Jim Love covers various significant events in the cybersecurity landscape. OpenAI has banned multiple ChatGPT accounts linked to state-sponsored hackers from countries including China, Russia, North Korea, Iran, and the Philippines …CYBERSECURITYTODAY.LIBSYN.COM
11 JunQuasar RAT Delivered Through Bat Files, (Wed, Jun 11th)RAT&#;x26;#;39;s are popular malware. They are many of them in the wild, Quasar[ 1 ] being one of them. The malware has been active for a long time and new campaigns come regularly back on stage. I spotted an interesting .bat file (Windows sc…ISC.SANS.EDU
11 Jun KEVMicrosoft Patches 67 Vulnerabilities Including WEBDAV Zero-Day Exploited in the WildMicrosoft has released patches to fix 67 security flaws, including one zero-day bug in Web Distributed Authoring and Versioning (WEBDAV) that it said has come under active exploitation in the wild. Of the 67 vulnerabilities, 11 are rated Critical and 56 are rated Important in sev…THEHACKERNEWS.COM
11 JunCISO who helped unmask Badbox warns: Version 3 is comingsubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.theregister.com/2025/06/11/badbox_round_three/INFOSEC.PUB
11 JunSinoTrack GPS Devices Vulnerable to Remote Vehicle Control via Default PasswordsTwo security vulnerabilities have been disclosed in SinoTrack GPS devices that could be exploited to control certain remote functions on connected vehicles and even track their locations. "Successful exploitation of these vulnerabilities could allow an attacker to access device p…THEHACKERNEWS.COM
11 JunApache CloudStack Flaw Allows Attackers to Execute Privileged ActionsApache CloudStack, a leading open-source cloud management platform, has announced the immediate availability of new Long-Term Support (LTS) releases—version 4.19.3.0 and 4.20.1.0—to address multiple critical security vulnerabilities. The advisory, published by PMC member Pearl Ds…GBHACKERS.COM
11 JunJune 2025 Patch Tuesday: Microsoft Fixes 66 Bugs, Including Active 0-Daysubmitted by kid to cybersecurity 1 points | 0 comments https://hackread.com/june-2025-patch-tuesday-microsoft-bugs-active-0-day/SH.ITJUST.WORKS
11 JunRecently Disrupted DanaBot Leaked Valuable Data for 3 YearsInvestigators leveraged a vulnerability dubbed DanaBleed to obtain insights into the internal operations of the DanaBot botnet. The post Recently Disrupted DanaBot Leaked Valuable Data for 3 Years appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunINTERPOL Dismantles 20,000+ Malicious IPs Linked to 69 Malware Variants in Operation SecureINTERPOL on Wednesday announced the dismantling of more than 20,000 malicious IP addresses or domains that have been linked to 69 information-stealing malware variants. The joint action, codenamed Operation Secure, took place between January and April 2025, and involved law enfor…THEHACKERNEWS.COM
11 JunVU#211341 - A vulnerability in Insyde H2O UEFI application allows for digital certificate injection via NVRAM variablesubmitted by kid to cybersecurity 1 points | 0 comments https://kb.cert.org/vuls/id/211341SH.ITJUST.WORKS
11 JunNeues GenAI-Tool soll Open-Source-Sicherheit erhöhensrcset="https://b2b-contenthub.com/wp-content/uploads/2024/11/shutterstock_2322281155.jpg?quality=50&strip=all 5666w, https://b2b-contenthub.com/wp-content/uploads/2024/11/shutterstock_2322281155.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.c…CSOONLINE.COM
11 JunForgotten patches: The silent killerSecurity breaches rarely come crashing through the front door. More often, they creep in through vulnerabilities that should have been closed long ago. The patch existed. It may have even been scheduled or approved. But it never landed, and no one noticed. In 2024, over half of b…CSOONLINE.COM
11 JunOperation Secure disrupts global infostealer malware operationsAn international law enforcement action codenamed "Operation Secure" targeted infostealer malware infrastructure in a massive crackdown across 26 countries, resulting in 32 arrests, data seizures, and server takedowns. [...]BLEEPINGCOMPUTER.COM
11 JunBrute-force attacks target Apache Tomcat management panelsA coordinated campaign of brute-force attacks using hundreds of unique IP addresses targets Apache Tomcat Manager interfaces exposed online. [...]BLEEPINGCOMPUTER.COM
11 JunThe critical role that partnerships play in shrinking the cyber skills gapOrganizations everywhere are facing a perfect storm of cybersecurity challenges. As AI accelerates the volume and velocity of threats, sophisticated technology and skilled human analysts are vital to building an effective defense. Digital transformation initiatives are creating a…CSOONLINE.COM
11 Jun295 Malicious IPs Launch Coordinated Brute-Force Attacks on Apache Tomcat ManagerThreat intelligence firm GreyNoise has warned of a "coordinated brute-force activity" targeting Apache Tomcat Manager interfaces. The company said it observed a surge in brute-force and login attempts on June 5, 2025, an indication that they could be deliberate efforts to "identi…THEHACKERNEWS.COM
11 JunHackers exploited Windows WebDav zero-day to drop malwareAn APT hacking group known as 'Stealth Falcon' exploited a Windows WebDav RCE vulnerability in zero-day attacks since March 2025 against defense and government organizations in Turkey, Qatar, Egypt, and Yemen. [...]BLEEPINGCOMPUTER.COM
11 JunSalesforce Industry Cloud Hit by 20 Vulnerabilities Including 0dayssubmitted by kid to cybersecurity 1 points | 0 comments https://hackread.com/salesforce-industry-cloud-20-vulnerabilities-0days/SH.ITJUST.WORKS
11 JunZero-click AI data leak flaw uncovered in Microsoft 365 CopilotA new attack dubbed 'EchoLeak' is the first known zero-click AI vulnerability that enables attackers to exfiltrate sensitive data from Microsoft 365 Copilot from a user's context without interaction. [...]BLEEPINGCOMPUTER.COM
11 Jun295 Malicious IPs Launch Coordinated Brute-Force Attacks on Apache Tomcat Managersubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2025/06/295-malicious-ips-launch-coordinated.htmlSH.ITJUST.WORKS
11 JunHackers exploited Windows WebDav zero-day to drop malwaresubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/stealth-falcon-hackers-exploited-windows-webdav-zero-day-to-drop-malware/SH.ITJUST.WORKS
11 JunInterpol Dismantles 20,000 Malicious IPs and Domains Tied to 69 Malware VariantsINTERPOL’s Operation Secure has seen the takedown of more than 20,000 malicious IP addresses and domains associated with infostealer malware. Law enforcement across 26 countries collaborated to dismantle cybercriminal infrastructure, marking a significant step forward in the figh…GBHACKERS.COM
11 JunErie Insurance confirms cyberattack behind business disruptionsErie Insurance and Erie Indemnity Company have disclosed that a weekend cyberattack is behind the recent business disruptions and platform outages on its website. [...]BLEEPINGCOMPUTER.COM
11 JunSmashing Security podcast #421: Toothpick flirts, Google leaks, and ICE ICE scammersWhat do a sleazy nightclub carpet, Google’s gaping privacy hole, and an international student conned by fake ICE agents have in common? This week’s episode of the "Smashing Security" podcast obviously. Graham explains how a Singaporean bug-hunter cracked Google’s defences and cou…GRAHAMCLULEY.COM
11 JunOperation Secure: Trend Micro's Threat Intelligence Fuels INTERPOL's Infostealer Infrastructure TakedownIn this blog, we discuss how Trend Micro played a pivotal role in Operation Secure, a multi-national law enforcement effort that dismantled the infrastructure behind widespread infostealer malware campaigns across Asia and the Pacific.TRENDMICRO.COM
11 JunRisky Business #795 -- How The Com is hacking Salesforce tenantsOn this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: New York Times gets a little stolen Russian FSB data as a treat iVerify spots possible evidence of iOS exploitation against the Harris-Walz campaign Researcher figures out a trick to get Goog…RISKY.BIZ
📋 SECURITY BULLETINS 4[−]
11 JunICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, CISAIndustrial solutions providers Siemens, Schneider Electric and Aveva have released June 2025 Patch Tuesday ICS security advisories. The post ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, CISA appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunMicrosoft fixes Windows Server auth issues caused by April updatesMicrosoft has fixed a known issue causing authentication problems on Windows Server domain controllers after installing the April 2025 security updates. [...]BLEEPINGCOMPUTER.COM
11 JunMicrosoft creates separate Windows 11 24H2 update for incompatible PCsMicrosoft confirmed on Tuesday that it's pushing a revised security update targeting some Windows 11 24H2 systems incompatible with the initial update released during this month's Patch Tuesday. [...]BLEEPINGCOMPUTER.COM
11 JunConnectWise to Update Code Signing Certificates for ScreenConnect, Automate, and RMMConnectWise, a leading provider of remote management and cyber protection tools for managed service providers (MSPs), is set to implement a significant security update affecting ScreenConnect, ConnectWise Automate, and ConnectWise RMM. The action, scheduled for June 13, 2025, at …GBHACKERS.COM
📢 SECURITY ADVISORIES 5[−]
11 JunChina-linked hackers target cybersecurity firms, governments in global espionage campaignChina-linked threat actors — particularly groups tied to advanced cyber-espionage campaigns, such as PurpleHaze and ShadowPad — are targeting top-tier organizations and cybersecurity vendors in an ongoing operation. Security firm SentinelOne has revealed sophisticated reconnaissa…CSOONLINE.COM
🔥 INCIDENT REPORTING 8[−]
11 JunWhy DNS Security Is Your First Defense Against Cyber Attacks?In today’s cybersecurity landscape, much of the focus is placed on firewalls, antivirus software, and endpoint detection. While these tools are essential, one critical layer often goes overlooked: the Domain Name System (DNS). As the starting point of nearly every online interact…THEHACKERNEWS.COM
11 JunTrove of port agency’s data stolen, hackers claim | Cybernewssubmitted by kid to cybersecurity 1 points | 0 comments https://cybernews.com/security/port-agency-ransomware-data-breach/SH.ITJUST.WORKS
11 Jun40,000 Security Cameras Exposed to Remote HackingBitsight has identified over 40,000 security cameras that can be easily hacked for spying or other types of malicious activity. The post 40,000 Security Cameras Exposed to Remote Hacking appeared first on SecurityWeek .SECURITYWEEK.COM
11 Jun84% of Organizations’ SOC Analysts are Unknowinglysubmitted by kid to cybersecurity 1 points | 1 comments https://www.globenewswire.com/news-release/2025/04/16/3062580/0/en/84-of-Organizations-SOC-Analysts-are-Unknowingly-Investigating-the-Same-Incidents.htmlSH.ITJUST.WORKS
11 JunCybercriminals Are Getting Smarter... Are You? 🤯Cybercriminals are evolving faster than ever, using clever tactics to bypass security systems undetected. 😱 They’re no longer just targeting "bad" locations—they're using trusted platforms like OneDrive to sneak data past defenses! 🚨 With ransomware gangs constantly innovating, t…YOUTUBE.COM
11 JunThey’re Already Inside… And You Didn’t Even Notice!Hackers are already inside… and you didn’t even notice! 😱 Cybercriminals are using Living Off The Land techniques, blending into legitimate system tools to move laterally, exfiltrate data, and stay undetected. If security teams only check logs after an incident, they’re already t…YOUTUBE.COM
11 JunFormer Black Basta Members Use Microsoft Teams and Python Scripts in 2025 AttacksFormer members tied to the Black Basta ransomware operation have been observed sticking to their tried-and-tested approach of email bombing and Microsoft Teams phishing to establish persistent access to target networks. "Recently, attackers have introduced Python script execution…THEHACKERNEWS.COM
11 JunSmartAttack uses smartwatches to steal data from air-gapped systemsA new attack dubbed 'SmartAttack' uses smartwatches as a covert ultrasonic signal receiver to exfiltrate data from physically isolated (air-gapped) systems. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 32[−]
11 JunHow Scammers Are Using AI to Steal College Financial AidFake college enrollments have been surging as crime rings deploy “ghost students” — chatbots that join online classrooms and stay just long enough to collect a financial aid check. The post How Scammers Are Using AI to Steal College Financial Aid appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunISC Stormcast For Wednesday, June 11th, 2025 https://isc.sans.edu/podcastdetail/9488, (Wed, Jun 11th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
11 JunSecurity Money: The Index is Up, CISOs Need to Get Out, and Are You Burning Out? - BSW #399This week, it’s time for security money. The index is up, but the previous quarterly results were brutal. In the leadership and communications segment, Get out of the audit committee: Why CISOs need dedicated board time, Quietly Burning Out? What To Do When Your Leadership Starts…YOUTUBE.COM
11 JunChrome, Firefox Updates Resolve High-Severity Memory BugsGoogle and Mozilla have released patches for a combined total of four high-severity memory bugs in Chrome and Firefox. The post Chrome, Firefox Updates Resolve High-Severity Memory Bugs appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunRethinking Success in Security: Why Climbing the Corporate Ladder Isn’t Always the GoalMany security professionals feel pressured to pursue leadership roles, but success can also mean going deeper, not just higher. The post Rethinking Success in Security: Why Climbing the Corporate Ladder Isn’t Always the Goal appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunHorizon3.ai Raises $100 Million in Series D FundingHorizon3.ai has raised $100 million to expand product capabilities, and to scale its partner ecosystem and federal market presence. The post Horizon3.ai Raises $100 Million in Series D Funding appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunCyera Raises $540 Million to Expand AI-Powered Data Security PlatformSeries E funding round brings Cyera’s total funding to over $1.3 billion and values the data security firm at $6 billion. The post Cyera Raises $540 Million to Expand AI-Powered Data Security Platform appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunFacebook malvertising reveals 4K domains spoofing 68 brands | SC Mediasubmitted by kid to cybersecurity 2 points | 0 comments https://www.scworld.com/news/facebook-malvertising-reveals-4k-domains-spoofing-68-brandsSH.ITJUST.WORKS
11 JunIvanti Workspace Control hardcoded key flaws expose SQL credentialssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/ivanti-workspace-control-hardcoded-key-flaws-expose-sql-credentials/SH.ITJUST.WORKS
11 JunEggs in a Cloudy Basket: Skeleton Spider’s Trusted Cloud Malware Delivery - DomainTools Investigations | DTIsubmitted by kid to cybersecurity 1 points | 0 comments https://dti.domaintools.com/skeleton-spider-trusted-cloud-malware-delivery/SH.ITJUST.WORKS
11 Jun40,000 cameras expose feeds to datacenters, health clinics • The Registersubmitted by kid to cybersecurity 4 points | 0 comments https://www.theregister.com/2025/06/10/40000_iot_cameras_exposed/SH.ITJUST.WORKS
11 JunFortinet, Ivanti Patch High-Severity VulnerabilitiesPatches released by Fortinet and Ivanti resolve over a dozen vulnerabilities, including high-severity flaws leading to code execution, credential leaks. The post Fortinet, Ivanti Patch High-Severity Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunNew BrowserVenom malware being distributed via fake DeepSeek phishing websitesubmitted by Pro to cybersecurity 1 points | 0 comments https://securelist.com/browservenom-mimicks-deepseek-to-use-malicious-proxy/115728/INFOSEC.PUB
11 JunNew BrowserVenom malware being distributed via fake DeepSeek phishing websitesubmitted by Pro to cybersecurity 1 points | 0 comments https://securelist.com/browservenom-mimicks-deepseek-to-use-malicious-proxy/115728/SH.ITJUST.WORKS
11 JunAdobe Releases Patch Fixing 254 Vulnerabilities, Closing High-Severity Security Gapssubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2025/06/adobe-releases-patch-fixing-254.htmlSH.ITJUST.WORKS
11 Jun“Oral pleasure” app potentially leaks millions of messages and GPS locationssubmitted by Pro to cybersecurity 1 points | 0 comments https://cybernews.com/security/headero-data-leak-gps-chat-exposed/INFOSEC.PUB
11 Jun“Oral pleasure” app potentially leaks millions of messages and GPS locationssubmitted by Pro to cybersecurity 1 points | 0 comments https://cybernews.com/security/headero-data-leak-gps-chat-exposed/SH.ITJUST.WORKS
11 JunWhy would you want to sign your commits with PGP? Is SSH insufficient?submitted by Custodian6718 to cybersecurity 2 points | 0 comments So, feel free to correct me if I am wrong but this is my current knowledge about ts: PGP and SSH both use asymmetric encryption; in other words there is always a public and private key. You can verify the sender wi…SH.ITJUST.WORKS
11 JunWebinar Today: Rethinking Endpoint Hardening for Today’s Attack LandscapeLearn how attackers hide in plain sight—and what you can do to stop them without slowing down your business. The post Webinar Today: Rethinking Endpoint Hardening for Today’s Attack Landscape appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 2 points | 0 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
11 JunFlaw in Industrial Computer Maker’s UEFI Apps Enables Secure Boot Bypass on Many DevicesVulnerable DTResearch UEFI firmware applications can be used in BYOVD attacks to bypass Secure Boot. The post Flaw in Industrial Computer Maker’s UEFI Apps Enables Secure Boot Bypass on Many Devices appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunMaze Banks $25M to Tackle Cloud Security with AI AgentsMaze and its investors are betting on finding profits in software that uses AI-powered agents to automate critical parts of the process. The post Maze Banks $25M to Tackle Cloud Security with AI Agents appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunSecuronix Acquires Threat Intelligence Firm ThreatQuotientCybersecurity heavyweight Securonix acquires ThreatQuotient to boost plans to build an all-in-one security operations stack. The post Securonix Acquires Threat Intelligence Firm ThreatQuotient appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunHuman Risk Management: Cybersecurity as a Business EnablerReducing human risk in cybersecurity requires a human-first approach that relies on effective training and practice for people to gain security knowledge, practice secure behavior, and foster a culture of security and mutual support.KNOWBE4.COM
11 JunOpenAI Report Describes AI-Assisted Social Engineering AttacksOpenAI has published a report looking at AI-enabled malicious activity, noting that threat actors are increasingly using AI tools to assist in social engineering attacks and influence operations.KNOWBE4.COM
11 JunRSAC Fireside Chat: Operationalizing diverse security to assure customers, partners–and insurersCatastrophic outages don’t just crash systems — they expose assumptions. Related: Getting the most from cyber insurance At RSAC 2025, I met with ESET Chief Security Evangelist Tony Anscombe to trace a quiet but growing convergence: endpoint defense, cyber insurance, … (more…LASTWATCHDOG.COM
11 JunINTERPOL Dismantles 20,000+ Malicious IPs Linked to 69 Malware Variants in Operation Securesubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2025/06/interpol-dismantles-20000-malicious-ips.htmlSH.ITJUST.WORKS
11 JunNew Secure Boot flaw lets attackers install bootkit malware, patch nowsubmitted by kid to cybersecurity 4 points | 0 comments https://www.bleepingcomputer.com/news/security/new-secure-boot-flaw-lets-attackers-install-bootkit-malware-patch-now/SH.ITJUST.WORKS
11 JunLinux Malware Authors Targeting Cloud Environments with ELF BinariesUnit 42, Palo Alto Networks’ threat intelligence division, has recently conducted investigations that have revealed a worrying trend: threat actors are increasingly creating and modifying Linux Executable and Linkable Format (ELF) malware to attack cloud infrastructure. Wit…GBHACKERS.COM
11 JunResearchers find the first known “zero-click” attack on an AI agent; the now-fixed flaw in Microsoft 365 Copilot would let a hacker attack a user via an emailsubmitted by Pro to cybersecurity 1 points | 0 comments https://www.aim.security/lp/aim-labs-echoleak-blogpostINFOSEC.PUB
11 JunResearchers find the first known “zero-click” attack on an AI agent; the now-fixed flaw in Microsoft 365 Copilot would let a hacker attack a user via an emailsubmitted by Pro to cybersecurity 1 points | 0 comments https://www.aim.security/lp/aim-labs-echoleak-blogpostSH.ITJUST.WORKS
11 JunOver 40,000 Internet-Connected Cameras Exposed, Streaming Live OnlineBitsight TRACE has uncovered more than 40,000 security cameras openly accessible on the internet—streaming live footage from homes, offices, factories, and even sensitive datacenter rooms. This widespread exposure, which Bitsight first flagged in 2023, shows no sign of improvemen…GBHACKERS.COM
📡 INFOSEC NEWS 10[−]
11 JunHow to Build a Lean Security Model: 5 Lessons from River IslandIn today’s security landscape, budgets are tight, attack surfaces are sprawling, and new threats emerge daily. Maintaining a strong security posture under these circumstances without a large team or budget can be a real challenge. Yet lean security models are not only possi…THEHACKERNEWS.COM
11 JunEnabling Secure AI Inference: Trend Cybertron Leverages NVIDIA Universal LLM NIM MicroservicesLearn how Trend's Cybertron has been harnessing the power of NVIDIA Universal LLM NIM Microservices.TRENDMICRO.COM
11 JunMicrosoft fixes unreachable Windows Server domain controllersMicrosoft has resolved a known issue that caused some Windows Server 2025 domain controllers to become unreachable after a restart and triggered app or service failures. [...]BLEEPINGCOMPUTER.COM
11 Jun23andMe says 15% of customers asked to delete their genetic data since bankruptcyMore than two dozen states have sued 23andMe to block the sale of genetic data without customers' permission.TECHCRUNCH.COM
11 JunHow to delete your 23andMe data23andMe holds millions of customers' genetic information. Here's what you can do to protect your data.TECHCRUNCH.COM
11 JunUS government’s vaccine website defaced with AI-generated contentThe content of a vaccines information website owned U.S. Department of Health and Human Services was swapped with gay-themed spam.TECHCRUNCH.COM
11 JunInnovation in the Fast Lane: Lessons from Motorsport and CybersecurityLearn how Trend Micro and NEOM McLaren Formula E Team turn creativity into innovation by rethinking team structures, workflows, and data use.TRENDMICRO.COM
11 JunChatGPT o3 API 80% price drop has no impact on performanceChatGPT o3, which has been available via API, is now 80% cheaper for developers, and there's no visible impact on performance. [...]BLEEPINGCOMPUTER.COM
11 JunEnsuring Secure Container Deployments with Image Signature VerificationEnsure your container deployments are secure with a verified image signature.TRENDMICRO.COM