104Articles
9Categories
2025-06-12Date
🚨 CISA KEV 2[−]
12 Jun KEVRansomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software ProviderSummary The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this advisory in response to ransomware actors leveraging unpatched instances of a vulnerability in SimpleHelp Remote Monitoring and Management (RMM) to compromise customers of a utility billing soft…CISA.GOV
12 Jun KEVCISA Releases Cybersecurity Advisory on SimpleHelp RMM VulnerabilityToday, CISA released Cybersecurity Advisory: Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider . This advisory is in response to ransomware actors targeting customers of a utility billing software provi…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 12[−]
12 Jun0-Click Vulnerability in Microsoft 365 Copilot Exposes Sensitive Data via TeamsSecurity researchers have uncovered the first-ever zero-click vulnerability in an AI agent, targeting Microsoft 365 Copilot and potentially exposing sensitive organizational data through a sophisticated attack chain dubbed “EchoLeak.” The critical flaw, assigned CVE-2…GBHACKERS.COM
12 JunWindows SMB Client Zero-Day Vulnerability Exploited via Reflective Kerberos Relay AttackA newly disclosed vulnerability, CVE-2025-33073, dubbed the “Reflective Kerberos Relay Attack,” has shaken the Windows security landscape. Discovered by RedTeam Pentesting and patched by Microsoft on June 10, 2025, this flaw allows low-privileged Active Directory user…GBHACKERS.COM
12 Jun‘EchoLeak’ AI Attack Enabled Theft of Sensitive Data via Microsoft 365 CopilotMicrosoft recently patched CVE-2025-32711, a vulnerability that could have been used for zero-click attacks to steal data from Copilot. The post ‘EchoLeak’ AI Attack Enabled Theft of Sensitive Data via Microsoft 365 Copilot appeared first on SecurityWeek .SECURITYWEEK.COM
12 JunZero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User InteractionA novel attack technique named EchoLeak has been characterized as a "zero-click" artificial intelligence (AI) vulnerability that allows bad actors to exfiltrate sensitive data from Microsoft 365 Copilot's context sans any user interaction. The critical-rated vulnerability has bee…THEHACKERNEWS.COM
12 JunTrend Micro Apex One Zero-Day Vulnerability Enables Attackers to Inject Malicious CodeTrend Micro has issued an urgent security bulletin addressing five critical vulnerabilities in its Apex One endpoint security platform that could allow attackers to execute arbitrary code and escalate privileges on affected systems. The vulnerabilities, assigned CVE identifiers C…GBHACKERS.COM
12 JunCommand Injection Flaw in Palo Alto PAN-OS Allows Root-Level Code ExecutionA newly disclosed command injection vulnerability (CVE-2025-4230) in Palo Alto Networks PAN-OS software enables authenticated administrators to bypass restrictions and execute arbitrary commands with root privileges. With a CVSS v4.0 score of 5.7 (Medium severity), this flaw high…GBHACKERS.COM
12 JunGraphite Caught: First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targetedsubmitted by Pro to cybersecurity 1 points | 0 comments https://citizenlab.ca/2025/06/first-forensic-confirmation-of-paragons-ios-mercenary-spyware-finds-journalists-targeted/ On April 29, 2025, a select group of iOS users were notified by Apple that they were targeted with advan…INFOSEC.PUB
12 JunGraphite Caught: First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targetedsubmitted by Pro to cybersecurity 1 points | 0 comments https://citizenlab.ca/2025/06/first-forensic-confirmation-of-paragons-ios-mercenary-spyware-finds-journalists-targeted/ On April 29, 2025, a select group of iOS users were notified by Apple that they were targeted with advan…SH.ITJUST.WORKS
12 JunPrivilege Escalation in PAN-OS Web Interface Allows Admin Users to Perform Root ActionsPalo Alto Networks disclosed a medium-severity command injection vulnerability on June 11, 2025, designated as CVE-2025-4231, affecting the management web interface of its PAN-OS operating system. The vulnerability enables authenticated administrative users to escalate privileges…GBHACKERS.COM
12 JunFirst-ever zero-click attack targets Microsoft 365 CopilotImagine an attack so stealthy it requires no clicks, no downloads, no warning – just an email sitting in your inbox. This is EchoLeak, a critical vulnerability in Microsoft 365 Copilot that lets hackers steal sensitive corporate data without a single action from the victim. Disco…CSOONLINE.COM
12 JunUnpatched holes could allow takeover of GitLab accountsA new vulnerability in GitLab’s Community and Enterprise Editions used for managing source code is “dangerous” and needs to be quickly patched, says an expert. The vulnerability, CVE-2025-5121, is one of 10 described Wednesday by GitLab as it released bug and security fixes for s…CSOONLINE.COM
12 JunOpenPGP.js Vulnerability Allows Attackers to Bypass Message Signature VerificationA critical vulnerability in OpenPGP.js, a widely used JavaScript library for encrypted messaging and digital signatures, has been patched after researchers discovered it allowed attackers to spoof message signatures, potentially undermining the trust model of public key cryptogra…GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 33[−]
12 JunOver 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration ToolCybersecurity researchers have uncovered a new account takeover (ATO) campaign that leverages an open-source penetration testing framework called TeamFiltration to breach Microsoft Entra ID (formerly Azure Active Directory) user accounts. The activity, codenamed UNK_SneakyStrike …THEHACKERNEWS.COM
12 JunNytheon AI Tool Gaining Traction on Hacking Forums for Malicious ActivitiesThe emergence of Nytheon AI marks a significant escalation in the landscape of uncensored large language model (LLM) platforms. Unlike previous single-model jailbreaks, Nytheon AI offers a comprehensive suite of open-source models, each stripped of safety guardrails and unified u…GBHACKERS.COM
12 JunSmaller organizations nearing cybersecurity breaking pointLimited budgets, overstretched IT teams, and a rapidly evolving threat landscape mean smaller organizations are approaching a “cybersecurity tipping point.” The World Economic Forum’s (WEF) Global Cybersecurity Outlook 2025 report noted that “71% of cyber leaders say small organi…CSOONLINE.COM
12 JunRussian hybrid warfare: Ukraine's success offers lessons for Europesubmitted by randomname to cybersecurity 1 points | 0 comments https://www.atlanticcouncil.org/blogs/ukrainealert/russian-hybrid-warfare-europe-should-study-ukraines-unique-experience cross-posted from: scribe.disroot.org/post/3093548 Archived version … Russia’s subsequent effort…INFOSEC.PUB
12 JunRussian hybrid warfare: Ukraine's success offers lessons for Europesubmitted by randomname to cybersecurity 1 points | 0 comments https://www.atlanticcouncil.org/blogs/ukrainealert/russian-hybrid-warfare-europe-should-study-ukraines-unique-experience cross-posted from: scribe.disroot.org/post/3093548 Archived version … Russia’s subsequent effort…SH.ITJUST.WORKS
12 JunPalo Alto Networks Patches Privilege Escalation VulnerabilitiesPalo Alto Networks has released patches for seven vulnerabilities and incorporated the latest Chrome fixes in its products. The post Palo Alto Networks Patches Privilege Escalation Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
12 JunConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security RisksConnectWise has disclosed that it's planning to rotate the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise remote monitoring and management (RMM) executables due to security concerns. The company said it's doing so "due to conce…THEHACKERNEWS.COM
12 JunNew Campaign Targets Entra ID User Accounts Using Pentesting Tool for Account TakeoverProofpoint Threat Intelligence has uncovered a large-scale Account Takeover (ATO) campaign, internally tracked as UNK_SneakyStrike, that leverages the open-source penetration testing framework TeamFiltration to target Microsoft Entra ID user accounts across global organizations.&…GBHACKERS.COM
12 JunFog ransomware attack uses unusual mix of legitimate and open-source toolsFog ransomware hackers are using an uncommon toolset, which includes open-source pentesting utilities and a legitimate employee monitoring software called Syteca. [...]BLEEPINGCOMPUTER.COM
12 JunThe ZTNA Blind Spot: Why Unmanaged Devices Threaten Your Hybrid WorkforceIt’s time for enterprises to stop treating unmanaged devices as an edge case and start securing them as part of a unified Zero Trust strategy. The post The ZTNA Blind Spot: Why Unmanaged Devices Threaten Your Hybrid Workforce appeared first on SecurityWeek .SECURITYWEEK.COM
12 JunCybercriminals Advertise Advanced MaaS Botnet with Blockchain C2 on Hacking ForumsCybersecurity researchers have uncovered the alleged sale of a sophisticated Malware-as-a-Service (MaaS) botnet that combines legitimate development frameworks with cutting-edge evasion techniques. The threat actor is reportedly offering the complete source code of a botnet that …GBHACKERS.COM
12 JunFIN6 exploits HR workflows to breach corporate defensesThe financially motivated cybercrime group FIN6, also known as Skeleton Spider, is targeting human resources professionals with an elaborate social engineering scheme that uses fake job applications to deliver malware, according to new research from security analysts. The campaig…CSOONLINE.COM
12 JunWeekly Update 456Presently sponsored by: Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing It's time to fly! It's two months to the day since we came back from the last European trip, again spending the time with some of the agencies and par…TROYHUNT.COM
12 JunPhishing sites posing as DeepSeek downloads drop a proxy backdoorKaspersky is warning LLM users of a new malicious campaign distributing a previously unknown malware, dubbed “BrowserVenom,” through a fake DeepSeek-R1 environment installer. According to findings by the cybersecurity and antivirus firm, users are being tricked into downloading t…CSOONLINE.COM
12 JunOWASP Nettacker: Open-source scanner for recon and vulnerability assessment - Help Net Securitysubmitted by kid to cybersecurity 1 points | 0 comments https://www.helpnetsecurity.com/2025/06/11/owasp-nettacker-open-source-scanner/SH.ITJUST.WORKS
12 JunStealth Falcon APT Exploits Microsoft RCE Zero-Daysubmitted by kid to cybersecurity 2 points | 0 comments https://www.darkreading.com/vulnerabilities-threats/stealth-falcon-apt-exploits-microsoft-rce-zero-day-mideastSH.ITJUST.WORKS
12 JunUrgent Firefox Alert: Critical Memory Corruption Flaws (CVSS 9.8) Allow Remote Code Executionsubmitted by kid to cybersecurity 6 points | 0 comments https://securityonline.info/urgent-firefox-alert-critical-memory-corruption-flaws-cvss-9-8-allow-remote-code-execution/SH.ITJUST.WORKS
12 JunThe Impact of Artificial Intelligence on the Cybersecurity WorkforceThe NICE Workforce Framework for Cybersecurity ( NICE Framework) was revised in November 2020 as NIST Special Publication 800-181 rev.1 to enable more effective and rapid updates to the NICE Framework Components, including how the advent of emerging technologies would impact cybe…NIST.GOV
12 JunCSO Awards 2025 showcase world-class security strategiesFor more than a decade, the CSO Awards have recognized security projects that demonstrate outstanding thought leadership and business value. The award is an acknowledged mark of cybersecurity excellence. “The scope and complexity of cybersecurity responsibilities are expanding ra…CSOONLINE.COM
12 JunHow a 2015 Cyberattack Led to Hacking the PentagonIn 2015, a massive cyberattack hit the Office of Personnel Management, exposing the data of 20 million federal employees and compromising over a billion records. What happened next shocked the cybersecurity world — the US government launched its first bug bounty program. While pr…YOUTUBE.COM
12 JunThe Citizen Lab: Graphite Caught: First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targetedsubmitted by cm0002 to cybersecurity 1 points | 0 comments https://citizenlab.ca/2025/06/first-forensic-confirmation-of-paragons-ios-mercenary-spyware-finds-journalists-targeted/INFOSEC.PUB
12 JunThe Easiest Way to Upgrade Enterprise Linux! 🔥Upgrading enterprise Linux has never been easier! 🚀 Elevate, a powerful tool developed from a Red Hat open-source project, allows users to upgrade in place between major versions—no data migration needed! 🔥 For CentOS users looking for a seamless transition to supported operating…YOUTUBE.COM
12 JunCISA Releases Ten Industrial Control Systems AdvisoriesCISA released ten Industrial Control Systems (ICS) advisories on June 12, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-162-01 Siemens Tecnomatix Plant Simulation ICSA-25-162-02 Siemens RUGG…CISA.GOV
12 JunFrom Trust to Threat: Hijacked Discord Invites Used for Multi-Stage Malware Deliverysubmitted by Pro to cybersecurity 1 points | 0 comments https://research.checkpoint.com/2025/from-trust-to-threat-hijacked-discord-invites-used-for-multi-stage-malware-delivery/ Check Point Research uncovered an active malware campaign exploiting expired and released Discord invi…INFOSEC.PUB
12 JunFrom Trust to Threat: Hijacked Discord Invites Used for Multi-Stage Malware Deliverysubmitted by Pro to cybersecurity 1 points | 0 comments https://research.checkpoint.com/2025/from-trust-to-threat-hijacked-discord-invites-used-for-multi-stage-malware-delivery/ Check Point Research uncovered an active malware campaign exploiting expired and released Discord invi…SH.ITJUST.WORKS
12 JunOneLogin AD Connector Vulnerabilities Expose Authentication CredentialsA critical security vulnerability in OneLogin’s Active Directory (AD) Connector service has exposed enterprise authentication systems to significant risk The flaw, now reportedly fixed, uncovered by SpecterOps allowed malicious actors to obtain authentication credentials, imperso…GBHACKERS.COM
12 JunApple fixes new iPhone zero-day bug used in Paragon spyware hacksThe iPhone maker quietly updated a February security advisory to publicize a flaw that was used to hack at least two journalists in Europe.TECHCRUNCH.COM
12 JunSee How We’re Fortifying Cloud and AI at AWS re:Inforce 2025Join Palo Alto Networks at AWS re:Inforce '25. Connect with security experts and discover actionable solutions to AWS security challenges. The post See How We’re Fortifying Cloud and AI at AWS re:Inforce 2025 appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
12 JunThreat Actors Exploit DeepSeek-R1 Popularity to Target Windows Device UsersA new, highly sophisticated cyberattack campaign is targeting users seeking to download the popular language model DeepSeek-R1, exploiting global interest in large language models (LLMs). Kaspersky researchers have uncovered that threat actors are utilizing malvertising and phish…GBHACKERS.COM
12 JunTrend Micro fixes critical vulnerabilities in multiple productsTrend Micro has released security updates to address multiple critical-severity remote code execution and authentication bypass vulnerabilities that impact its Apex Central and Endpoint Encryption (TMEE) PolicyServer products. [...]BLEEPINGCOMPUTER.COM
12 JunCybercriminals Exploiting Expired Discord Invite Links to Deploy Multi-Stage MalwareSecurity researchers have uncovered a sophisticated malware campaign exploiting a little-known flaw in Discord’s invitation system, enabling cybercriminals to hijack expired or deleted invite links and redirect unsuspecting users to malicious servers. This attack chain, discovere…GBHACKERS.COM
12 JunUEFI Vulnerabilities Galore - PSW #878This week: * You got a Bad box, again * Cameras are expose to the Internet * EU and connected devices * Hydrophobia * NVRAM variables * Have you heard about IGEL Linux? * SSH and more NVRAM * AI skeptics are nuts, and AI doesn't make you more efficient * Trump Cybersecurity order…YOUTUBE.COM
12 JunMalware attack disguises itself as DeepSeek installerCybercriminals are exploiting the growing interest in open source AI models by disguising malware as a legitimate installer for DeepSeek.GRAHAMCLULEY.COM
📋 SECURITY BULLETINS 3[−]
12 JunGitLab patches high severity account takeover, missing auth issuesGitLab has released security updates to address multiple vulnerabilities in the company's DevSecOps platform, including ones enabling attackers to take over accounts and inject malicious jobs in future pipelines. [...]BLEEPINGCOMPUTER.COM
12 JunMicrosoft Resolves Windows Server 2025 Restart Bug Disrupting Active Directory ConnectivityMicrosoft has addressed multiple critical issues affecting Windows Server 2025 domain controllers through its June 2025 Patch Tuesday updates, resolving authentication failures and network connectivity problems that have plagued administrators since April. The fixes come as part …GBHACKERS.COM
12 JunMultiple GitLab Vulnerabilities Expose Users to Complete Account Takeover RisksGitLab, the widely used DevSecOps platform, has released urgent security updates addressing multiple high-severity vulnerabilities that could allow attackers to take over user accounts, inject malicious code, and disrupt services. The new versions—18.0.2, 17.11.4, and 17.10.8 for…GBHACKERS.COM
📢 SECURITY ADVISORIES 5[−]
12 JunCISA Issues Comprehensive Guide to Safeguard Network Edge DevicesThe Cybersecurity and Infrastructure Security Agency (CISA), in partnership with international cybersecurity authorities, announced the release of comprehensive guidance to help organizations protect their network edge devices and appliances. This collaborative effort, involving …GBHACKERS.COM
12 JunNIST touts 19 ways to build "off the shelf" Zero Trust Architecture in new guidance | Cybernewssubmitted by kid to cybersecurity 1 points | 0 comments https://cybernews.com/security/nist-zero-trust-architecture-releases-new-guidance/SH.ITJUST.WORKS
12 JunSweden says it is under cyber attackSwedish Prime Minister Ulf Kristersson says his country is under attack, after days of hard-hitting DDoS attacks against SVT Sweden's public TV broadcaster, government websites, and other key organisations.GRAHAMCLULEY.COM
🔥 INCIDENT REPORTING 9[−]
12 JunWith Retail Cyberattacks on the Rise, Customers Find Orders Blocked and Shelves EmptyBeyond potentially halting sales of physical goods, breaches can expose customers’ personal data to future phishing or fraud attempts. The post With Retail Cyberattacks on the Rise, Customers Find Orders Blocked and Shelves Empty appeared first on SecurityWeek .SECURITYWEEK.COM
12 JunEmpty shelves after US’s largest natural and organic food distributor suffers cyber attackThe spate of cyber attacks impacting the retail industry continues, with the latest victim being United Natural Foods (UNFI), which supplies organic produce to Whole Foods, Amazon, Target, and Walmart, amongst many others. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
12 JunUnternehmen wiegen sich in falscher SicherheitLaut einer TÜV-Umfrage halten sich 91 Prozent der Unternehmen für „gut geschützt“ vor Cyberattacken. Doch die Zahl Angriffe ist massiv gestiegen. https://www.shutterstock.com/g/B Desain Etwa jedes siebte Unternehmen ist in den vergangenen zwölf Monaten von einem Cyberangriff betr…CSOONLINE.COM
12 JunSurge in Cyberattacks Targeting Journalists: CloudflareBetween May 2024 and April 2025, Cloudflare blocked 109 billion malicious requests targeting organizations protected under Project Galileo. The post Surge in Cyberattacks Targeting Journalists: Cloudflare appeared first on SecurityWeek .SECURITYWEEK.COM
12 JunResearchers confirm two journalists were hacked with Paragon spywareThe confirmation of two hacked victims further deepens an ongoing spyware scandal that, for now, appears largely focused on the Italian government.TECHCRUNCH.COM
12 JunNew ‘SmartAttack’ Steals Air-Gapped Data Using SmartwatchesThe new attack technique uses smartwatches to capture ultrasonic covert communication in air-gapped environments and exfiltrate data. The post New ‘SmartAttack’ Steals Air-Gapped Data Using Smartwatches appeared first on SecurityWeek .SECURITYWEEK.COM
12 JunErie Insurance confirms cyberattack behind business disruptionssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/erie-insurance-confirms-cyberattack-behind-business-disruptions/SH.ITJUST.WORKS
12 Jun137,000 SoftBank Customers Affected by Data Leak from Third-Party VendorSoftBank has previously experienced significant data breaches. In 2004, the company confirmed that personal information on 4,517,039 customers had been leaked through two separate cases involving suspects Yuasa and Kimata. This historical incident demonstrates the scale of data s…GBHACKERS.COM
12 JunCyber resilience begins before the crisisHear directly from Microsoft’s Deputy CISO for Customer Security, Ann Johnson, about the need for proactive planning in cyber incidents. The post Cyber resilience begins before the crisis appeared first on Microsoft Security Blog .MICROSOFT.COM
🕵️ THREAT INTELLIGENCE 30[−]
12 JunNominations now open for the CSO30 ASEAN Awards 2025CSO ASEAN is pleased to launch the CSO30 ASEAN Awards 2025, recognizing the top 30 senior cybersecurity leaders and teams across Southeast Asia and Hong Kong. In today’s volatile digital landscape, every organization faces relentless cybersecurity challenges. But some teams do no…CSOONLINE.COM
12 JunISC Stormcast For Thursday, June 12th, 2025 https://isc.sans.edu/podcastdetail/9490, (Thu, Jun 12th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
12 Jun20,000 malicious IPs and domains taken down in INTERPOL infostealer crackdownsubmitted by Pro to cybersecurity 2 points | 0 comments https://www.interpol.int/News-and-Events/News/2025/20-000-malicious-IPs-and-domains-taken-down-in-INTERPOL-infostealer-crackdownINFOSEC.PUB
12 Jun20,000 malicious IPs and domains taken down in INTERPOL infostealer crackdownsubmitted by Pro to cybersecurity 2 points | 0 comments https://www.interpol.int/News-and-Events/News/2025/20-000-malicious-IPs-and-domains-taken-down-in-INTERPOL-infostealer-crackdownSH.ITJUST.WORKS
12 JunInterpol Targets Infostealers: 20,000 IPs Taken Down, 32 Arrested, 216,000 Victims NotifiedInterpol has announced a crackdown on infostealer malware in Asia as part of an effort called Operation Secure. The post Interpol Targets Infostealers: 20,000 IPs Taken Down, 32 Arrested, 216,000 Victims Notified appeared first on SecurityWeek .SECURITYWEEK.COM
12 JunHackers Launch Coordinated Attack on Apache Tomcat Manager from 400 Unique IPsCybersecurity researchers at GreyNoise Intelligence have identified a significant coordinated attack campaign targeting Apache Tomcat Manager interfaces across the globe. On June 5, 2025, the company’s threat detection systems registered activity levels far exceeding normal…GBHACKERS.COM
12 JunSHARED INTEL Q&A: A sharper lens on rising API logic abuse — and a framework to fight backIn today’s digital enterprise, API-driven infrastructure is the connective tissue holding everything together. Related: The DocuSign API-abuse hack From mobile apps to backend workflows, APIs are what keep digital services talking—and scaling. But this essential layer of connecti…LASTWATCHDOG.COM
12 JunNew Campaign Targets Entra ID User Accounts Using Pentesting Tool for Account Takeoversubmitted by kid to cybersecurity 2 points | 0 comments https://gbhackers.com/new-campaign-targets-entra-id-user-accounts/SH.ITJUST.WORKS
12 JunHirundo Raises $8 Million to Eliminate AI’s Bad BehaviorHirundo tackles AI hallucinations and bias by making trained models “forget” poisoned, malicious, and confidential data. The post Hirundo Raises $8 Million to Eliminate AI’s Bad Behavior appeared first on SecurityWeek .SECURITYWEEK.COM
12 JunSinoTrack GPS Devices Vulnerable to Remote Vehicle Control via Default Passwordssubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2025/06/sinotrack-gps-devices-vulnerable-to.htmlSH.ITJUST.WORKS
12 JunGlobal analysis of Adversary-in-the-Middle phishing threats - Sekoia.io Blogsubmitted by kid to cybersecurity 1 points | 0 comments https://blog.sekoia.io/global-analysis-of-adversary-in-the-middle-phishing-threats/SH.ITJUST.WORKS
12 JunGitLab patches high severity account takeover, missing auth issuessubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/gitlab-patches-high-severity-account-takeover-missing-auth-issues/SH.ITJUST.WORKS
12 JunDeepfakes and the AI Battle Between Generation and DetectionAI-generated voice deepfakes have crossed the uncanny valley, fueling a surge in fraud that outpaces traditional security measures. Detection technology is racing to keep up. The post Deepfakes and the AI Battle Between Generation and Detection appeared first on SecurityWeek .SECURITYWEEK.COM
12 JunAutomated Tools to Assist with DShield Honeypot Investigations [Guest Diary], (Wed, Jun 11th)[This is a Guest Diary by William Constantino, an ISC intern as part of the SANS.edu BACS program] ISC.SANS.EDU
12 JunHow to Recognize Fraudulent North Korean Job ApplicantsResearchers at Socure warn of an ongoing wave of employment fraud driven by North Korean IT operatives attempting to secure positions at foreign companies.KNOWBE4.COM
12 JunHow a Fake Cybersecurity Firm Became a Real ThreatPicture this: it's 2021. You're an IT professional, scrolling through LinkedIn, when a message pings. "Bastion Secure," a new cybersecurity company, is hiring. The pay? Excellent.KNOWBE4.COM
12 Jun2025 CSO Hall of Fame honoreesNow entering its seventh year, the CSO Hall of Fame spotlights outstanding leaders who have significantly contributed to the practice of information risk management and security. The CSO Hall of Fame honors executives who have spent at least 10 years in a CSO, CISO or other C-lev…CSOONLINE.COM
12 JunParagon ‘Graphite’ Spyware Linked to Zero-Click Hacks on Newest iPhonesCitizen Lab publishes forensic proof that spyware maker Paragon can compromise up-to-date iPhones. Journalists in Europe among victims. The post Paragon ‘Graphite’ Spyware Linked to Zero-Click Hacks on Newest iPhones appeared first on SecurityWeek .SECURITYWEEK.COM
12 JunAirlines Secretly Selling Passenger Data to the GovernmentThis is news : A data broker owned by the country’s major airlines, including Delta, American Airlines, and United, collected U.S. travellers’ domestic flight records, sold access to them to Customs and Border Protection (CBP), and then as part of the contract told CB…SCHNEIER.COM
12 JunThreat Actors Using Bat Files to Deploy Quasar RATRemote Access Trojans (RATs) like Quasar have been a persistent threat for years, enabling attackers to control infected systems remotely. Recent SANS research has uncovered a new and particularly stealthy Quasar campaign, characterized by strong obfuscation and an innovativ…GBHACKERS.COM
12 JunNew TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changessubmitted by kid to cybersecurity 3 points | 0 comments https://thehackernews.com/2025/06/new-tokenbreak-attack-bypasses-ai.htmlSH.ITJUST.WORKS
12 JunMajor infostealer network taken down in Interpol raidInterpol, together with 26 countries and several cybersecurity companies, has carried out a major international operation against so-called infostealers — malicious code that can steal sensitive information such as passwords, credit card details, and crypto keys. The operation, w…CSOONLINE.COM
12 JunAitM Phishing Attacks on Microsoft 365 and Google Aimed at Stealing Login CredentialsA dramatic escalation in phishing attacks leveraging Adversary-in-the-Middle (AiTM) techniques has swept across organizations worldwide in early 2025, fueled by the rapid evolution and proliferation of Phishing-as-a-Service (PhaaS) platforms. Sekoia researchers and threat intelli…GBHACKERS.COM
12 JunWindows Defender Bypass Using PowerShell and Registry Edits in CyberEYE RATA newly discovered remote access trojan (RAT) named CyberEye is making waves in the cybersecurity community for its sophisticated capabilities and its reliance on Telegram, the popular messaging platform, as its command-and-control (C2) infrastructure. First detected in the wild …GBHACKERS.COM
12 JunWordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam NetworkThe threat actors behind the VexTrio Viper Traffic Distribution Service (TDS) have been linked to other TDS services like Help TDS and Disposable TDS, indicating that the sophisticated cybercriminal operation is a sprawling enterprise of its own that's designed to distribute mali…THEHACKERNEWS.COM
12 JunGoodbye Developers? Hello AI Agents…Agentic AI is no longer a concept—it's a threat and an opportunity. In this short, Rock Lambros breaks down why 2025 will be the year developers face serious disruption. With chatbots becoming indistinguishable from humans and AI writing real-time code, entire dev teams could be …YOUTUBE.COM
12 JunInside a Dark Adtech Empire Fed by Fake CAPTCHAsLate last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website h…KREBSONSECURITY.COM
12 JunHow She Trains Developers to Outsmart Hackers ⚔️She’s on a mission to make the internet safer — one developer at a time. After building the WeHack Purple Academy, Tanya Janca realized a shocking truth: creating new AppSec professionals wasn’t enough. The real challenge? Teaching developers to write secure code from the start. …YOUTUBE.COM
12 JunInternet cut affects Google Cloud and impacts services worldwidesubmitted by kid to cybersecurity 1 points | 0 comments https://www.thenationalnews.com/future/technology/2025/06/12/google-down-cloud-aws-internet-outage/SH.ITJUST.WORKS
12 JunDon’t Click “Unsubscribe” links blindly It May Leads to Loss of CredentialsImagine your inbox is overflowing with promotional emails—some from familiar companies, others less so. The temptation is real: click “unsubscribe” to stop the relentless stream. But what if that single click could lead to stolen credentials, malware on your device, or simply sig…GBHACKERS.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
12 JunGraphite spyware used in Apple iOS zero-click attacks on journalistsForensic investigation has confirmed the use of Paragon's Graphite spyware platform in zero-click attacks that targeted Apple iOS devices of at least two journalists in Europe. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 9[−]
12 JunWindows 11 24H2 emergency update fixes Easy Anti-Cheat BSOD issueMicrosoft has released an emergency Windows 11 24H2 update to address an incompatibility issue triggering restarts with blue screen of death (BSOD) errors on systems with Easy Anti-Cheat. [...]BLEEPINGCOMPUTER.COM
12 JunNon-Human Identities: How to Address the Expanding Security RiskHuman identities management and control is pretty well done with its set of dedicated tools, frameworks, and best practices. This is a very different world when it comes to Non-human identities also referred to as machine identities. GitGuardian’s end-to-end NHI security platform…THEHACKERNEWS.COM
12 JunAI Agents Run on Secret Accounts — Learn How to Secure Them in This WebinarAI is changing everything — from how we code, to how we sell, to how we secure. But while most conversations focus on what AI can do, this one focuses on what AI can break — if you’re not paying attention. Behind every AI agent, chatbot, or automation script lies a growing number…THEHACKERNEWS.COM
12 JunMicrosoft Edge now offers secure password deployment for businessesMicrosoft announced that a new Edge feature allowing employees to share passwords more securely in enterprise environments has reached general availability. [...]BLEEPINGCOMPUTER.COM
12 JunNew TokenBreak Attack Bypasses AI Moderation with Single-Character Text ChangesCybersecurity researchers have discovered a novel attack technique called TokenBreak that can be used to bypass a large language model's (LLM) safety and content moderation guardrails with just a single character change. "The TokenBreak attack targets a text classification model'…THEHACKERNEWS.COM
12 JunPassword-spraying attacks target 80,000 Microsoft Entra ID accountsHackers have been using the TeamFiltration pentesting framework to target more than 80,000 Microsoft Entra ID accounts at hundreds of organizations worldwide. [...]BLEEPINGCOMPUTER.COM
12 JunGoogle Cloud and Cloudflare hit by widespread service outagesGoogle Cloud and Cloudflare are investigating ongoing outages impacting access to sites and various services across multiple regions. [...]BLEEPINGCOMPUTER.COM
12 JunF5 Labs Top CWEs & OWASP Top Ten AnalysisWe expand our view to include CWE and OWASP, and we also examine the latest overall trends for June 2025.F5.COM
12 JunF5 Labs Top CWEs & OWASP Top Ten AnalysisWe expand our view to include CWE and OWASP, and we also examine the latest overall trends for June 2025.F5.COM