86Articles
8Categories
2025-06-13Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 15[−]
13 Jun KEVWebDAV Remote Code Execution 0-Day Actively Exploited — PoC ReleasedA critical zero-day vulnerability in Microsoft’s Web Distributed Authoring and Versioning (WebDAV) protocol, tracked as CVE-2025-33053, has been actively exploited by the advanced persistent threat (APT) group Stealth Falcon since March 2025. The flaw, patched in June’s Patch Tue…GBHACKERS.COM
13 Jun KEVApple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon SpywareApple has disclosed that a now-patched security flaw present in its Messages app was actively exploited in the wild to target civil society members in sophisticated cyber attacks. The vulnerability, tracked as CVE-2025-43200, was addressed on February 10, 2025, as part of iOS 18.…THEHACKERNEWS.COM
13 JunPoC Exploit Unveiled for Windows Disk Cleanup Elevation VulnerabilityMicrosoft addressed a high-severity elevation of privilege vulnerability (CVE-2025-21420) in its Windows Disk Cleanup Utility (cleanmgr.exe) during February 2025’s Patch Tuesday. The flaw, scoring 7.8 on the CVSS scale, enabled attackers to execute malicious code with SYSTE…GBHACKERS.COM
13 JunUngepatchte Lücken ermöglichen Übernahme von GitLab-KontenExperten warnen vor einem neuen Bug in GitLab. II.studio – shutterstock.com Eine neue Sicherheitslücke in der Ultimate Enterprise Edition von GitLab ist laut einem Experten „gefährlich“ und muss schnell gepatcht werden. Die Schwachstelle mit der Bezeichnung CVE-2025-5121 ist eine…CSOONLINE.COM
13 JunGCVE-BCP-03 - Decentralized Publication Standard implemented in Vulnerability-Lookupsubmitted by cm0002 to cybersecurity 1 points | 0 comments We’re excited to announce the release of Vulnerability-Lookup 2.11.0 — and it comes with a major milestone for decentralized vulnerability publication! What’s New GCVE-BCP-03 - Decentralized Publication Standard The GCVE …INFOSEC.PUB
13 JunGraphite Spyware Uses iOS Zero-Click Flaw to Target JournalistsSecurity researchers at Citizen Lab have uncovered the first forensic evidence linking Paragon’s Graphite mercenary spyware to zero-click attacks on journalists’ iPhones. The campaigns exploited a now-patched iMessage vulnerability (CVE-2025-43200) to compromise devices running i…GBHACKERS.COM
13 JunHashiCorp Nomad ACL Lookup Flaw Allows Privilege EscalationHashiCorp disclosed a critical security flaw (CVE-2025-4922) in its Nomad workload orchestration tool on June 11, 2025, exposing clusters to privilege escalation risks through improper ACL policy enforcement. The vulnerability, rated 8.1 CVSS, enables attackers to bypass namespac…GBHACKERS.COM
13 JunAcer Control Center Flaw Lets Attackers Run Malicious Code as Elevated UserA critical security flaw (CVE-2025-5491) in Acer ControlCenter allows remote attackers to execute arbitrary code with NT AUTHORITY\SYSTEM privileges via a misconfigured Windows Named Pipe. The vulnerability, rated 8.8 on the CVSS scale, stems from insecure permissions on a custom…GBHACKERS.COM
13 JunAmazon Cloud Cam Flaw Allows Attackers to Intercept and Modify Network TrafficA critical vulnerability (CVE-2025-6031) has been identified in Amazon Cloud Cam devices, which reached end-of-life (EOL) status in December 2022. The flaw allows attackers to bypass SSL pinning during device pairing, enabling man-in-the-middle (MitM) attacks and network traffic …GBHACKERS.COM
13 JunMicrosoft Defender Spoofing Flaw Enables Privilege Escalation and AD AccessA newly disclosed spoofing vulnerability (CVE-2025-26685) in Microsoft Defender for Identity (MDI) enables unauthenticated attackers to capture Net-NTLM hashes of critical Directory Service Accounts (DSAs), potentially compromising Active Directory environments. Rated 6.5 (Medium…GBHACKERS.COM
13 JunNTLM reflection is dead, long live NTLM reflection! – An in-depth analysis of CVE-2025-33073submitted by kid to cybersecurity 2 points | 0 comments https://www.synacktiv.com/publications/ntlm-reflection-is-dead-long-live-ntlm-reflection-an-in-depth-analysis-of-cve-2025SH.ITJUST.WORKS
13 JunSpring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” HeaderA medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware’s Spring Framework has been patched, affecting multiple versions of the widely used Java framework. The flaw enables attackers to execute malicious code by exploiting improperly configu…GBHACKERS.COM
13 JunMitigating prompt injection attacks with a layered defense strategyPosted by Google GenAI Security Team With the rapid adoption of generative AI, a new wave of threats is emerging across the industry with the aim of manipulating the AI systems themselves. One such emerging attack vector is indirect prompt injections. Unlike direct prompt injecti…SECURITY.GOOGLEBLOG.COM
13 JunChromium: CVE-2025-5959 Type Confusion in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
13 JunChromium: CVE-2025-5958 Use after free in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 20[−]
13 JunRansomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Providersubmitted by Pro to cybersecurity 1 points | 0 comments https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-163aINFOSEC.PUB
13 JunRansomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Providersubmitted by Pro to cybersecurity 1 points | 0 comments https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-163aSH.ITJUST.WORKS
13 JunAI Security Threats: Echo Leak, MCP Vulnerabilities, Meta's Privacy Scandal, and the 'Peep Show'In this episode of Cybersecurity Today, host Jim Love discusses critical AI-related security issues, such as the Echo Leak vulnerability in Microsoft's AI, MCP's universal integration risks, and Meta's privacy violations in Europe. The episode also explores the dangers of interne…CYBERSECURITYTODAY.LIBSYN.COM
13 JunHow to log and monitor PowerShell activity for suspicious scripts and commandsConsultants are often jacks of all trades, hired by multiple businesses — sometimes simultaneously — to solve problems before moving on to the next engagement. This makes them prime targets for attackers. Gain a toehold on a consultant’s desktop and you can gain access potentiall…CSOONLINE.COM
13 JunZeroRISC Raises $10 Million for Open Source Silicon Security SolutionsZeroRISC has raised $10 million in seed funding for production-grade open source silicon security, built on OpenTitan designs. The post ZeroRISC Raises $10 Million for Open Source Silicon Security Solutions appeared first on SecurityWeek .SECURITYWEEK.COM
13 JunTokenBreak Exploit Tricks AI Models Using Minimal Input ChangesHiddenLayer’s security research team has uncovered TokenBreak, a novel attack technique that bypasses AI text classification models by exploiting tokenization strategies. This vulnerability affects models designed to detect malicious inputs like prompt injection, spam, and toxic …GBHACKERS.COM
13 JunCritical Vulnerabilities Patched in Trend Micro Apex Central, Endpoint EncryptionTrend Micro patches critical-severity Apex Central and Endpoint Encryption PolicyServer flaws leading to remote code execution. The post Critical Vulnerabilities Patched in Trend Micro Apex Central, Endpoint Encryption appeared first on SecurityWeek .SECURITYWEEK.COM
13 JunCritical Vulnerability Exposes Many Mitel MiCollab Instances to Remote HackingMitel has announced patches for a MiCollab path traversal vulnerability that can be exploited remotely without authentication. The post Critical Vulnerability Exposes Many Mitel MiCollab Instances to Remote Hacking appeared first on SecurityWeek .SECURITYWEEK.COM
13 JunJSFireTruck Obfuscation Helps Cybercriminals Hijack Trusted Sites with Malicious JavaScriptA sophisticated and extensive cyber attack campaign has been uncovered, in which threat actors are compromising legitimate websites to inject highly obfuscated JavaScript code. Dubbed “JSFireTruck,” this obfuscation technique enables cybercriminals to quietly redirect unsuspectin…GBHACKERS.COM
13 JunFog Ransomware Uses Pentesting Tools to Steal Data and Launch AttacksFog ransomware incidents in recent years have exposed a dangerous new trend in cybercrime: hackers are using open-source penetration testing tools and genuine staff monitoring software to breach networks, steal confidential data, and initiate ransomware attacks. This unprecedente…GBHACKERS.COM
13 JunUnpatched IT Tool Opens Door – Hackers Breach Billing Software Firm via SimpleHelp RMMCybersecurity professionals and business leaders are on high alert following a confirmed breach of a utility billing software provider, traced to unpatched vulnerabilities in the widely used SimpleHelp Remote Monitoring and Management (RMM) platform. The Cybersecurity and Infrast…GBHACKERS.COM
13 JunParagon Spyware used to Spy on European JournalistsParagon is a Israeli spyware company, increasingly in the news (now that NSO Group seems to be waning). “Graphite” is the name of their product. Citizen Lab caught them spying on multiple European journalists with a zero-click iOS exploit: On April 29, 2025, a select …SCHNEIER.COM
13 JunSimpleHelp Vulnerability Exploited Against Utility Billing Software UsersCISA warns that vulnerable SimpleHelp RMM instances have been exploited against a utility billing software provider’s customers. The post SimpleHelp Vulnerability Exploited Against Utility Billing Software Users appeared first on SecurityWeek .SECURITYWEEK.COM
13 JunDevelopers Beware – Sophisticated Phishing Scams Exploit GitHub Device Code Flow to Hijack TokensA sophisticated and increasing wave of cyberattacks now targets software developers through a little-known yet legitimate GitHub feature: the OAuth 2.0 Device Code Flow. Security experts, notably from Praetorian, have warned that threat actors are leveraging this mechanism to tri…GBHACKERS.COM
13 JunRansomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double ExtortionThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday disclosed that ransomware actors are targeting unpatched SimpleHelp Remote Monitoring and Management (RMM) instances to compromise customers of an unnamed utility billing software provider. "This inciden…THEHACKERNEWS.COM
13 JunVictoria’s Secret restores critical systems after cyberattackVictoria's Secret has restored all critical systems impacted by a May 24 security incident that forced it to shut down corporate systems and the e-commerce website. [...]BLEEPINGCOMPUTER.COM
13 JunFog ransomware gang abuses employee monitoring tool in unusual multi-stage attackFog ransomware hackers, known for targeting US educational institutions, are now using legitimate employee monitoring software Syteca, and several open-source pen-testing tools alongside usual encryption. While investigating a May 2025 attack on an unnamed financial institution i…CSOONLINE.COM
13 JunMicrosoft Defender Spoofing Flaw Enables Privilege Escalation and AD Accesssubmitted by kid to cybersecurity 3 points | 0 comments https://gbhackers.com/microsoft-defender-spoofing/SH.ITJUST.WORKS
13 Jun KEVApple confirmed that Messages app flaw was actively exploited in the wildsubmitted by kid to cybersecurity 1 points | 0 comments https://securityaffairs.com/178962/mobile-2/apple-confirmed-messages-app-flaw-actively-exploited.htmlSH.ITJUST.WORKS
13 JunThe Linux Family Tree is INSANE! 😱The Linux ecosystem is MASSIVE, and this visual proves it! 🔥 From the Linux kernel to countless distributions, developers keep branching out, saying, “I can do it better!” But how did it get so vast? Watch as this mind-blowing graphic reveals the insane growth of Linux over time.…YOUTUBE.COM
📋 SECURITY BULLETINS 1[−]
13 JunJune Patch Tuesday digs into 67 bugsAn extremely Windows-heavy month, with a surprise cameo by... Sophos?!SOPHOS.COM
📢 SECURITY ADVISORIES 3[−]
13 JunIndustry Reactions to Trump Cybersecurity Executive Order: Feedback FridayIndustry professionals comment on the Trump administration’s new executive order on cybersecurity. The post Industry Reactions to Trump Cybersecurity Executive Order: Feedback Friday appeared first on SecurityWeek .SECURITYWEEK.COM
13 JunNIST Releases New Guide – 19 Strategies for Building Zero Trust ArchitecturesThe National Institute of Standards and Technology (NIST) has released groundbreaking guidance to help organizations implement Zero Trust Architectures (ZTAs) using commercially available technologies. Implementing a Zero Trust Architecture (NIST SP 1800-35) provides 19 real-worl…GBHACKERS.COM
🔥 INCIDENT REPORTING 18[−]
13 JunUalabee - 472,296 breached accountsIn May 2025, the South American mobility services platform Ualabee had hundreds of thousands of records scraped from an interface on their platform . The data included 472k unique email addresses along with names, profile photos, dates of birth and phone numbers.HAVEIBEENPWNED.COM
13 JunCloudflare: Outage not caused by security incident, data is safeCloudflare has confirmed that the massive service outage yesterday was not caused by a security incident and no data has been lost. [...]BLEEPINGCOMPUTER.COM
13 JunFog Ransomware Attack Employs Unusual ToolsMultiple legitimate, unusual tools were used in a Fog ransomware attack, including one employed by Chinese hacking group APT41. The post Fog Ransomware Attack Employs Unusual Tools appeared first on SecurityWeek .SECURITYWEEK.COM
13 JunHackers claim fresh T-Mobile data breach​ | Cybernewssubmitted by kid to cybersecurity 2 points | 0 comments https://cybernews.com/security/t-mobile-data-leak-millions-exposed/SH.ITJUST.WORKS
13 JunCloudflare: Outage not caused by security incident, data is safesubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/cloudflare-outage-not-caused-by-security-incident-data-is-safe/SH.ITJUST.WORKS
13 JunLockBit panel data leak shows Chinese orgs among the most targeted - Help Net Securitysubmitted by kid to cybersecurity 3 points | 0 comments https://www.helpnetsecurity.com/2025/06/12/lockbit-data-leak-targets-ransoms/SH.ITJUST.WORKS
13 JunMicrosoft confirms auth issues affecting Microsoft 365 usersMicrosoft is investigating an ongoing incident that is causing users to experience errors with some Microsoft 365 authentication features. [...]BLEEPINGCOMPUTER.COM
13 JunSpanish arm of French insurance giant posted on hacker forumsubmitted by kid to cybersecurity 2 points | 0 comments https://cybernews.com/security/asefa-spanish-insurer-qilin-ransomware/SH.ITJUST.WORKS
13 JunHackerangriff treibt Serviettenhersteller Fasana in die InsolvenzDie Serviettenfabrik Fasana ist Opfer eines Cyberangriffs. Fasana GmbH Wie der Westdeutsche Rundfunk ( WDR ) berichtet, wurde der Serviettenhersteller Fasana Ende Mai von einer Cyberattacke getroffen. Dem Bericht zufolge konnten die Mitarbeiter weder Rechnungen schreiben, noch ne…CSOONLINE.COM
13 JunBert ransomware: what you need to knowBert is a recently-discovered strain of ransomware that encrypts victims' files and demands a payment for the decryption key. Read more in my article on the Fortra blog.FORTRA.COM
13 JunIn Other News: Cloudflare Outage, Cracked.io Users Identified, Victoria’s Secret Cyberattack CostNoteworthy stories that might have slipped under the radar: Cloudflare outage not caused by cyberattack, Dutch police identified 126 users of Cracked.io, the Victoria’s Secret cyberattack has cost $10 million. The post In Other News: Cloudflare Outage, Cracked.io Users Identified…SECURITYWEEK.COM
13 JunAnubis: A Closer Look at an Emerging Ransomware with Built-in Wiper | Trend Micro (US)submitted by kid to cybersecurity 1 points | 0 comments https://www.trendmicro.com/en_us/research/25/f/anubis-a-closer-look-at-an-emerging-ransomware.htmlSH.ITJUST.WORKS
13 JunAre You Too Late to Adopt ‘Shift Left’ Security?Why are companies only now catching on to Shift Left Security? 🚨 This viral buzzword is shaking up the cybersecurity world as banks and financial services finally adopt pre-production security testing. The goal? Spot vulnerabilities before they hit production. But is it too late …YOUTUBE.COM
13 JunWhy We Keep Blaming Users Instead of Fixing Security 🛑For years, cybersecurity experts have blamed users for breaches—clicking phishing links, setting weak passwords, or forgetting updates. But is the real problem deeper? 🤔 Just like the auto industry once blamed bad drivers instead of making safer cars, are we ignoring the flaws in…YOUTUBE.COM
13 JunHealthcare Hacks: Why You Can’t Just 'Fix' a Data Leak!What happens when healthcare data gets hacked? Unlike credit card breaches, where you can cancel a card and move on, leaked medical records can’t be undone — once the genie's out of the bottle, it’s out for good. This short dives into why healthcare data breaches are far more dan…YOUTUBE.COM
13 JunCVSS Scores: A Broken System? 💻⚠️🚨 CVSS Scores: A Broken System? 💻⚠️ 🚨 Cybersecurity professionals rely on CVSS scores to assess vulnerabilities, but what if the system itself is flawed? 🤯 Daniel Stenberg dives into the gaps in CVSS calculations, questioning why some critical risk factors are completely ignored.…YOUTUBE.COM
13 Jun🚨 The Dark Web Is Selling Cyberattacks – Here’s How!Cybercrime has never been easier! 😱 Hackers no longer need deep technical skills—now, they can simply buy cyberattacks online. With Ransomware-as-a-Service (RaaS) on the rise, cybercriminals can pay for pre-built hacking tools and target businesses of all sizes. From billion-doll…YOUTUBE.COM
13 JunThe Only 4 Steps You Need in Any Cybersecurity Playbook 🔐In this short, Mike Miller breaks down the ultimate framework every cybersecurity professional should know. No fluff — just the four essential steps: Prepare, Detect, Eradicate, and Learn. Whether you're building your first incident response plan or refining your current strategy…YOUTUBE.COM
🕵️ THREAT INTELLIGENCE 20[−]
13 Jun[Guest Diary] Anatomy of a Linux SSH Honeypot Attack: Detailed Analysis of Captured Malware, (Fri, Jun 13th)[This is a Guest Diary by Michal Ambrozkiewicz, an ISC intern as part of the SANS.edu Bachelor&&#x23&#x3b;39&#x3b;s Degree in Applied Cybersecurity (BACS) program [1].] ISC.SANS.EDU
13 JunISC Stormcast For Friday, June 13th, 2025 https://isc.sans.edu/podcastdetail/9492, (Fri, Jun 13th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
13 JunMajor Outage Hits Google Cloud and Linked Cloudflare Services, Thousands AffectedOn June 12, 2025, concurrent infrastructure failures at Cloudflare and Google caused widespread service disruptions, highlighting vulnerabilities in modern cloud dependencies. The outages impacted critical services ranging from authentication systems to AI platforms, underscoring…GBHACKERS.COM
13 JunEuropol Says Criminal Demand for Data is “Skyrocketing”submitted by kid to cybersecurity 2 points | 0 comments https://www.infosecurity-magazine.com/news/europol-criminal-demand-data/SH.ITJUST.WORKS
13 JunThe New AI Attack Surface — How Cortex Cloud Secures MCPMCP Security in Cortex Cloud protects AI applications by securing Model Context Protocol communications and detecting API-layer threats in real time. The post The New AI Attack Surface — How Cortex Cloud Secures MCP appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
13 JunJSFireTruck: Exploring Malicious JavaScript Using JSF*ck as an Obfuscation Techniquesubmitted by kid to cybersecurity 1 points | 0 comments https://unit42.paloaltonetworks.com/malicious-javascript-using-jsfiretruck-as-obfuscation/SH.ITJUST.WORKS
13 JunNew 'SmartAttack' Steals Air-Gapped Data Using Smartwatches - SecurityWeeksubmitted by kid to cybersecurity 1 points | 0 comments https://www.securityweek.com/new-smartattack-steals-air-gapped-data-using-smartwatches/SH.ITJUST.WORKS
13 JunTeamFiltration Abused in Entra ID Account Takeover CampaignThreat actors have abused the TeamFiltration pentesting framework to target over 80,000 Entra ID user accounts. The post TeamFiltration Abused in Entra ID Account Takeover Campaign appeared first on SecurityWeek .SECURITYWEEK.COM
13 JunHarvard Said It – 80% of AI Deployments Are Trash!Most cybersecurity teams are jumping into AI with zero alignment – and it's costing them big. In this short, Rock Lambros breaks down why 80% of AI deployments fail according to Harvard, exposing the real problem behind the hype: no business alignment, bad data, and isolated team…YOUTUBE.COM
13 JunMicrosoft: KB5060533 update triggers boot errors on Surface Hub v1 devicessubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/microsoft/microsoft-kb5060533-update-triggers-boot-errors-on-surface-hub-v1-devices/SH.ITJUST.WORKS
13 JunArsen Launches AI-Powered Vishing Simulation to Help Organizations Combat Voice Phishing at ScaleArsen, the cybersecurity startup known for defending organizations against social engineering threats, has announced the release of its new Vishing Simulation module, a cutting-edge tool designed to train employees against one of the fastest-growing attack vectors: voice phishing…GBHACKERS.COM
13 JunInside a Dark Adtech Empire Fed by Fake CAPTCHAs – Krebs on Securitysubmitted by kid to cybersecurity 1 points | 0 comments https://krebsonsecurity.com/2025/06/inside-a-dark-adtech-empire-fed-by-fake-captchas/SH.ITJUST.WORKS
13 JunKali Linux 2025.2 Released: New Tools, Smartwatch and Car Hacking AddedKali Linux, the preferred distribution for security professionals, has launched its second major release of 2025, Kali Linux 2025.2, in June. This update introduces a restructured Kali Menu, upgraded desktop environments, 13 new tools, and significant Kali NetHunter advancements,…GBHACKERS.COM
13 JunCheckups and Checklists: Cyber Risk Isn’t Just a Technical ProblemThere are many things in our lives we must prepare for to be ready. For other things, we wing it, or we're not prepared to deal with it at the moment.KNOWBE4.COM
13 JunWhat Is AI?What is AI really? Throughout this article, I will remove the hype and get to the most honest answer ever.KNOWBE4.COM
13 JunDiscord flaw lets hackers reuse expired invites in malware campaignsubmitted by tonytins to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/discord-flaw-lets-hackers-reuse-expired-invites-in-malware-campaign/ Hackers are hijacking expired or deleted Discord invite links to redirect users to malicious sites that…SH.ITJUST.WORKS
13 JunThe Moment She Realized Data Scientists Don’t Use SDLC… 😨When Tanya Janca realized that many data scientists weren’t using a system development life cycle (SDLC), skipping version control, and running untested scripts directly against production databases, she had to speak up. In this short, she highlights a critical yet overlooked sec…YOUTUBE.COM
13 JunNews alert: Arsen launches AI-powered vishing simulation to help combat voice phishing at scaleParis, Jun. 3, 2025, CyberNewswire– Arsen , the cybersecurity startup known for defending organizations against social engineering threats, has announced the release of its new Vishing Simulation module, a cutting-edge tool designed to train employees against one of the fas…LASTWATCHDOG.COM
13 JunFriday Squid Blogging: Stubby SquidVideo of the stubby squid ( Rossia pacifica ) from offshore Vancouver Island. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.SCHNEIER.COM
13 Jun$200,000 Zoom Call, Microsoft, Zero-Click, China & HD With $649 million of Bitcoin - SWN #485This week we have, $200,000 Zoom Call, Microsoft Teams, INTERPOL, Zero-Click, Junk Food, China & Hard Drive With $649 million of Bitcoin. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-485YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
13 JunCTEM is the New SOC: Shifting from Monitoring Alerts to Measuring RiskIntroduction: Security at a Tipping Point Security Operations Centers (SOCs) were built for a different era, one defined by perimeter-based thinking, known threats, and manageable alert volumes. But today’s threat landscape doesn’t play by those rules. The sheer volume of telemet…THEHACKERNEWS.COM
13 JunOver 269,000 Websites Infected with JSFireTruck JavaScript Malware in One MonthCybersecurity researchers are calling attention to a "large-scale campaign" that has been observed compromising legitimate websites with malicious JavaScript injections. According to Palo Alto Networks Unit 42, these malicious injects are obfuscated using JSFuck, which refers to …THEHACKERNEWS.COM
13 JunDiscord flaw lets hackers reuse expired invites in malware campaignHackers are hijacking expired or deleted Discord invite links to redirect users to malicious sites that deliver remote access trojans and information-stealing malware. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 6[−]
13 JunSouth African man imprisoned after ransom demand against his former employerLucky Erasmus and a company insider installed software without authorisation on Ecentric's systems which granted them remote access, enabling them to steal sensitive data and make unauthorised changes to senior managers' passwords. Read more in my article on the Hot for Security …BITDEFENDER.COM
13 JunMicrosoft: KB5060533 update triggers boot errors on Surface Hub v1 devicesMicrosoft is investigating a known issue that triggers Secure Boot errors and prevents Surface Hub v1 devices from starting up. [...]BLEEPINGCOMPUTER.COM
13 JunWhy Denmark is breaking up with MicrosoftRelying too heavily on a US tech giant for your nation’s digital infrastructure is starting to feel a bit... well, risky.GRAHAMCLULEY.COM
13 JunDutch police identify users as young as 11-year-old on Cracked.io hacking forumDutch police have announced that they have identified 126 individuals linked to the now dismantled Cracked.io cybercrime forum. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
13 JunGoogle links massive cloud outage to API management issueGoogle says an API management issue is behind Thursday's massive Google Cloud outage, which disrupted or brought down its services and many other online platforms. [...]BLEEPINGCOMPUTER.COM
13 JunChinese-owned VPN apps hide their originAccording to a new report, there are 13 China-owned VPN apps in the Apple App Store. None of them clearly disclose their links to China, and some use shell companies to hide their origin.GRAHAMCLULEY.COM