🚨 CISA KEV 1[−]
18 Jun KEVLinux Security: New Flaws Allow Root Access, CISA Warns of Old Bug ExploitationQualys has disclosed two Linux vulnerabilities that can be chained for full root access, and CISA added a flaw to its KEV catalog. The post Linux Security: New Flaws Allow Root Access, CISA Warns of Old Bug Exploitation appeared first on SecurityWeek .SECURITYWEEK.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 10[−]
18 JunGoogle Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper BackdoorA now-patched security flaw in Google Chrome was exploited as a zero-day by a threat actor known as TaxOff to deploy a backdoor codenamed Trinper. The attack, observed in mid-March 2025 by Positive Technologies, involved the use of a sandbox escape vulnerability tracked as CVE-20…THEHACKERNEWS.COM
18 JunCitrix NetScaler ADC & Gateway Flaws Expose Sensitive Data to HackersTwo critical vulnerabilities have been discovered in Citrix NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway), potentially exposing sensitive data to hackers and putting enterprise networks at significant risk. The flaws, identified as CVE-2025-5…GBHACKERS.COM
18 JunVeeam Vulnerabilities Expose Backup Servers to Remote AttacksVeeam, a leading provider of data protection and backup solutions, disclosed three critical vulnerabilities affecting its widely deployed backup software. These flaws—assigned CVE-2025-23121, CVE-2025-24286, and CVE-2025-24287—could allow attackers to execute code remotely or esc…GBHACKERS.COM
18 JunVeeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & ReplicationVeeam has rolled out patches to contain a critical security flaw impacting its Backup & Replication software that could result in remote code execution under certain conditions. The security defect, tracked as CVE-2025-23121, carries a CVSS score of 9.9 out of a maximum of 10…THEHACKERNEWS.COM
18 Jun KEVCISA Alerts to Active Exploits of Linux Kernel Improper Ownership Management VulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent alert regarding active exploitation of a critical Linux kernel vulnerability, tracked as CVE-2023-0386, which has now been added to the Known Exploited Vulnerabilities (KEV) Catalog. This flaw, rooted in…GBHACKERS.COM
18 Jun KEVCISA Warns of Active Exploitation of Linux Kernel Privilege Escalation VulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed a security flaw impacting the Linux kernel in its Known Exploited Vulnerabilities (KEV) catalog, stating it has been actively exploited in the wild. The vulnerability, CVE-2023-0386 (CVSS score: 7.…THEHACKERNEWS.COM
18 JunCritical Privilege Escalation Flaws Grant Full Root Access on Multiple Linux DistrosThe Qualys Threat Research Unit (TRU) has uncovered two interconnected local privilege escalation (LPE) vulnerabilities—CVE-2025-6018 and CVE-2025-6019—that together enable attackers to gain full root access on a wide range of Linux distributions with minimal effort. These flaws …GBHACKERS.COM
18 JunGitHub Actions attack renders even security-aware orgs vulnerableDevelopers hosting code repositories on GitHub continue to use GitHub Actions insecurely, setting up automatic workflows that can be exploited to extract sensitive authentication tokens, researchers warn. Security risks associated with GitHub Actions workflows are not new. Still,…CSOONLINE.COM
18 JunZyxel NWA50AX Pro Hit by N-Day Flaw Allowing Arbitrary File DeletionA recent vulnerability has been discovered in the Zyxel NWA50AX Pro, a WiFi 6 access point for small businesses, exposing it to an n-day flaw that allows arbitrary file deletion via a misconfigured CGI endpoint. This issue, tracked as CVE-2024-29974, highlights the risks of share…GBHACKERS.COM
18 Jun KEVCritical flaw in AI agent dev tool Langflow under active exploitationResearchers from security firm Trend Micro warn that a critical remote code execution vulnerability patched in April in the Langflow AI agent framework is being exploited to deploy botnet malware. The US Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to it…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 30[−]
18 JunGoogle’s Gerrit Platform Flaw Exposes 18 Google Projects, Including ChromiumOS, to HackersA critical vulnerability, dubbed “GerriScary,” has been discovered in Google’s Gerrit code-collaboration platform, putting at least 18 major Google projects—including ChromiumOS, Chromium, Dart, and Bazel—at risk of unauthorized code submissions by hackers. This flaw, uncov…GBHACKERS.COM
18 JunScattered Spider Targets US Insurance, Microsoft Zero-Day, Major Database Breach, and AI Poison PillIn this episode, host Jim Love delves into recent cybersecurity threats and breakthroughs. The notorious Scattered Spider hacker group has shifted its focus to US insurance companies after attacking UK retailers earlier this year. Microsoft's urgent security updates address activ…CYBERSECURITYTODAY.LIBSYN.COM
18 JunThe highest-paying jobs in cybersecurity todayCybersecurity roles are rarely one-dimensional. In fact, a majority of professionals juggle responsibilities across multiple domains. According to the “ 2025 Cybersecurity Staff Compensation Benchmark Summary Report ” by IANS and Artico Search, 61% of security pros routinely perf…CSOONLINE.COM
18 JunData Breach at Healthcare Services Firm Episource Impacts 5.4 Million PeopleHackers have stolen personal and health information belonging to the customers of healthcare organizations served by Episource. The post Data Breach at Healthcare Services Firm Episource Impacts 5.4 Million People appeared first on SecurityWeek .SECURITYWEEK.COM
18 JunCode Execution Vulnerabilities Patched in Veeam, BeyondTrust ProductsVeeam and BeyondTrust have resolved several vulnerabilities that could be exploited for remote code execution. The post Code Execution Vulnerabilities Patched in Veeam, BeyondTrust Products appeared first on SecurityWeek .SECURITYWEEK.COM
18 JunNew Linux udisks flaw lets attackers get root on major Linux distrosAttackers can exploit two newly discovered local privilege escalation (LPE) vulnerabilities to gain root privileges on systems running major Linux distributions. [...]BLEEPINGCOMPUTER.COM
18 JunCybercriminals Leverage ClickFix Strategy to Deploy RATs and Data-Stealing MalwareCybercriminals are increasingly exploiting a deceptive social engineering technique known as ClickFix to initiate multi-stage cyberattacks, delivering remote access trojans (RATs) and data-stealing malware with alarming efficiency. First identified in March 2024, ClickFix manipul…GBHACKERS.COM
18 JunCISO Cyber Insurance Empowerment - Peter Hedberg, Stephan Jou, Morey Haber - BSW #400Segment description coming soon! This month BeyondTrust released it's 12th annual edition of the Microsoft Vulnerabilities Report. The report reveals a record-breaking year for Microsoft vulnerabilities, and helps organizations understand, identify, and address the risks within t…YOUTUBE.COM
18 JunQilin Ransomware Emerges as a Major Threat Targeting Windows, Linux, and ESXi SystemsQilin ransomware has emerged as a formidable force, rapidly ascending to prominence amid the collapse of once-dominant groups like RansomHub and LockBit in 2025. Active since October 2022, Qilin has solidified its position through a sophisticated Ransomware-as-a-Service (RaaS) mo…GBHACKERS.COM
18 JunBeyondTrust warns of pre-auth RCE in Remote Support softwareBeyondTrust has released security updates to fix a high-severity flaw in its Remote Support (RS) and Privileged Remote Access (PRA) solutions that can let unauthenticated attackers gain remote code execution on vulnerable servers. [...]BLEEPINGCOMPUTER.COM
18 JunFedRAMP at Startup Speed: Lessons LearnedFor organizations eyeing the federal market, FedRAMP can feel like a gated fortress. With strict compliance requirements and a notoriously long runway, many companies assume the path to authorization is reserved for the well-resourced enterprise. But that’s changing. In this post…THEHACKERNEWS.COM
18 JunWater Curse Hijacks 76 GitHub Accounts to Deliver Multi-Stage Malware CampaignCybersecurity researchers have exposed a previously unknown threat actor known as Water Curse that relies on weaponized GitHub repositories to deliver multi-stage malware. "The malware enables data exfiltration (including credentials, browser data, and session tokens), remote acc…THEHACKERNEWS.COM
18 JunZyxel Firewall Vulnerability Again in Attacker Crosshairssubmitted by kid to cybersecurity 1 points | 0 comments https://www.securityweek.com/zyxel-firewall-vulnerability-again-in-attacker-crosshairs/SH.ITJUST.WORKS
18 JunRapperBot Botnet Surges with 50,000+ Attacks Targeting Network Edge DevicesThe RapperBot botnet has resurfaced with unprecedented aggression, targeting network edge devices in a staggering series of over 50,000 attacks. Identified and detailed by researchers at Qianxin XLab, this botnet represents a sophisticated threat to Internet of Things (IoT) ecosy…GBHACKERS.COM
18 JunWormGPT returns: New malicious AI variants built on Grok and Mixtral uncoveredTwo new variants of WormGPT, the malicious large language model (LLM) from July 2023 that operated without restrictions to generate phishing emails, BEC messages, and malware scripts, have been uncovered, now riding on top of xAI’s Grok and Mistral’s Mixtral models. Cloud-native …CSOONLINE.COM
18 JunCISA Warns of Active Exploitation of Linux Kernel Privilege Escalation Vulnerabilitysubmitted by kid to cybersecurity 4 points | 1 comments https://thehackernews.com/2025/06/cisa-warns-of-active-exploitation-of.htmlSH.ITJUST.WORKS
18 JunCritical Vulnerability Patched in Citrix NetScalerCitrix has released patches for critical- and high-severity vulnerabilities in NetScaler and Secure Access Client and Workspace for Windows. The post Critical Vulnerability Patched in Citrix NetScaler appeared first on SecurityWeek .SECURITYWEEK.COM
18 JunHackers Exploit Transit Mode in Apple Pay and GPay to Steal MoneyMobile wallets like Apple Pay and Google Pay (GPay) have revolutionized the way we pay, offering speed and convenience that traditional cards can’t match. But as recent research and real-world incidents show, these digital wallets are not immune to attack. In fact, some of their …GBHACKERS.COM
18 JunMITRE and Splunk Expose Critical Vulnerabilities in Open Source GitHub ActionsThe Sysdig TRT has uncovered critical vulnerabilities in the GitHub Actions workflows of several high-profile open source projects, including those maintained by MITRE and Splunk. GitHub Actions, a popular platform for automating CI/CD pipelines, offers immense flexibility for de…GBHACKERS.COM
18 JunPhishing Deep Dive: EU-Affiliated Survey Platform Exploited in Sophisticated Credential Harvesting CampaignLead Researchers: James Dyer and Louis Tiley Between May 5 and May 7, 2025, KnowBe4 Threat Lab identified a phishing campaign originating from accounts created on the legitimate service ‘EUSurvey’. Although this was a focused campaign, on a smaller-scale to others identified by t…KNOWBE4.COM
18 JunBeyondTrust warns of pre-auth RCE in Remote Support softwaresubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/beyondtrust-warns-of-pre-auth-rce-in-remote-support-software/SH.ITJUST.WORKS
18 JunHealthcare SaaS firm says data breach impacts 5.4 million patientsEpisource warns of a data breach after hackers stole health information of over 5 million people in the United States in a January cyberattack. [...]BLEEPINGCOMPUTER.COM
18 JunCISA warns of attackers exploiting Linux flaw with PoC exploitCISA has warned U.S. federal agencies about attackers targeting a high-severity vulnerability in the Linux kernel's OverlayFS subsystem that allows them to gain root privileges. [...]BLEEPINGCOMPUTER.COM
18 JunHow to Get Started in Open Source (No Experience Needed!)Getting started in open-source can feel intimidating, but it doesn’t have to be! 💡 Daniel Stenberg, the creator of Curl, shares how lowering barriers and removing bureaucracy makes contributing easier for everyone. Whether you're a cybersecurity pro or just starting out, this is …YOUTUBE.COM
18 JunCritical Vulnerability Patched in Citrix NetScalersubmitted by kid to cybersecurity 2 points | 0 comments https://www.securityweek.com/critical-vulnerability-patched-in-citrix-netscaler/SH.ITJUST.WORKS
18 JunThe Crypto Hack That Banks FEAR The Most!Description: Hackers have discovered a shocking way to steal millions in seconds using flash loan attacks! 💸 By exploiting low-liquidity tokens and borrowing massive sums without collateral, they manipulate prices and drain funds—all before anyone can react. 😱 This loophole in de…YOUTUBE.COM
18 JunData Breach Reporting for regulatory requirements with Microsoft Data Security InvestigationsSeventy-four percent of organizations surveyed experienced at least one data security incident with their business data exposed in the previous year as reported in Microsoft’s Data Security Index: Trends, insights, and strategies to secure data report. The post Data Breach Report…TECHCOMMUNITY.MICROSOFT.COM
18 JunBeware: Fake CAPTCHA Windows Stealthily Install LightPerlGirl MalwareA newly identified malware strain, dubbed LightPerlGirl, has emerged as a significant cybersecurity threat, leveraging deceptive fake CAPTCHA popups to infiltrate systems. Named after its internal copyright signature “Copyright (c) LightPerlGirl 2025,” which includes …GBHACKERS.COM
18 Jun5 security secrets of elite defendersNation-state actors and well-funded criminal organizations employ advanced persistent threat (APT) methodologies designed specifically to evade traditional security measures. These attackers conduct extensive reconnaissance, move laterally with patience, and maintain persistent a…CSOONLINE.COM
18 JunOverwhelmed by security alerts? XDR service providers offer a powerful solutionCybersecurity professionals are under siege. In 2024, relentless cyberattacks ( 1636 per week on average ) and soaring data breach costs ( $4.88 million ) collide with complex security tools, an overwhelming number of alerts, and a persistent talent shortage . The result? Organis…CSOONLINE.COM
📋 SECURITY BULLETINS 1[−]
18 JunGoogle Chrome Vulnerabilities Enable Arbitrary Code Execution – Update Now!Google has released a crucial security update for its Chrome browser, addressing multiple high-severity vulnerabilities that could allow attackers to execute arbitrary code on affected systems. The update, now rolling out as version 137.0.7151.119/.120 for Windows and Mac, and 13…GBHACKERS.COM
📢 SECURITY ADVISORIES 5[−]
18 JunCybercrime: Fast 800 illegale Betrugs-Websites beschlagnahmtErmittlern ist es gelungen, sämtliche Online-Betrugsseiten abzuschalten. simon jhuan – shutterstock.com Baden-württembergische Ermittlungsbehörden haben fast 800 illegale Websites beschlagnahmt. Das Cybercrime-Zentrum bei der Generalstaatsanwaltschaft Karlsruhe und das Landeskrim…CSOONLINE.COM
18 JunCISA’s Biggest Security Push in YEARS! 🤯CISA just made its biggest cybersecurity push in years, and the industry is taking notice! 🚨 With 13 countries backing the "Secure by Design" initiative and even the White House pushing for stronger security measures, this could change everything. From business executives to soft…YOUTUBE.COM
🔥 INCIDENT REPORTING 8[−]
18 JunIran Slows Internet to Prevent Cyber Attacks Amid Escalating Regional ConflictIran has throttled internet access in the country in a purported attempt to hamper Israel's ability to conduct covert cyber operations, days after the latter launched an unprecedented attack on the country, escalating geopolitical tensions in the region. Fatemeh Mohajerani, the s…THEHACKERNEWS.COM
18 JunHackers Claim Breach of Scania Financial Services, Leak Sensitive DataA significant data breach has rocked Sweden’s Scania Financial Services, as a threat actor operating under the alias “hensi” claims to have infiltrated the subdomain insurance.scania.com, exfiltrating a trove of sensitive files and offering them for sale on underground forums. Th…GBHACKERS.COM
18 JunScania confirms insurance claim data breach in extortion attemptsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/scania-confirms-insurance-claim-data-breach-in-extortion-attempt/SH.ITJUST.WORKS
18 JunScania von Datenleck betroffenDer Hersteller für Nutzfahrzeuge Scania wurde von Cyberkriminellen angegriffen. Art Konovalov – shutterstock.com Der schwedische Hersteller für Nutzfahrzeuge Scania zählt zu den größten in Europa. Ein Cyberkrimineller hat kürzlich Daten zum Verkauf angeboten, die er angeblich von…CSOONLINE.COM
18 JunHackers steal and destroy millions from Iran’s largest crypto exchangeIt's the latest cyberattack on Iran claimed by a pro-Israeli hacking group since the latest flare up in tensions between the two countries.TECHCRUNCH.COM
18 JunSophos Uncovered 55 New Attacks—All at 3AM 🚨 #cyberalertSophos just dropped a chilling report: 55 ransomware attacks between November 2024 and January 2025 — all tied to a new threat group called “3AM.” Known for email bombing, spoofed IT support calls, and ruthless social engineering, these cyber criminals target employees while the …YOUTUBE.COM
18 JunPro-Israel hackers hit Iran's Nobitex exchange, burn $90M in cryptoThe pro-Israel "Predatory Sparrow" hacking group claims to have stolen over $90 million in cryptocurrency from Nobitex, Iran's largest crypto exchange, and burned the funds in a politically motivated cyberattack. [...]BLEEPINGCOMPUTER.COM
18 JunRansomware gang busted in Thailand hotel raidIn a dramatic raid at a hotel in central Pattaya this week, Thai police have unearthed a criminal gang that was operating a ransomware and illicit gambling operation. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
🕵️ THREAT INTELLIGENCE 36[−]
18 JunDon?t Make it Easier than it Already is?..Default Passwords [Guest Diary], (Wed, Jun 18th)[This is a Guest Diary by Matthew Paul, an ISC intern as part of the SANS.edu BACS program]
ISC.SANS.EDU
18 JunA look at ‘Tinker,’ Black Basta’s phishing fixer, negotiatorsubmitted by Pro to cybersecurity 1 points | 0 comments https://intel471.com/blog/a-look-at-tinker-black-bastas-phishing-fixer-negotiatorINFOSEC.PUB
18 JunA look at ‘Tinker,’ Black Basta’s phishing fixer, negotiatorsubmitted by Pro to cybersecurity 1 points | 0 comments https://intel471.com/blog/a-look-at-tinker-black-bastas-phishing-fixer-negotiatorSH.ITJUST.WORKS
18 JunNew Winos 4.0 Malware Strain Emerges as Major Threat to Windows SystemsFortiGuard Labs has uncovered a formidable new strain of malware, dubbed Winos 4.0, targeting Microsoft Windows users, with a particular focus on individuals in Taiwan. First detected in January 2025, this malicious campaign leverages cunning phishing tactics, masquerading as com…GBHACKERS.COM
18 JunChrome 137 Update Patches High-Severity VulnerabilitiesGoogle has released a Chrome 137 update to resolve two memory bugs in the browser’s V8 and Profiler components. The post Chrome 137 Update Patches High-Severity Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
18 JunBlackHat AI Tool WormGPT Enhanced with Grok and MixtralThe rapid evolution of large language models (LLMs) has not only transformed legitimate industries but has also found its way into the hands of cybercriminals. WormGPT, a notorious blackhat AI tool, has recently resurfaced in enhanced forms powered by advanced models such as xAI’…GBHACKERS.COM
18 JunMitigating AI Threats: Bridging the Gap Between AI and Legacy SecurityAdopting a layered defense strategy that includes human-centric tools and updating security components. The post Mitigating AI Threats: Bridging the Gap Between AI and Legacy Security appeared first on SecurityWeek .SECURITYWEEK.COM
18 JunOpenAI to Help DoD With Cyber Defense Under New $200 Million ContractOpenAI has been awarded a $200 million contract for AI capabilities to help the Defense Department address national security challenges. The post OpenAI to Help DoD With Cyber Defense Under New $200 Million Contract appeared first on SecurityWeek .SECURITYWEEK.COM
18 JunVMware Unveils Cloud Foundation 9.0 With AI and Next-Gen WorkloadsVMware has officially announced the general availability of VMware Cloud Foundation (VCF) 9.0, marking a significant leap in private cloud technology designed to meet the demands of AI, data-intensive workloads, and modern enterprise operations. For years, organizations faced a s…GBHACKERS.COM
18 JunDMV-Style Phishing Scams Target U.S. Citizens to Harvest Sensitive InformationA highly coordinated phishing campaign surfaced, targeting U.S. citizens by impersonating various state Departments of Motor Vehicles (DMVs). This widespread attack utilized SMS phishing, or “smishing,” as its primary delivery vector, bombarding victims with alarming …GBHACKERS.COM
18 JunScammers hijack websites of Bank of America, Netflix, Microsoft, and more to insert fake phone number | Malwarebytessubmitted by kid to cybersecurity 2 points | 0 comments https://www.malwarebytes.com/blog/news/2025/06/scammers-hijack-websites-of-bank-of-america-netflix-microsoft-and-more-to-insert-fake-phone-numberSH.ITJUST.WORKS
18 JunWormGPT Makes a Comeback Using Jailbroken Grok and Mixtral Modelssubmitted by kid to cybersecurity 1 points | 0 comments https://hackread.com/wormgpt-returns-using-jailbroken-grok-mixtral-models/SH.ITJUST.WORKS
18 JunTaiwan Targeted In Sophisticated Malware Campaign Disguised As Tax Emailssubmitted by kid to cybersecurity 1 points | 0 comments https://informationsecuritybuzz.com/taiwan-targeted-in-sophisticated-malware-campaign-disguised-as-tax-emails/SH.ITJUST.WORKS
18 JunMicrosoft Enhances Office 365 Defender to Stop Email Bombing CampaignsMicrosoft has announced a significant enhancement to its Office 365 Defender suite with the introduction of Mail Bombing Detection, a new feature designed to combat the rising threat of email bombing attacks. This capability will be rolled out globally, starting in late June 2025…GBHACKERS.COM
18 JunPython Protobuf Flaw Allows DoS Via Nested Messagessubmitted by kid to cybersecurity 1 points | 0 comments https://securityonline.info/python-protobuf-flaw-allows-dos-via-nested-messages/SH.ITJUST.WORKS
18 JunRapperBot Botnet Surges with 50,000+ Attacks Targeting Network Edge Devicessubmitted by kid to cybersecurity 1 points | 0 comments https://gbhackers.com/rapperbot-botnet-surges-with-50000-attacks/SH.ITJUST.WORKS
18 JunSuperCard Malware Hijacks Android Devices to Steal Payment Card Data and Relay it to AttackersF6, a leading developer of technologies to combat cybercrime, has reported the emergence of SuperCard, a malicious modification of the legitimate NFCGate program, now targeting Android users globally, with recent attacks recorded in Russia. Initially detected in Europe during spr…GBHACKERS.COM
18 JunNew Linux udisks flaw lets attackers get root on major Linux distrossubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/linux/new-linux-udisks-flaw-lets-attackers-get-root-on-major-linux-distros/SH.ITJUST.WORKS
18 JunTelegram Messenger's Ties to Russia's FSB Revealed in New Report - Newsweeksubmitted by kid to cybersecurity 6 points | 0 comments https://www.newsweek.com/telegram-messenger-russia-fsb-ties-report-2083491SH.ITJUST.WORKS
18 JunGhostwriting ScamThe variations seem to be endless. Here’s a fake ghostwriting scam that seems to be making boatloads of money. This is a big story about scams being run from Texas and Pakistan estimated to run into tens if not hundreds of millions of dollars, viciously defrauding Americans…SCHNEIER.COM
18 JunWater Curse Employs 76 GitHub Accounts to Deliver Multi-Stage Malware Campaignsubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2025/06/water-curse-hijacks-76-github-accounts.htmlSH.ITJUST.WORKS
18 JunWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
18 JunGerrit Misconfiguration Exposed Google Projects to Malicious Code InjectionMisconfigured permissions in Google’s Gerrit code collaboration platform could have led to the compromise of ChromiumOS and other Google projects. The post Gerrit Misconfiguration Exposed Google Projects to Malicious Code Injection appeared first on SecurityWeek .SECURITYWEEK.COM
18 JunHalo Security Honored with 2025 MSP Today Product of the Year AwardHalo Security’s Attack Surface Management Platform Honored for Exceptional Innovation and Successful Deployment Through The Channel Halo Security today announced that its attack surface management solution has been named a 2025 MSP Today Product of the Year Award winne…GBHACKERS.COM
18 JunRussia’s Digital Arsenal: The Strategic Use of Private Companies and Hacktivists in Cyber OperationsRussia’s sophisticated cyber warfare strategy emerges as a calculated blend of state power and non-state agility, leveraging private companies, hacktivists, and criminal proxies to amplify its digital dominance. The roots of this hybrid model trace back to the collapse of the Sov…GBHACKERS.COM
18 JunWho Needs a Badge When You’ve Got Krispy Kreme?Who needs a badge when you’ve got Krispy Kreme? 🍩 In this wild true story, cybersecurity expert Mike Miller pulls off the ultimate social engineering stunt—walking into a secured building with nothing but 5 dozen donuts and perfect timing. It’s a hilarious yet eye-opening reminde…YOUTUBE.COM
18 JunAI Revolutionizes PLA Military Intelligence with Rapid Deployment Across OperationsThe People’s Liberation Army (PLA) of China has adopted generative artificial intelligence (AI) to revolutionize its intelligence capabilities, marking a major step in modernizing military operations. According to recent analyses, the PLA has shown a clear intent to integra…GBHACKERS.COM
18 JunRussian Hackers Bypass Gmail MFA with App Specific Password RuseRussian hackers posed as US State Department staff and convinced targets to generate and give up Google app-specific passwords. The post Russian Hackers Bypass Gmail MFA with App Specific Password Ruse appeared first on SecurityWeek .SECURITYWEEK.COM
18 JunChollima Hackers Target Windows and MacOS with New GolangGhost RAT MalwareA North Korean-affiliated threat actor called Famous Chollima (also known as Wagemole) has launched a sophisticated remote access trojan (RAT) campaign against Windows and MacOS devices, a concerning development discovered by Cisco Talos in May 2025. This group, suspected to comp…GBHACKERS.COM
18 JunThe SECRET to Building Secure Software (Nobody Told You!)Most developers focus on building features, but what if security was built into the process from the start? In this short, discover how modern AppSec teams create guardrails to make it hard for developers to do the wrong thing—ensuring secure coding without slowing down innovatio…YOUTUBE.COM
18 JunWarning: Voice Deepfakes Continue to ImproveAI-generated voice deepfakes present an urgent threat to organizations, according to researchers at Pindrop.KNOWBE4.COM
18 JunVendors Say THIS, But Their Tools Do THAT 🤨When cybersecurity vendors say one thing but their tools do another, trust erodes fast. In this short, Greg breaks down why major players like Tenable and Rapid7 often promise seamless integration—but deliver clunky, outdated systems. He exposes the real challenge buyers face: th…YOUTUBE.COM
18 JunNorth Korean hackers deepfake execs in Zoom call to spread Mac malwareNorth Korean advanced persistent threat (APT) 'BlueNoroff' (aka 'Sapphire Sleet' or 'TA444') are using deepfake company executives during fake Zoom calls to trick employees into installing custom malware on their computers. [...]BLEEPINGCOMPUTER.COM
18 JunThe Blockchain You’ve NEVER Heard Of! 👀🚀 The Blockchain You’ve NEVER Heard Of! 👀 Composite Blockchain (with a K!) is shaking up the industry with a revolutionary approach that’s been two years in the making. Noam Krasniansky and his team have crafted a powerful white paper, proving that exponential growth is just arou…YOUTUBE.COM
18 JunNorth Korean hackers deepfake execs in Zoom call to spread Mac malwaresubmitted by cm0002 to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/north-korean-hackers-deepfake-execs-in-zoom-call-to-spread-mac-malware/INFOSEC.PUB
18 JunNew Malware Campaign Uses Cloudflare Tunnels to Deliver RATs via Phishing Chainssubmitted by cm0002 to cybersecurity 1 points | 0 comments https://thehackernews.com/2025/06/new-malware-campaign-uses-cloudflare.htmlINFOSEC.PUB
🌐 CYBER THREAT LANDSCAPE 3[−]
18 Jun'Stargazers' use fake Minecraft mods to steal player passwordsA large-scale malware campaign specifically targets Minecraft players with malicious mods and cheats that infect Windows devices with infostealers that steal credentials, authentication tokens, and cryptocurrency wallets. [...]BLEEPINGCOMPUTER.COM
18 Jun1,500+ Minecraft Players Infected by Java Malware Masquerading as Game Mods on GitHubA new multi-stage malware campaign is targeting Minecraft users with a Java-based malware that employs a distribution-as-service (DaaS) offering called Stargazers Ghost Network. "The campaigns resulted in a multi-stage attack chain targeting Minecraft users specifically," Check P…THEHACKERNEWS.COM
18 JunNew Malware Campaign Uses Cloudflare Tunnels to Deliver RATs via Phishing ChainsA new campaign is making use of Cloudflare Tunnel subdomains to host malicious payloads and deliver them via malicious attachments embedded in phishing emails. The ongoing campaign has been codenamed SERPENTINE#CLOUD by Securonix. It leverages "the Cloudflare Tunnel infrastructur…THEHACKERNEWS.COM
🎙️ PODCASTS 2[−]
18 JunSmashing Security podcast #422: The curious case of the code copierA GCHQ intern forgets the golden rule of spy school — don’t take the secrets home with you — and finds himself swapping Cheltenham for a cell. Meanwhile, an Australian hacker flies too close to the sun, hacks his way into a US indictment, and somehow walks free... only to get boo…GRAHAMCLULEY.COM
18 JunRisky Business #796 -- With special guest co-host Chris KrebsOn this week’s show Patrick Gray and Adam Boileau are joined by special guest Chris Krebs to discuss the week’s cybersecurity news. They talk through: Israeli “hacktivists” take out an Iranian state-owned bank Scattered-spider and friends pivot into attacking insurers Securing id…RISKY.BIZ
📡 INFOSEC NEWS 8[−]
18 JunAsana warns MCP AI feature exposed customer data to other orgsWork management platform Asana is warning users of its new Model Context Protocol (MCP) feature that a flaw in its implementation potentially led to data exposure from their instances to other users and vice versa. [...]BLEEPINGCOMPUTER.COM
18 JunEx-CIA Analyst Sentenced to 37 Months for Leaking Top Secret National Defense DocumentsA former U.S. Central Intelligence Agency (CIA) analyst has been sentenced to little more than three years in prison for unlawfully retaining and transmitting top secret National Defense Information (NDI) to people who were not entitled to receive them and for attempting to cover…THEHACKERNEWS.COM
18 JunChainLink Phishing: How Trusted Domains Become Threat VectorsPhishing has evolved—and trust is the new attack vector. ChainLink Phishing uses real platforms like Google Drive & Dropbox to sneak past filters and steal credentials in the browser. Watch Keep Aware's on-demand webinar to see how these attacks work—and how to stop them. [...]BLEEPINGCOMPUTER.COM
18 JunMicrosoft 365 to block file access via legacy auth protocols by defaultMicrosoft has announced that it will soon update security defaults for all Microsoft 365 tenants to block access to SharePoint, OneDrive, and Office files via legacy authentication protocols. [...]BLEEPINGCOMPUTER.COM
18 JunForget ‘Shift Left’ – Security is EVERYWHERE! 🕵️♂️Most people think cybersecurity is all about “shifting left,” but that’s a myth! 🔥 Security isn’t just a developer’s responsibility—it’s embedded at every stage of the CI/CD pipeline. 🚀 From trust boundaries to security checkpoints, protecting your code requires a full-stack appr…YOUTUBE.COM
18 JunInternet collapses across Iran, say web monitoring firmsIt’s unclear what is causing a “near-total” internet blackout in Iran.TECHCRUNCH.COM
18 JunYes, the Co-op lost your data. Have a £10 shopping voucherThe Co-op is offering a £10 shopping discount to members after a cyber-attack saw hackers steal personal data including names, home address, email addresses, and membership card numbers.GRAHAMCLULEY.COM