🐛 COMMON VULNERABILITIES AND EXPOSURES 4[−]
20 JunApache SeaTunnel Flaw Lets Unauthorized Users Launch Deserialization AttacksA newly disclosed vulnerability in Apache SeaTunnel, a popular distributed data integration platform, has raised alarms in the cybersecurity community. The flaw, tracked as CVE-2025-32896, allows unauthorized users to exploit insecure REST API endpoints, enabling arbitrary file r…GBHACKERS.COM
20 JunDover Fueling Solutions Flaw Lets Attackers Control Fueling OperationsA newly disclosed critical vulnerability in Dover Fueling Solutions’ ProGauge MagLink LX consoles has sent shockwaves through the global fuel infrastructure sector. The flaw, tracked as CVE-2025-5310, allows remote attackers to seize control of fueling operations, manipulate tank…GBHACKERS.COM
20 JunFreeType Zero-Day Found by Meta Exploited in Paragon Spyware AttacksWhatsApp told SecurityWeek that it linked the exploited FreeType vulnerability CVE-2025-27363 to a Paragon exploit. The post FreeType Zero-Day Found by Meta Exploited in Paragon Spyware Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
20 JunVersa Director Flaws Let Attackers Execute Arbitrary CommandsA newly disclosed set of vulnerabilities in Versa Networks’ SD-WAN orchestration platform, Versa Director, with the flaws enabling authenticated attackers to upload malicious files and execute arbitrary commands on affected systems. The vulnerabilities, tracked as CVE-2025-23171 …GBHACKERS.COM
⚠️ VULNERABILITY DISCLOSURE 14[−]
20 JunMalicious Support Tickets Let Hackers Exploit Atlassian’s Model Context ProtocolA new class of cyberattack is targeting organizations leveraging Atlassian’s Model Context Protocol (MCP), exposing a critical weakness in the boundary between external and internal users. Researchers have demonstrated that malicious support tickets can be weaponized to exploit A…GBHACKERS.COM
20 JunHow to conduct an effective post-incident reviewLet’s says your organization has experienced a cybersecurity incident that had no material impact on the business but nevertheless rattled the security team and got the attention of senior management. Somehow the attack slipped past the monitoring tools in place before it was det…CSOONLINE.COM
20 JunIBM QRadar SIEM Bug Lets Attackers Run Arbitrary CommandsIBM has issued a critical security update for its QRadar SIEM platform after researchers uncovered multiple vulnerabilities, including a severe flaw that allows privileged users to execute arbitrary commands on affected systems. The vulnerabilities, disclosed in a security bullet…GBHACKERS.COM
20 Jun6 Steps to 24/7 In-House SOC SuccessHackers never sleep, so why should enterprise defenses? Threat actors prefer to target businesses during off-hours. That’s when they can count on fewer security personnel monitoring systems, delaying response and remediation. When retail giant Marks & Spencer experienced a se…THEHACKERNEWS.COM
20 JunMotors Theme Vulnerability Exploited to Hack WordPress WebsitesThreat actors are exploiting a critical-severity vulnerability in Motors theme for WordPress to change arbitrary user passwords. The post Motors Theme Vulnerability Exploited to Hack WordPress Websites appeared first on SecurityWeek .SECURITYWEEK.COM
20 JunGitHub hit by a sophisticated malware campaign as ‘Banana Squad’ mimics popular reposA threat group dubbed “Banana Squad,” active since April 2023, has trojanized more than 60 GitHub repositories in an ongoing campaign, offering Python-based hacking kits with malicious payloads. Discovered by ReversingLabs, the malicious public repos each imitate a well-known hac…CSOONLINE.COM
20 JunAflac discloses breach amidst Scattered Spider insurance attacksOn Friday, American insurance giant Aflac disclosed that its systems were breached in a broader campaign targeting insurance companies across the United States by attackers who may have stolen personal and health information. [...]BLEEPINGCOMPUTER.COM
20 JunWhy You Should Treat AI Like an Intern With SuperpowersAI coding assistants are changing the game, but are they being trusted too much? In this short, cybersecurity expert Aaran compares generative AI tools to junior developers—and explains why treating them like full team members without strict rules is a dangerous move. Watch how i…YOUTUBE.COM
20 JunTxTag Phishing Campaign Exploits .gov Domain to Deceive EmployeesA new and alarming phishing campaign has surfaced, leveraging the credibility of a .gov domain to deceive employees into believing they owe unpaid tolls. Identified by the Cofense Phishing Defense Center (PDC), this campaign manipulates the GovDelivery system a legitimate communi…GBHACKERS.COM
20 JunThreat Actors Exploit Vercel Hosting Platform to Distribute Remote Access MalwareCyberArmor has uncovered a sophisticated phishing campaign exploiting Vercel, a widely used frontend hosting platform, to distribute a malicious variant of LogMeIn, a legitimate remote access tool. Over the past two months, threat actors have orchestrated at least 28 distinct cam…GBHACKERS.COM
20 JunInsomnia API Client Vulnerability Enables Arbitrary Code Execution via Template InjectionA severe security vulnerability in the Insomnia API Client, a widely used tool by developers and security testers for interacting with APIs, has been uncovered by researchers at an offensive security consultancy. Discovered by Technical Director Marcio Almeida and Head of Researc…GBHACKERS.COM
20 JunThreat Actors Manipulate Google Search Results to Display Scammer’s Phone Number Instead of Real NumberThreat actors are increasingly exploiting the trust users place in sponsored search results on platforms like Google to orchestrate sophisticated scams. These malicious entities craft deceptive advertisements that mimic legitimate websites, particularly targeting popular brands a…GBHACKERS.COM
20 JunPenetration Testing vs. Vulnerability Assessment – What’s the Difference? 🤯Most people think penetration testing and vulnerability assessments are the same, but they’re not! 🚨 In this short, cybersecurity expert Phillip Wylie breaks down the key differences. While vulnerability assessments stop just before exploitation, pen testing goes all the way to s…YOUTUBE.COM
20 JunHackers Target 700+ ComfyUI AI Image Generation Servers to Spread MalwareChina’s National Cybersecurity Notification Center has issued an urgent warning about critical vulnerabilities in ComfyUI, a widely used image-generation framework for large AI models. These flaws, already under active exploitation by hacker groups, have compromised at least 695 …GBHACKERS.COM
📢 SECURITY ADVISORIES 5[−]
20 JunIBM combines governance and security tools to solve the AI agent oversight crisisIBM is integrating its AI governance tool watsonx.governance with Guardium AI Security — its tool for securing AI models, data, and their usage — to simplify and bolster AgentOps for enterprises. AgentOps, short for agent operations and also otherwise known as agent development l…CSOONLINE.COM
20 JunOxford City Council Hit by Cyberattack Exposing Employee Personal DataOxford City Council has confirmed it was the target of a sophisticated cyberattack that resulted in the exposure of personal data belonging to employees, including those involved in council-administered elections over the past two decades. The council detected an unauthorised pre…GBHACKERS.COM
20 JunUK Passes Data Use and Access Regulation Billsubmitted by kid to cybersecurity 2 points | 0 comments https://www.bankinfosecurity.in/uk-passes-data-access-use-regulation-bill-a-28760SH.ITJUST.WORKS
20 JunCyberattack Disrupts Russian Dairy Supply Chain by Targeting Animal Certification SystemIn a Russia’s dairy supply chain, a suspected cyberattack has targeted the Mercury component of the national veterinary certification system, forcing it into emergency operation mode. This critical system, integral to the processing of veterinary accompanying documents, ens…GBHACKERS.COM
🔥 INCIDENT REPORTING 19[−]
20 JunNo, the 16 billion credentials leak is not a new data breachsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/no-the-16-billion-credentials-leak-is-not-a-new-data-breach/SH.ITJUST.WORKS
20 JunTesla Wall Connector Hacked Through Charging Port in Just 18 MinutesSecurity researchers from Synacktiv successfully hacked the Tesla Wall Connector through its charging port in just 18 minutes, exposing critical vulnerabilities in the device’s firmware and communication protocols. The Tesla Wall Connector and Its Architecture The Tesla Wall Conn…GBHACKERS.COM
20 JunExposing Cybersecurity Threats: Breaches, Vulnerabilities, and Evolving MalwareIn this episode of 'Cybersecurity Today,' host Jim Love discusses several alarming cybersecurity developments. A recent Washington Post breach raises critical questions about Microsoft 365’s enterprise security as foreign government hackers compromised the email accounts of journ…CYBERSECURITYTODAY.LIBSYN.COM
20 JunHackers Access Legacy Systems in Oxford City Council CyberattackPersonal data of former and current council workers, including election staff, may have been accessed by hackers. The post Hackers Access Legacy Systems in Oxford City Council Cyberattack appeared first on SecurityWeek .SECURITYWEEK.COM
20 Jun161,000 People Impacted by Krispy Kreme Data BreachKrispy Kreme is sharing more information on the data breach resulting from the ransomware attack targeting the company in 2024. The post 161,000 People Impacted by Krispy Kreme Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
20 Jun16 Billion Passwords Stolen From 320 Million+ Computers Leaked OnlineA staggering 16 billion login credentials, usernames, and passwords have been exposed in what cybersecurity experts are calling the largest data breach in internet history. The leak, which impacts major platforms including Apple, Facebook, Google, Instagram, Telegram, GitHub, and…GBHACKERS.COM
20 JunHacker legen Leymann Baustoffe lahmAlle Filialen der Baumarktkette Leymann Baustoffe müssen aufgrund einer Cyberattacke geschlossen bleiben. Firn – shutterstock.com Die Unternehmensgruppe Leymann Baustoffe ist aktuell aufgrund eines Cyberangriffs nur eingeschränkt erreichbar. Wie der Baustoffhändler mit Sitz in Su…CSOONLINE.COM
20 JunThe world's biggest data breach: what should folks do? | Kaspersky official blog16 billion exposed login credentials allegedly leaked online. We tell you what everyone needs to do right now.KASPERSKY.COM
20 JunIran's State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto HeistIran's state-owned TV broadcaster was hacked Wednesday night to interrupt regular programming and air videos calling for street protests against the Iranian government, according to multiple reports. It's currently not known who is behind the attack, although Iran pointed fingers…THEHACKERNEWS.COM
20 JunKrispy Kreme says November data breach impacts over 160,000 peoplesubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/krispy-kreme-says-november-data-breach-impacts-over-160-000-people/SH.ITJUST.WORKS
20 JunMassive DDoS Attack Hits 7.3 Tbps Delivering 37.4 Terabytes in 45 SecondsThe internet witnessed a new record in cyberattacks last month as Cloudflare, blocked the largest distributed denial-of-service (DDoS) attack ever recorded. The attack peaked at an astonishing 7.3 terabits per second (Tbps), overwhelming its target with 37.4 terabytes of data in …GBHACKERS.COM
20 JunQilin offers “Call a lawyer” button for affiliates attempting to extort ransoms from victims who won’t payImagine for one moment that you are a cybercriminal. You have compromised an organisation's network, you have stolen their data, you have encrypted their network, and you are now knee-deep in the ransomware negotiation. However, there's a problem. Your target is stalling for time…TRIPWIRE.COM
20 JunIn Other News: Viasat Hacked by China, Washington Post Cyberattack, CrowhammerNoteworthy stories that might have slipped under the radar: China’s Salt Typhoon targeted Viasat, Washington Post emails compromised in hack, Rowhammer attack named Crowhammer. The post In Other News: Viasat Hacked by China, Washington Post Cyberattack, Crowhammer appeared first …SECURITYWEEK.COM
20 JunIran’s government says it shut down internet to protect against cyberattacksThe government cited the recent hacks on Bank Sepah and cryptocurrency exchange Nobite as reasons to shut down internet access to virtually all Iranians.TECHCRUNCH.COM
20 JunQilin Ransomware Adds "Call Lawyer" Feature to Pressure Victims for Larger RansomsThe threat actors behind the Qilin ransomware-as-a-service (RaaS) scheme are now offering legal counsel for affiliates to put more pressure on victims to pay up, as the cybercrime group intensifies its activity and tries to fill the void left by its rivals. The new feature takes …THEHACKERNEWS.COM
20 JunKrispy Kreme hack exposed sensitive data of over 160,000 peopleKrispy Kreme, the dispenser of delectable doughnuts, has revealed that an astonishingly wide range of personal information belonging to past and present employees, as well as members of their families, was accessed by hackers during a cyber attack last year. Read more in my artic…BITDEFENDER.COM
20 JunWhen One Bank Falls, Do They All? 💣 #cybersecurityWhen cyberattacks hit one financial institution, it’s not just their problem—it could become everyone’s. In this short, Steve Lodin from Sallie Mae reveals how real-time threat intelligence sharing between banks acts like a digital neighborhood watch. Viewers will get a glimpse i…YOUTUBE.COM
20 JunBitoPro exchange links Lazarus hackers to $11 million crypto heistThe Taiwanese cryptocurrency exchange BitoPro claims the North Korean hacking group Lazarus is behind a cyberattack that led to the theft of $11,000,000 worth of cryptocurrency on May 8, 2025. [...]BLEEPINGCOMPUTER.COM
20 JunIranian State TV hacked, and that’s modern warfareIn modern warfare, it’s not just about who has the biggest bombs — it's about who controls the story.GRAHAMCLULEY.COM
🕵️ THREAT INTELLIGENCE 29[−]
20 JunIran-Israel War Triggers a Maelstrom in Cyberspacesubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.darkreading.com/threat-intelligence/iran-israel-war-maelstrom-cyberspaceINFOSEC.PUB
20 JunISC Stormcast For Friday, June 20th, 2025 https://isc.sans.edu/podcastdetail/9498, (Fri, Jun 20th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
20 JunThe Hidden Threat: How DanaBot Malware Facilitated Data Theft and Russian State-Sponsored Spyingsubmitted by Pro to cybersecurity 1 points | 0 comments https://www.rferl.org/a/russia-danabot-hacker-malware-state-spying/33449258.htmlINFOSEC.PUB
20 JunThe Hidden Threat: How DanaBot Malware Facilitated Data Theft and Russian State-Sponsored Spyingsubmitted by Pro to cybersecurity 1 points | 0 comments https://www.rferl.org/a/russia-danabot-hacker-malware-state-spying/33449258.htmlSH.ITJUST.WORKS
20 Jun67 Trojanized GitHub Repositories Found in Campaign Targeting Gamers and DevelopersCybersecurity researchers have uncovered a new campaign in which the threat actors have published more than 67 GitHub repositories that claim to offer Python-based hacking tools, but deliver trojanized payloads instead. The activity, codenamed Banana Squad by ReversingLabs, is as…THEHACKERNEWS.COM
20 JunCloudflare Tunnels Abused in New Malware CampaignA threat actor is abusing Cloudflare Tunnels for the delivery of a Python loader as part of a complex infection chain. The post Cloudflare Tunnels Abused in New Malware Campaign appeared first on SecurityWeek .SECURITYWEEK.COM
20 JunMicrosoft Introduces Enhanced Security Defaults for Windows 365 Cloud PCsMicrosoft has announced a significant update to the security posture of its Windows 365 Cloud PCs, introducing new secure-by-default capabilities designed to fortify virtual desktop environments against modern cyber threats. These changes, set to roll out in the second half of 20…GBHACKERS.COM
20 JunGodFather Android Malware Uses On-Device Virtualization to Hijack Legitimate Banking AppsZimperium zLabs has uncovered a highly advanced iteration of the GodFather Android banking malware, which employs a groundbreaking on-device virtualization technique to compromise legitimate mobile banking and cryptocurrency applications. Unlike traditional overlay attacks that m…GBHACKERS.COM
20 JunSurveillance in the USGood article from 404 Media on the cozy surveillance relationship between local Oregon police and ICE: In the email thread, crime analysts from several local police departments and the FBI introduced themselves to each other and made lists of surveillance tools and tactics they h…SCHNEIER.COM
20 JunGodfather Android Trojan Creates Sandbox on Infected DevicesThe Godfather Android trojan uses on-device virtualization to hijack legitimate applications and steal users’ funds. The post Godfather Android Trojan Creates Sandbox on Infected Devices appeared first on SecurityWeek .SECURITYWEEK.COM
20 JunAntiDot 3-in-1 Android Botnet Malware Grants Attackers Full Control Over Victim DevicesA new Android botnet malware named AntiDot has emerged as a formidable threat, granting cybercriminals unprecedented control over infected devices. Operated and sold by LARVA-398 as a Malware-as-a-Service (MaaS) on underground forums like XSS, AntiDot is marketed as a “3-in…GBHACKERS.COM
20 JunRecord-Breaking 7.3 Tbps DDoS Attack Targets Hosting ProviderCloudflare has blocked yet another record-breaking DDoS attack, which delivered the equivalent of 9,000 HD movies in just 45 seconds. The post Record-Breaking 7.3 Tbps DDoS Attack Targets Hosting Provider appeared first on SecurityWeek .SECURITYWEEK.COM
20 JunGodfather Android malware now uses virtualization to hijack banking appssubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/godfather-android-malware-now-uses-virtualization-to-hijack-banking-apps/SH.ITJUST.WORKS
20 JunUBS Employee Data Reportedly Exposed in Third Party Attack - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/ubs-employee-data-exposed-third/SH.ITJUST.WORKS
20 JunBanana Squad’s Stealthy GitHub Malware Campaign Targets Devs - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/banana-squads-github-malware/SH.ITJUST.WORKS
20 JunAzure Misconfiguration Lets Attackers Take Over Cloud InfrastructureA recent security analysis has revealed how a chain of misconfigurations in Microsoft Azure can allow attackers to gain complete control over an organization’s cloud infrastructure, from initial access to full tenant takeover. The attack path, demonstrated using real-world tools …GBHACKERS.COM
20 JunAI-Assisted Cyber Defense: Game Changer? 🎯AI is changing cybersecurity forever! 🚀 In this short, discover how AI-assisted detectors are revolutionizing cyber defense by reducing false positives and enhancing threat detection. Instead of relying solely on traditional AI models, this innovative approach combines logic-base…YOUTUBE.COM
20 JunPowerShell Loaders Use In-Memory Execution to Evade Disk-Based DetectionA recent threat hunting session has revealed a sophisticated PowerShell script, named y1.ps1, hosted in an open directory on a Chinese server (IP: 123.207.215.76). First detected on June 1, 2025, this script operates as a shellcode loader, employing advanced in-memory execution t…GBHACKERS.COM
20 JunCongress & Tech Giants AGREE on This Cybersecurity Standard?! 😲Cybersecurity is one of the few topics where both political parties actually agree! 😲 In a recent House Homeland Security Committee hearing, experts and lawmakers from both sides backed the “Secure by Design” approach—an industry shift that could change cybersecurity forever. But…YOUTUBE.COM
20 JunCyber threat bulletin: People's Republic of China cyber threat activity: PRC cyber actors target telecommunications companies as part of a global cyberespionage campaignThe Canadian Centre for Cyber Security (Cyber Centre) and the United States’ Federal Bureau of Investigation (FBI) is warning Canadians of the threat posed by People’s Republic of China (PRC)CYBER.GC.CA
20 JunHow Chaos Makes Blockchain MORE Secure! 🌀🔐 How Chaos Makes Blockchain MORE Secure! 🌀 Blockchain security just got a game-changing upgrade! Instead of competing, nodes now work together in unpredictable subgroups, making the system ultra-secure. It’s all thanks to a chaotic node algorithm, where nodes don’t even know who…YOUTUBE.COM
20 JunMocha Manakin Uses Paste-and-Run Technique to Deceive Users into Downloading MalwareA malicious campaign tracked as Mocha Manakin has been identified employing the deceptive “paste-and-run” technique to trick unsuspecting users into executing harmful scripts. First observed in August 2024 and actively monitored since January 2025 by security research…GBHACKERS.COM
20 JunBeware of Weaponized MSI Installer Masquerading as WhatsApp to Deliver XWorm RATA newly identified cyber threat linked to a China-based threat actor has emerged, targeting users across East and Southeast Asia with a trojanized MSI installer disguised as a legitimate WhatsApp setup file. This deceptive campaign delivers a customized version of the XWorm Remot…GBHACKERS.COM
20 JunYou Must FAIL This CAPTCHA to Enter! 😱In a world where AI is taking over, cybersecurity experts face a bizarre challenge—what if failing a CAPTCHA is the only way to get in? 🤯 At the Non-Human Pavilion, the rules are flipped, and only machines are truly welcome. Can cyborgs still qualify as human? And what happens if…YOUTUBE.COM
20 JunPrometei Botnet Targets Linux Servers for Cryptocurrency Mining OperationsUnit 42 researchers from Palo Alto Networks have identified a renewed wave of attacks by the Prometei botnet, specifically targeting Linux servers, as of March 2025. Initially discovered in July 2020 with a focus on Windows systems, Prometei has since evolved, with its Linux vari…GBHACKERS.COM
20 JunFriday Squid Blogging: Gonate Squid VideoThis is the first ever video of the Antarctic Gonate Squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.SCHNEIER.COM
20 JunDonut Holes, clickfix, rapperbots, bad devs, war, Doug Rants about Backups, and More. - SWN #487Donut Holes, clickfix, rapperbots, bad devs, war, Doug Rants about Backups, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-487YOUTUBE.COM
20 JunThe Next Wave of CybersecurityTraditional cloud security fails against real-time attacks. Protect with a unified approach: best-in-class CDR combined with industry-leading CNAPP. The post The Next Wave of Cybersecurity appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
20 JunCybersecurity’s Biggest Hidden Expense! 💀Most cybersecurity professionals don’t realize they’re paying a hidden cost—the Customization Tax! 💸 Security tools claim to be one-size-fits-all, but in reality, companies spend extra time and money making them work for their specific needs. 🔧💀 If critical threats aren’t showing…YOUTUBE.COM
📡 INFOSEC NEWS 6[−]
20 JunMassive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting ProviderCloudflare on Thursday said it autonomously blocked the largest ever distributed denial-of-service (DDoS) attack ever recorded, which hit a peak of 7.3 terabits per second (Tbps). The attack, which was detected in mid-May 2025, targeted an unnamed hosting provider. "Hosting provi…THEHACKERNEWS.COM
20 JunMicrosoft to remove legacy drivers from Windows Update for security boostMicrosoft has announced plans to periodically remove legacy drivers from the Windows Update catalog to mitigate security and compatibility risks. [...]BLEEPINGCOMPUTER.COM
20 JunCan users reset their own passwords without sacrificing security?Self-service password resets (SSPR) reduce helpdesk strain—but without strong security, they can open the door to attackers. Learn why phishing-resistant MFA, context-aware verification, and risk-based detection are critical to secure SSPR implementation. [...]BLEEPINGCOMPUTER.COM
20 JunIs ‘Shift Left’ Dead? Cyber Experts Weigh InIs "Shift Left" in cybersecurity really dead? Some InfoSec professionals think so! 🚨 Once praised as the future of secure coding, many experts now argue that it pushes too much responsibility onto developers while leaving AppSec teams sidelined. But what’s the real story? And whe…YOUTUBE.COM
20 JunCloudflare blocks record 7.3 Tbps DDoS attack against hosting providerCloudflare says it mitigated a record-breaking distributed denial of service (DDoS) attack in May 2025 that peaked at 7.3 Tbps, targeting a hosting provider. [...]BLEEPINGCOMPUTER.COM
20 JunMicrosoft investigates OneDrive bug that breaks file searchMicrosoft is investigating a known OneDrive issue that is causing searches to appear blank for some users or return no results even when searching for files they know they've already uploaded. [...]BLEEPINGCOMPUTER.COM