🐛 COMMON VULNERABILITIES AND EXPOSURES 11[−]
24 JunChina-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian TelecomThe Canadian Centre for Cyber Security and the U.S. Federal Bureau of Investigation (FBI) have issued an advisory warning of cyber attacks mounted by the China-linked Salt Typhoon actors to breach major global telecommunications providers as part of a cyber espionage campaign. Th…THEHACKERNEWS.COM
24 JunNotepad++ Vulnerability Allows Full System Takeover — PoC ReleasedA critical privilege escalation vulnerability (CVE-2025-49144) in Notepad++ v8.8.1 enables attackers to achieve full system control through a supply-chain attack. The flaw exploits the installer’s insecure search path behavior, allowing unprivileged users to escalate privil…GBHACKERS.COM
24 JunAviatrix Cloud Controller Flaw Enables Remote Code Execution via Authentication BypassA Mandiant Red Team engagement has uncovered two critical vulnerabilities in Aviatrix Controller—cloud networking software used to manage multi-cloud environments. The flaws enable full system compromise through an authentication bypass (CVE-2025-2171) followed by authenticated c…GBHACKERS.COM
24 JunWinRAR Vulnerability Exploited with Malicious Archives to Execute CodeA newly disclosed vulnerability in RARLAB’s WinRAR, the widely used file compression utility for Windows, has put millions of users at risk of remote code execution (RCE) attacks. Tracked as CVE-2025-6218 and assigned a CVSS score of 7.8 (High), this flaw allows attackers to exec…GBHACKERS.COM
24 JunXiaomi Interoperability App Flaw Allows Unauthorized Access to User DevicesA critical security vulnerability, tracked as CVE-2024-45347, has been discovered in Xiaomi’s Mi Connect Service App, exposing millions of users to the risk of unauthorized access to their smart devices. The flaw, which received a CVSS severity score of 9.6, stems from a defect i…GBHACKERS.COM
24 JunOPPO Clone Phone Vulnerability Leaks Sensitive Data via Weak WiFi HotspotA newly disclosed security vulnerability in OPPO’s widely used Clone Phone app has raised significant concerns over user privacy, as it exposes sensitive data through a weakly secured WiFi hotspot. The flaw, cataloged as CVE-2025-27387, has been rated as high severity and was pub…GBHACKERS.COM
24 JunCritical Convoy Flaw Allows Remote Code Execution on ServersA critical vulnerability (CVE-2025-52562) in Performave Convoy—a KVM server management panel widely used by hosting providers—enables unauthenticated attackers to execute arbitrary code on affected systems. Rated the maximum CVSS score of 10.0, this flaw exposes servers to comple…GBHACKERS.COM
24 JunCritical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777) - Help Net Securitysubmitted by kid to cybersecurity 1 points | 0 comments https://www.helpnetsecurity.com/2025/06/23/critical-citrix-netscaler-bug-fixed-upgrade-asap-cve-2025-5777/SH.ITJUST.WORKS
24 JunZimbra Classic Web Client Vulnerability Allows Arbitrary JavaScript ExecutionA critical security flaw has been discovered and patched in the Zimbra Collaboration Suite (ZCS) Classic Web Client, exposing millions of business users to the risk of arbitrary JavaScript execution through stored cross-site scripting (XSS). Tracked as CVE-2025-27915, this vulner…GBHACKERS.COM
24 JunThreat Actors Exploit ConnectWise Configuration to Create Signed MalwareThreat actors have increasingly exploited vulnerabilities and configurations in ConnectWise software to distribute signed malware, masquerading as legitimate applications. Initially observed in February 2024 with ransomware attacks linked to vulnerabilities CVE-2024-1708 and CVE-…GBHACKERS.COM
24 JunMultiple vulnerabilities in Sitecore CMS | Kaspersky official blogResearchers have discovered vulnerabilities in Sitecore — CVE-2025-34509, CVE-2025-34510, and CVE-2025-34511 — including a default account with the password "b".KASPERSKY.COM
⚠️ VULNERABILITY DISCLOSURE 28[−]
24 Jun8 effektive Multicloud-Security-Tippssrcset="https://b2b-contenthub.com/wp-content/uploads/2025/06/Krasovski-Dimitri-shutterstock_1277815804_16z9.jpg?quality=50&strip=all 4403w, https://b2b-contenthub.com/wp-content/uploads/2025/06/Krasovski-Dimitri-shutterstock_1277815804_16z9.jpg?resize=300%2C168&quality=5…CSOONLINE.COM
24 Jun⚡ Weekly Recap: Chrome 0-Day, 7.3 Tbps DDoS, MFA Bypass Tricks, Banking Trojan and Moresubmitted by cm0002 to cybersecurity 2 points | 0 comments https://thehackernews.com/2025/06/weekly-recap-chrome-0-day-73-tbps-ddos.htmlINFOSEC.PUB
24 JunNew Echo Chamber Attack Breaks AI Models Using Indirect PromptsA groundbreaking AI jailbreak technique, dubbed the “Echo Chamber Attack,” has been uncovered by researchers at Neural Trust, exposing a critical vulnerability in the safety mechanisms of today’s most advanced large language models (LLMs). Unlike traditional jailbreak…GBHACKERS.COM
24 JunIranian cyber threats overhyped, but CISOs can’t afford to let down their guardOver the past ten days, real-world military attacks have fostered fears that Iranian threat actors would launch cyberattacks on US organizations as part of a hybrid cyber-kinetic retaliation to US intervention in geopolitical tensions between Israel and Iran. Among the steps that…CSOONLINE.COM
24 JunThe CISO’s 5-step guide to securing AI operationsWhen ChatGPT first came out, I asked a panel of CISOs what it meant for their cybersecurity programs. They recognized impending changes, but reflected on past disruptive technologies, like iPods, Wi-Fi access points, and SaaS applications entering the enterprise. The consensus wa…CSOONLINE.COM
24 JunAdvanced Malware Campaign Targets WordPress and WooCommerce Sites with Hidden SkimmersThe Wordfence Threat Intelligence Team uncovered a sophisticated malware campaign during a routine site cleanup, revealing a family of malicious code targeting WordPress and WooCommerce platforms. This campaign, which dates back to September 2023 as per their Threat Intelligence …GBHACKERS.COM
24 JunHow Fuzzing Barcodes Raises the Bar for Secure Code - Artur Cygan - ASW #336Fuzzing has been one of the most successful ways to improve software quality. And it demonstrates how improving software quality improves security. Artur Cygan shares his experience in building and applying fuzzers to barcode scanners, smart contracts, and just about any code you…YOUTUBE.COM
24 JunThe Guardian and Cambridge University's Department of Computer Science unveil new secure technology to protect sourcessubmitted by Davriellelouna to cybersecurity 2 points | 0 comments http://www.theguardian.com/gnm-press-office/2025/jun/09/the-guardian-launches-secure-messaging-a-world-first-from-a-media-organisation-in-collaboration-with-the-university-of-cambridge Academic paper: www.cl.cam.a…SH.ITJUST.WORKS
24 JunHackers Exploit Misconfigured Docker APIs to Mine Cryptocurrency via Tor NetworkMisconfigured Docker instances are the target of a campaign that employs the Tor anonymity network to stealthily mine cryptocurrency in susceptible environments. "Attackers are exploiting misconfigured Docker APIs to gain access to containerized environments, then using Tor to ma…THEHACKERNEWS.COM
24 JunGoogle Cloud Donates A2A Protocol to Linux Foundation for Smarter, Secure Communication In a landmark move for the artificial intelligence industry, Google Cloud has donated its Agent2Agent (A2A) protocol to the Linux Foundation, marking a significant step toward open, secure, and interoperable communication between AI agents. The announcement was made at the …GBHACKERS.COM
24 JunChina: Draft cybersecurity amendment doubles down on digital repression - ARTICLE 19submitted by Hotznplotzn to cybersecurity 1 points | 0 comments https://www.article19.org/resources/china-draft-cybersecurity-amendment-doubles-down-on-digital-repression cross-posted from: lemmy.sdf.org/post/37332256 Archived On 14 May 2025 the Standing Committee of the National…INFOSEC.PUB
24 JunChina: Draft cybersecurity amendment doubles down on digital repression - ARTICLE 19submitted by Hotznplotzn to cybersecurity 2 points | 0 comments https://www.article19.org/resources/china-draft-cybersecurity-amendment-doubles-down-on-digital-repression cross-posted from: lemmy.sdf.org/post/37332256 Archived On 14 May 2025 the Standing Committee of the National…SH.ITJUST.WORKS
24 JunNew ‘Echo Chamber’ attack can trick GPT, Gemini into breaking safety rulesIn a novel large language model (LLM) jailbreak technique, dubbed Echo Chamber Attack, attackers can potentially inject misleading context into the conversation history to trick leading GPT and Gemini models into bypassing security guardrails. According to a research by Neural Tr…CSOONLINE.COM
24 JunCritical Key Derivation Flaws in pbkdf2 Affect Millions of JavaScript Projects, PoC Availablesubmitted by kid to cybersecurity 2 points | 0 comments https://securityonline.info/critical-key-derivation-flaws-in-pbkdf2-affect-millions-of-javascript-projects-poc-available/SH.ITJUST.WORKS
24 JunPoC Released for Notepad++ Flaw Enables Privilege Escalation to NT AUTHORITY\SYSTEMsubmitted by kid to cybersecurity 1 points | 0 comments https://securityonline.info/poc-released-for-notepad-flaw-enables-privilege-escalation-to-nt-authoritysystem/SH.ITJUST.WORKS
24 JunHackers Exploit Misconfigured Docker APIs to Mine Cryptocurrency via Tor Networksubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2025/06/hackers-exploit-misconfigured-docker.htmlSH.ITJUST.WORKS
24 JunWhy a Classic MCP Server Vulnerability Can Undermine Your Entire AI AgentA single SQL injection bug in Anthropic’s SQLite MCP server—forked over 5,000 times—can seed stored prompts, exfiltrate data, and hand attackers the keys to entire agent workflows. This entry unpacks the attack chain and lays out concrete fixes to shut it down.TRENDMICRO.COM
24 JunUS House reportedly bans WhatsApp from staffers’ devices over security concernsA US House of Representatives official has reportedly banned WhatsApp from staffers’ government-issued devices, citing cybersecurity concerns about the messaging platform’s data handling practices. The decision adds Meta’s flagship messaging service to a growing list of applicati…COMPUTERWORLD.COM
24 JunWeb3’s Weakest Link: The Access Control Nightmare!Access control vulnerabilities remain the #1 security risk in Web3, just like they did in Web2! 🚨 Hackers are exploiting weak RBAC protections to take over admin privileges, leading to massive losses—not just data, but millions in crypto! 💸 Smart contracts are supposed to be secu…YOUTUBE.COM
24 JunOver 2,000 Devices Compromised by Weaponized Social Security Statement Phishing AttacksCyberArmor analysts have uncovered a meticulously crafted phishing campaign that has already compromised over 2,000 devices by exploiting the trusted theme of Social Security Administration (SSA) statements. Cybercriminals behind this operation deployed a highly convincing email …GBHACKERS.COM
24 JunWhy Cybersecurity Training Might Be Hurting Your Team 🧠Many cybersecurity teams rely on constant training to build awareness—but what if that’s doing more harm than good? In this short, Jinan Budge shares a brutally honest take on how traditional training might be frustrating employees and damaging cyber culture. With human risk mana…YOUTUBE.COM
24 Jun KEVAnton’s Security Blog Quarterly Q2 2025Amazingly, Medium has fixed the stats so my blog/podcast quarterly is back to life. As before , this covers both Anton on Security and my posts from Google Cloud blog , and our Cloud Security Podcast ( subscribe ). Top 10 posts with the most lifetime views (excluding paper announ…MEDIUM.COM
24 JunHe Ran SATAN in 1995… And It Broke Everything 👀In this wild cybersecurity throwback, Steve Lodin recalls the early days of vulnerability scanning—when using a tool called SATAN in 1995 nearly shut down General Motors. This isn’t fiction. It’s a true story from the frontline of early InfoSec, showing how network security was s…YOUTUBE.COM
24 JunCISA Releases Eight Industrial Control Systems AdvisoriesCISA released eight Industrial Control Systems (ICS) advisories on June 24, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-175-01 Kaleris Navis N4 Terminal Operating System ICSA-25-175-02 Del…CISA.GOV
24 JunBank of America, Netflix, and Microsoft Hacked to Inject Fake Phone NumbersJérôme Segura, cybercriminals are exploiting search parameter vulnerabilities to inject fake phone numbers into the legitimate websites of major brands like Apple, Bank of America, Facebook, HP, Microsoft, Netflix, and PayPal. This sophisticated attack, technically termed a ̶…GBHACKERS.COM
24 JunNew Guidance Released for Reducing Memory-Related VulnerabilitiesToday, CISA, in partnership with the National Security Agency (NSA), released a joint guide on reducing memory-related vulnerabilities in modern software development . Memory safety vulnerabilities pose serious risks to national security and critical infrastructure. Adoptin…CISA.GOV
24 JunThe AI Fix #56: ChatGPT traps man in a cult of one, and AI is actually stupidIn episode 56 of The AI Fix, Anthropic and Apple have a bar fight, a woman describes her husband falling in love with ChatGPT as “not ideal”, WhatsApp's AI helper isn't helpful, Graham serenades a pack of headless robot dogs with his rendition of “Don't stop me know”, and our hos…GRAHAMCLULEY.COM
24 JunLLMs Are Teaching Developers BAD Habits 😤When AI starts writing code, it doesn’t always follow best practices—and that’s a huge problem. In this short, cybersecurity expert Keith Hoodlet breaks down how LLM-generated code is quietly creating security flaws that future engineers will be forced to clean up. As developers …YOUTUBE.COM
📋 SECURITY BULLETINS 1[−]
24 JunWindows 10 users can get extended security updates using Microsoft pointsMicrosoft says Windows 10 home users who want to delay switching to Windows 11 can enroll in the Extended Security Updates (ESU) program using Microsoft Rewards points. [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 6[−]
24 JunU.S. House Bans WhatsApp on Official Devices Over Security and Data Protection IssuesThe U.S. House of Representatives has formally banned congressional staff members from using WhatsApp on government-issued devices, citing security concerns. The development was first reported by Axios. The decision, according to the House Chief Administrative Officer (CAO), was …THEHACKERNEWS.COM
24 JunNCSC Warns of SHOE RACK Malware Targeting Fortinet Firewalls via DOH & SSH ProtocolsThe National Cyber Security Centre (NCSC) has issued a critical alert regarding a newly identified malware, dubbed SHOE RACK, which has been observed targeting Fortinet firewalls and other perimeter devices. Developed using the Go 1.18 programming language, this malicious softwar…GBHACKERS.COM
24 JunSiemens Notifies Customers of Microsoft Defender Antivirus Issuesubmitted by kid to cybersecurity 1 points | 0 comments https://www.securityweek.com/siemens-notifies-customers-of-microsoft-defender-antivirus-issue/ Siemens informed customers on Tuesday that it’s working with Microsoft to address an issue related to Microsoft Defender Antiviru…SH.ITJUST.WORKS
🔥 INCIDENT REPORTING 15[−]
24 JunChina-linked LapDogs campaign drops backdoor with fake certs, targeting mainly Small Office/Home Office (SOHO) devicessubmitted by Hotznplotzn to cybersecurity 1 points | 0 comments https://securityscorecard.com/blog/unmasking-a-new-china-linked-covert-orb-network-inside-the-lapdogs-campaign cross-posted from: lemmy.sdf.org/post/37319322 Archived Full report (pdf) Key Takeaways: Over 1,000 activ…INFOSEC.PUB
24 JunChina-linked LapDogs campaign drops backdoor with fake certs, targeting mainly Small Office/Home Office (SOHO) devicessubmitted by Hotznplotzn to cybersecurity 3 points | 0 comments https://securityscorecard.com/blog/unmasking-a-new-china-linked-covert-orb-network-inside-the-lapdogs-campaign Archived Full report (pdf) Key Takeaways: Over 1,000 actively infected nodes Targets are highly localized…SH.ITJUST.WORKS
24 JunApple, Netflix, Microsoft Sites ‘Hacked’ for Tech Support ScamsTech support scammers are using sponsored ads and search parameter injection to trick users into calling them. The post Apple, Netflix, Microsoft Sites ‘Hacked’ for Tech Support Scams appeared first on SecurityWeek .SECURITYWEEK.COM
24 JunAPT28 Uses Signal Chat to Deploy BEARDSHELL Malware and COVENANT in UkraineThe Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new cyber attack campaign by the Russia-linked APT28 (aka UAC-0001) threat actors using Signal chat messages to deliver two new malware families dubbed BEARDSHELL and COVENANT. BEARDSHELL, per CERT-UA, is w…THEHACKERNEWS.COM
24 JunDHS Warns of Pro-Iranian Hacktivists Targeting U.S. NetworksThe Department of Homeland Security (DHS) has raised alarms over an increasing wave of low-level cyberattacks targeting U.S. networks, orchestrated by pro-Iranian hacktivist groups. This warning comes in the wake of heightened geopolitical tensions following the United StatesR…GBHACKERS.COM
24 JunData of more than 740,000 stolen in ransomware attack on Michigan hospital network | The Record from Recorded Future Newssubmitted by kid to cybersecurity 1 points | 0 comments https://therecord.media/mclaren-health-care-data-breach-notification-ransomwareSH.ITJUST.WORKS
24 JunSteel giant Nucor confirms hackers stole data in recent breachsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/steel-giant-nucor-confirms-hackers-stole-data-in-recent-breach/SH.ITJUST.WORKS
24 JunCanada says Salt Typhoon hacked telecom firm via Cisco flawsubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/canada-says-salt-typhoon-hacked-telecom-firm-via-cisco-flaw/SH.ITJUST.WORKS
24 JunRussian court releases several REvil ransomware gang members | CyberScoopsubmitted by kid to cybersecurity 1 points | 0 comments https://cyberscoop.com/revil-ransomware-sentence-russia-time-served/SH.ITJUST.WORKS
24 JunAflac-Datenleck: Versicherungsbranche im Visier von Hackernsrcset="https://b2b-contenthub.com/wp-content/uploads/2025/06/shutterstock_2258783191.jpg?quality=50&strip=all 5964w, https://b2b-contenthub.com/wp-content/uploads/2025/06/shutterstock_2258783191.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.c…CSOONLINE.COM
24 JunThe State of Ransomware 2025Explore the causes and consequences of ransomware in 2025 based on findings from a vendor-agnostic survey of 3,400 organizations hit by ransomware in the last year.SOPHOS.COM
24 JunGonjeshke Darande Hackers Pose as Activists to Infiltrate Iranian Crypto ExchangeGonjeshke Darande, a cyber threat actor widely suspected to be an Israeli state-sponsored group masquerading as an Iranian opposition hacktivist entity, executed a devastating attack on Nobitex, Iran’s largest cryptocurrency exchange. This high-profile breach resulted in the dest…GBHACKERS.COM
24 JunAflac, one of the USA’s largest insurers, is the latest to fall “under siege” to hackersThe Wall Street Journal reports that Aflac is investigating a breach that may have exposed claims information, health details, Social Security numbers, and other personal data.GRAHAMCLULEY.COM
24 JunThis One Framework Could Cut Your Response Time in Half" 🛡️🔥 #InfoSecQuickieWhen cybersecurity teams detect a threat, every second counts. In this short, Geoff Cairns explains how the Shared Signals Framework allows systems to exchange real-time risk data—dramatically reducing response times and transforming how identity and security operations collabora…YOUTUBE.COM
24 JunInsider threats, migrating away from cloud, RSAC interviews with Cyera and Blumira - Y... - ESW #411### Segment 1 - Interview with Rob Allen from Threatlocker ### Segment 2 - Topic: Growing Trend - Edge Computing and Hybrid Cloud ### Segment 3 - Interviews from RSAC 2025 __Cyera__ Cyera is the fastest-growing data security company in history, empowering companies to classify, s…YOUTUBE.COM
🕵️ THREAT INTELLIGENCE 33[−]
24 JunTyphoon-like gang slinging TLS certificate 'signed' by LAPDsubmitted by PhilipTheBucket to cybersecurity 1 points | 0 comments https://www.theregister.com/2025/06/23/lapdog_orb_network_attack_campaign/SH.ITJUST.WORKS
24 JunISC Stormcast For Tuesday, June 24th, 2025 https://isc.sans.edu/podcastdetail/9502, (Tue, Jun 24th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
24 JunHoneypot or just vv irresponsible database?submitted by TacoButtPlug to securitynews 1 points | 0 comments This was sent to me but one of my tech illiterate friends. Thoughts on this? Seems sketchy af. The video on TikTok is like, “It’s fun. Add your person.” Being that it’s all federal offense to dox the ice nazis, I’m f…INFOSEC.PUB
24 JunOWASP Launches AI Testing Guide to Uncover Vulnerabilities in AI SystemsAs artificial intelligence (AI) becomes a cornerstone of modern industry, the Open Web Application Security Project (OWASP) has announced the release of its AI Testing Guide—a comprehensive framework designed to help organizations identify and mitigate vulnerabilities unique to A…GBHACKERS.COM
24 JunLapDogs Hackers Compromise 1,000 SOHO Devices Using Custom Backdoor for Stealthy AttacksSecurity researchers at SecurityScorecard have uncovered a sprawling cyber-espionage campaign orchestrated by the LapDogs Operational Relay Box (ORB) Network, a sophisticated infrastructure compromising over 1,000 devices worldwide. Identified as a key tool for China-Nexus threat…GBHACKERS.COM
24 JunPhoto-Stealing Spyware Sneaks Into Apple App Store, Google PlayNewly discovered spyware has sneaked into Apple’s App Store and Google Play to steal images from users’ mobile devices. The post Photo-Stealing Spyware Sneaks Into Apple App Store, Google Play appeared first on SecurityWeek .SECURITYWEEK.COM
24 JunNorth Korean Hackers Use Malicious Zoom Apps to Execute System-Takeover AttacksCybersecurity researchers and targeted individuals have reported a highly sophisticated scam orchestrated by suspected North Korean hackers. This attack, disguised as a legitimate Zoom meeting, leverages advanced social engineering techniques to trick professionals into compromis…GBHACKERS.COM
24 JunChinese APT Hacking Routers to Build Espionage InfrastructureA Chinese APT has been infecting SOHO routers with the ShortLeash backdoor to build stealthy espionage infrastructure. The post Chinese APT Hacking Routers to Build Espionage Infrastructure appeared first on SecurityWeek .SECURITYWEEK.COM
24 JunIdentity Is the New Perimeter: Why Proofing and Verification Are Business ImperativesThe future of secure digital engagement depends on continuous identity verification and proofing that can scale with risk. The post Identity Is the New Perimeter: Why Proofing and Verification Are Business Imperatives appeared first on SecurityWeek .SECURITYWEEK.COM
24 JunPrometei Botnet Activity SpikesPalo Alto Networks has observed a spike in Prometei activity since March 2025, pointing to a resurgence of the botnet. The post Prometei Botnet Activity Spikes appeared first on SecurityWeek .SECURITYWEEK.COM
24 JunHere’s a Subliminal Channel You Haven’t Considered BeforeScientists can manipulate air bubbles trapped in ice to encode messages.SCHNEIER.COM
24 JunUS Warns of Heightened Risk of Iranian Cyber-Attacks After Military St - Infosecurity Magazinesubmitted by kid to cybersecurity 2 points | 0 comments https://www.infosecurity-magazine.com/news/us-risk-iranian-cyber-attacks/SH.ITJUST.WORKS
24 JunCritical Authentication Bypass Flaw Patched in Teleport - SecurityWeeksubmitted by kid to cybersecurity 1 points | 0 comments https://www.securityweek.com/critical-authentication-bypass-flaw-patched-in-teleport/SH.ITJUST.WORKS
24 JunCobalt Strike Operators Leverage PowerShell Loaders Across Chinese, Russian, and Global Infrastructuresubmitted by kid to cybersecurity 1 points | 0 comments https://hunt.io/blog/cobaltstrike-powershell-loader-chinese-russian-infrastructureSH.ITJUST.WORKS
24 JunAPT28 hackers use Signal chats to launch new malware attacks on Ukrainesubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/apt28-hackers-use-signal-chats-to-launch-new-malware-attacks-on-ukraine/SH.ITJUST.WORKS
24 JunThe Biggest Chinese Data Leak "Ever"submitted by kid to cybersecurity 2 points | 0 comments https://spycloud.com/blog/inside-the-chinese-data-leak/SH.ITJUST.WORKS
24 JunPrometei Botnet Activity Spikes - SecurityWeeksubmitted by kid to cybersecurity 1 points | 0 comments https://www.securityweek.com/prometei-botnet-activity-spikes/SH.ITJUST.WORKS
24 JunCyberheistNews Vol 15 #25 Microsoft & KnowBe4 Collab: Strengthen Email Security Through Strategic IntegrationKNOWBE4.COM
24 JunEcho Chamber Jailbreak Tricks LLMs Like OpenAI and Google into Generating Harmful Contentsubmitted by kid to cybersecurity 4 points | 0 comments https://thehackernews.com/2025/06/echo-chamber-jailbreak-tricks-llms-like.htmlSH.ITJUST.WORKS
24 JunSiemens Notifies Customers of Microsoft Defender Antivirus IssueSiemens is working with Microsoft to address a Defender Antivirus problem that can lead to no malware alerts or plant disruptions. The post Siemens Notifies Customers of Microsoft Defender Antivirus Issue appeared first on SecurityWeek .SECURITYWEEK.COM
24 JunEagleSpy v5 RAT Promoted by Hacker for Stealthy Android AccessA notorious threat actor known as “xperttechy” is actively promoting a new version of the EagleSpy remote access Trojan (RAT), dubbed EagleSpy v5, on a prominent dark web forum. Marketed as a “lifetime activated” tool, EagleSpy v5 is raising alarms within the cybersec…GBHACKERS.COM
24 JunWeaponized DMV-Themed Phishing Scam Targets U.S. Citizens to Steal Personal and Financial DataA highly coordinated phishing campaign impersonating various U.S. state Departments of Motor Vehicles (DMVs) has emerged as a significant threat, targeting citizens across multiple states with the intent to harvest personal and financial data. This sophisticated operation employs…GBHACKERS.COM
24 JunHackers Target Over 70 Microsoft Exchange Servers to Steal Credentials via KeyloggersUnidentified threat actors have been observed targeting publicly exposed Microsoft Exchange servers to inject malicious code into the login pages that harvest their credentials. Positive Technologies, in a new analysis published last week, said it identified two different kinds o…THEHACKERNEWS.COM
24 JunNew DRAT V2 Update Enhances C2 Protocol with Shell Command Execution CapabilitiesA new variant of the DRAT remote access trojan (RAT), dubbed DRAT V2, has been uncovered as part of a TAG-140 campaign targeting Indian government entities. This threat actor, believed to overlap with SideCopy and linked to Transparent Tribe (aka APT36), demonstrates a consistent…GBHACKERS.COM
24 JunNew FileFix attack weaponizes Windows File Explorer for stealthy commandssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/filefix-attack-weaponizes-windows-file-explorer-for-stealthy-powershell-commands/SH.ITJUST.WORKS
24 JunMicrosoft is named a Leader in The Forrester Wave™: Security Analytics Platforms, 2025Microsoft is proud to be named a Leader in The Forrester Wave™: Security Analytics Platforms, Q2 2025—which we believe reflects our deep investment in innovation and commitment to support SOC’s critical mission. The post Microsoft is named a Leader in The Forrester Wave™: Securit…MICROSOFT.COM
24 JunCybersecurity Metrics That Actually Get You Paid 💰Most security teams track endless alerts... but that’s not what gets budgets approved. In this short, JP Bourget breaks down how to turn real-world attack data into compelling cybersecurity stories that justify more funding. It’s not about vanity metrics—it’s about showing real i…YOUTUBE.COM
24 JunWhere Top Security Teams Put Their Budget (And Why)Top cybersecurity teams don’t just spend more—they spend smarter. In this short, Michael from CardinalOps breaks down how elite teams choose between detection and prevention based on cost, disruption, and ROI. He also reveals how advanced SOCs use real threat intel to map TTPs, f…YOUTUBE.COM
24 JunSonicWall warns of trojanized NetExtender stealing VPN loginsSonicWall is warning customers that threat actors are distributing a trojanized version of its NetExtender SSL VPN client used to steal VPN credentials. [...]BLEEPINGCOMPUTER.COM
24 JunThe Rise of Malware: Salt Typhoon and Spark Kitty - SWN #488In this episode of Security Weekly News, Doug White discusses various cybersecurity threats, including the Salt Typhoon and Spark Kitty malware, the implications of Microsoft's decision to drop support for old hardware drivers, and the potential increase in cyber threats from Ira…YOUTUBE.COM
24 JunCloud Security, Coffee, and Chaos: A True IT Horror StoryWhen a cloud security pro skips caffeine for a few days, then suddenly downs an early-morning espresso and hits the gym... the results are pure chaos. In this short, cybersecurity veterans Adrian Sanabria and Ayman Elsawah (the self-proclaimed “coffee sommelier”) unpack the wild …YOUTUBE.COM
24 JunLLMs in Courtrooms: Cybersecurity’s New Problem?Could AI become your legal memory in court? In this short, cybersecurity experts debate the strange new reality where Large Language Models (LLMs) might be accepted as a digital extension of the human brain. From augmenting decisions to serving as "external cortexes" in trials, t…YOUTUBE.COM
24 JunDon't panic, but it's only a matter of time before critical 'CitrixBleed 2' is under attacksubmitted by cm0002 to cybersecurity 2 points | 0 comments https://www.theregister.com/2025/06/24/critical_citrix_bug_citrixbleed/INFOSEC.PUB
🌐 CYBER THREAT LANDSCAPE 3[−]
24 JunResearchers Find Way to Shut Down Cryptominer Campaigns Using Bad Shares and XMRogueCybersecurity researchers have detailed two novel methods that can be used to disrupt cryptocurrency mining botnets. The methods take advantage of the design of various common mining topologies in order to shut down the mining process, Akamai said in a new report published today.…THEHACKERNEWS.COM
24 JunHow Today’s Pentest Models Compare and Why Continuous WinsLegacy pentests give you a snapshot. Attackers see a live stream. Sprocket's Continuous Penetration Testing (CPT) mimics real-world attackers—daily, not annually—so you can fix what matters, faster. Learn why CPT is the future. [...]BLEEPINGCOMPUTER.COM
24 JunQuick Password Brute Forcing Evolution Statistics, (Tue, Jun 24th)We have collected SSH and telnet honeypot data in various forms for about 10 years. Yesterday&#;x26;#;39;s diaries, and looking at some new usernames attempted earlier today, made me wonder if botnets just add new usernames or remove old ones from thei…ISC.SANS.EDU
🎙️ PODCASTS 1[−]
24 JunBetween Buzz and Reality: The CTEM Conversation We All NeedI had the honor of hosting the first episode of the Xposure Podcast live from Xposure Summit 2025. And I couldn’t have asked for a better kickoff panel: three cybersecurity leaders who don’t just talk security, they live it. Let me introduce them. Alex Delay, CISO at IDB Bank, kn…THEHACKERNEWS.COM
📡 INFOSEC NEWS 10[−]
24 JunUS bans WhatsApp from House of Representatives staff devicesThe U.S. government has banned WhatsApp from devices used by U.S. House of Representatives staff, saying the app poses potential security risks.TECHCRUNCH.COM
24 JunUS House bans WhatsApp on staff devices over security concernsThe U.S. House of Representatives has banned the installation and use of WhatsApp on government-issued devices belonging to congressional staff, citing concerns over how the app encrypts and secures data. [...]BLEEPINGCOMPUTER.COM
24 JunFileFix attack weaponizes Windows File Explorer for stealthy commandsA cybersecurity researcher has developed FileFix, a variant of the ClickFix social engineering attack that tricks users into executing malicious commands via the File Explorer address bar in Windows. [...]BLEEPINGCOMPUTER.COM
24 JunTrezor’s support platform abused in crypto theft phishing attacksTrezor is alerting users about a phishing campaign that abuses its automated support system to send deceptive emails from its official platform. [...]BLEEPINGCOMPUTER.COM
24 JunMicrosoft fixes known issue that breaks Windows 11 updatesMicrosoft is rolling out a configuration update designed to address a known issue causing Windows Update to fail on some Windows 11 systems. [...]BLEEPINGCOMPUTER.COM
24 JunWindows 10 KB5061087 update released with 13 changes and fixesMicrosoft has released the June 2025 non-security preview update for Windows 10, version 22H2, with fixes for bugs preventing the Start Menu from launching and breaking scanning features on USB multi-function printers. [...]BLEEPINGCOMPUTER.COM
24 JunRoadmap for the migration to post-quantum cryptography for the Government of Canada (ITSM.40.001)CYBER.GC.CA
24 JunGoogle Cloud donates A2A AI protocol to the Linux FoundationGoogle Cloud has donated its Agent2Agent (A2A) protocol to the Linux Foundation, which has now announced a new community-driven project called the Agent2Agent Project. [...]BLEEPINGCOMPUTER.COM
24 JunClaude catches up to ChatGPT with built-in memory supportAI startup Anthorpic is planning to add a memory feature to Claude in a bid to take on ChatGPT, which has an advanced memory feature. [...]BLEEPINGCOMPUTER.COM
24 JunGoogle rolls out text-to-image model Imagen 4 for freeGoogle confirmed that Imagen 4, which is the company's state-of-the-art text-to-image, is rolling out for free, but only on AI Studio. [...]BLEEPINGCOMPUTER.COM