🚨 CISA KEV 1[−]
25 Jun KEVCISA Adds Three Known Exploited Vulnerabilities to CatalogCISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2024-54085 AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability CVE-2024-0769 D-Link DIR-859 Router Path Traversal Vulnerabilit…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 11[−]
25 JunNVIDIA Megatron LM Flaw Allows Attackers to Inject Malicious CodeNVIDIA has issued an urgent security update for its open-source Megatron-LM framework, following the discovery of two critical vulnerabilities that could allow attackers to inject and execute malicious code on affected systems. The flaws, tracked as CVE-2025-23264 and CVE-2025-23…GBHACKERS.COM
25 JunTeamViewer for Windows Vulnerability Lets Hackers Delete Files with SYSTEM RightsA critical security vulnerability has been discovered in TeamViewer Remote Management for Windows, exposing systems to potential privilege escalation attacks. The flaw, tracked as CVE-2025-36537, allows a local unprivileged attacker to delete arbitrary files with SYSTEM-level pri…GBHACKERS.COM
25 JunCentOS Web Panel Vulnerability Allows Remote Code Execution – PoC ReleasedA critical security vulnerability has been discovered in CentOS Web Panel (CWP), a widely used web hosting management solution. The flaw, tracked as CVE-2025-48703, allows unauthenticated attackers to execute arbitrary commands on affected systems, potentially leading to full ser…GBHACKERS.COM
25 JunCritical Kibana Flaws Enable Heap Corruption and Remote Code ExecutionA critical security flaw has been uncovered in Kibana, the popular data visualization platform for the Elastic Stack, exposing organizations to severe risks of heap corruption and potential remote code execution. The vulnerability, tracked as CVE-2025-2135, carries a CVSS v3.1 sc…GBHACKERS.COM
25 JunKubernetes NodeRestriction Flaw Lets Nodes Bypass Resource AuthorizationA critical security vulnerability (CVE-2025-4563) in Kubernetes allows nodes to bypass authorization checks for dynamic resource allocation, potentially enabling privilege escalation in affected clusters. The flaw resides in the NodeRestriction admission controller, which fails t…GBHACKERS.COM
25 JunRealtek Bluetooth Flaw Allows Attackers to Launch DoS Attacks During PairingA critical vulnerability in Realtek’s Bluetooth Low Energy (BLE) implementation enables attackers to launch denial-of-service (DoS) attacks during device pairing. The flaw (CVE-2024-48290) affects Realtek RTL8762E BLE SDK v1.4.0, allowing malicious actors to disrupt connect…GBHACKERS.COM
25 JunSAP GUI flaws expose sensitive data via weak or no encryptionSAP GUI, a trusted interface for hundreds of thousands of global enterprises, has been found to be storing sensitive user data with outdated encryption, potentially allowing data breaches. According to Pathlock researcher Jonathan Stross and Fortinet’s Julian Petersohn, a couple …CSOONLINE.COM
25 JunCitrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data ExposureCybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface (GUI) for Windows and Java that, if successfully exploited, could have enabled attackers to access sensitive information under certain conditions. The vulnerabilities, tracked a…THEHACKERNEWS.COM
25 Jun KEVCitrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADCCitrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-6543, carries a CVSS score of 9.2 out of a maximum of 10.0. It has been described as a case of memory overfl…THEHACKERNEWS.COM
25 JunWinRAR patches bug letting malware launch from extracted archivesWinRAR has addressed a directory traversal vulnerability tracked as CVE-2025-6218 that, under certain circumstances, allows malware to be executed after extracting a malicious archive. [...]BLEEPINGCOMPUTER.COM
25 Jun KEVCitrix warns of NetScaler vulnerability exploited in DoS attacksCitrix is warning that a vulnerability in NetScaler appliances tracked as CVE-2025-6543 is being actively exploited in the wild, causing devices to enter a denial of service condition. [...]BLEEPINGCOMPUTER.COM
⚠️ VULNERABILITY DISCLOSURE 26[−]
25 JunAkamai proposes tool to defang cryptomining botnetsFor years, CSOs have been fighting botnets that are stealing processing power from servers that have been infected with cryptomining malware. Tuesday, cloud computing provider Akamai described a potential solution: a proof-of-concept tool that lets defenders stop miners’ proxy se…CSOONLINE.COM
25 JunNew FileFix Exploit Uses Windows File Explorer to Run Malicious CommandsA newly discovered exploit, dubbed “FileFix,” is raising alarms in the cybersecurity community for its innovative use of Windows File Explorer to execute malicious commands, without ever leaving the web browser. Developed by security researcher mr.d0x, FileFix is a cr…GBHACKERS.COM
25 JunCISA Releases New ICS Advisories Highlighting Ongoing Threats and ExploitsThe Cybersecurity and Infrastructure Security Agency (CISA) has released eight new Industrial Control Systems (ICS) advisories on June 24, 2025, addressing critical vulnerabilities and ongoing threats to essential infrastructure. These advisories provide detailed technical inform…GBHACKERS.COM
25 JunLLMs hype versus reality: What CISOs should focus onFrom risks in AI applications such as poisoned training data and hallucinations, to AI-enabled security, to deep fakes, user error, and novel AI-generated attack techniques, the cybersecurity industry is abuzz with dire security threats that are overwhelming CISOs. For example, d…CSOONLINE.COM
25 JunSchutz vor Cybercrime: Verbraucher werden nachlässigerLaut einer Umfrage des BSI verzichten immer mehr Bürger auf Cyberschutzmaßnahmen. Przemek Klos – shutterstock.com Ein angeblicher Lottogewinn, für den noch Daten fehlen, ein allzu billiges Produkt im Online-Handel, das nie ankommt – oder gar ein Virus. Cybercrime hat viele Facett…CSOONLINE.COM
25 JunThriving Through Volatility: Insights for CISOs - Jeff Pollard & RSAC Interviews - BSW #401In this episode, Mandy Logan, Summer Craze Fowler, Jason Albuquerque, and Jeff Pollard of Forrester discuss the challenges and strategies for CISOs in navigating volatility in the security landscape. They emphasize the importance of building relationships within the organization,…YOUTUBE.COM
25 JunSonicWall NetExtender Trojan and ConnectWise Exploits Used in Remote Access AttacksUnknown threat actors have been distributing a trojanized version of SonicWall's SSL VPN NetExtender application to steal credentials from unsuspecting users who may have installed it. "NetExtender enables remote users to securely connect and run applications on the company netwo…THEHACKERNEWS.COM
25 JunAPT Attackers Leverage Microsoft ClickOnce to Run Malware as Trusted ApplicationsThe Trellix Advanced Research Center has exposed a highly sophisticated Advanced Persistent Threat (APT) malware campaign dubbed “OneClik,” specifically targeting the energy, oil, and gas sectors. This operation, which exhibits traits potentially linked to Chinese-aff…GBHACKERS.COM
25 JunCode Execution Vulnerability Patched in GitHub Enterprise ServerA high-severity vulnerability in GitHub Enterprise Server could have allowed remote attackers to execute arbitrary code. The post Code Execution Vulnerability Patched in GitHub Enterprise Server appeared first on SecurityWeek .SECURITYWEEK.COM
25 JunAkamai Reveals New Strategies for Defenders to Combat Cryptominer AttacksAkamai has unveiled two proactive strategies to disrupt malicious cryptominer operations, as detailed in the final installment of their Cryptominers’ Anatomy blog series. These techniques exploit the inherent design of common mining topologies, focusing on the Stratum protocol an…GBHACKERS.COM
25 JunThreat Actors Manipulate Search Results, Exploit ChatGPT and Luma AI Popularity to Deliver Malicious PayloadsThreat actors are leveraging the soaring popularity of AI tools like ChatGPT and Luma AI to distribute malware through deceptive websites. Zscaler ThreatLabz researchers have uncovered a network of malicious AI-themed sites, often hosted on platforms like WordPress, that exploit …GBHACKERS.COM
25 JunFirefox 140 Launches with Critical Code Execution Bug Fix – Update NowMozilla has officially released Firefox 140, marking a significant update that addresses multiple security vulnerabilities, including a critical code execution flaw. Users are strongly urged to update their browsers immediately to protect against potential exploits targeting thes…GBHACKERS.COM
25 JunThousands of SaaS Apps Could Still Be Susceptible to nOAuthNew research suggests more than 10,000 SaaS apps could remain vulnerable to a nOAuth variant despite the basic issue being disclosed in June 2023. The post Thousands of SaaS Apps Could Still Be Susceptible to nOAuth appeared first on SecurityWeek .SECURITYWEEK.COM
25 JunRansomware: So viel Lösegeld zahlen Unternehmensrcset="https://b2b-contenthub.com/wp-content/uploads/2025/06/shutterstock_2524192439.jpg?quality=50&strip=all 8000w, https://b2b-contenthub.com/wp-content/uploads/2025/06/shutterstock_2524192439.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.c…CSOONLINE.COM
25 JunThis Smart Contract LOOKED Safe… Until It Wasn’t! 🚨Everyone thought this smart contract was secure—no vulnerabilities, no exploits. But then, the funds disappeared. How? The admin had a hidden withdraw function, legally draining everything! Is it a scam, or just bad security? Watch to see how even "safe" contracts can be dangerou…YOUTUBE.COM
25 JunHave Fun Teaching - 27,126 breached accountsIn August 2021, the teaching resources website Have Fun Teaching suffered a data breach that leaked 80k WooCommerce transactions which were later posted to a popular hacking forum. The data contained 27k unique email addresses along with physical and IP addresses, names, payment …HAVEIBEENPWNED.COM
25 JunThreat Actors Distribute Compromised SonicWall SSL VPN NetExtender to Steal Sensitive DataThreat actors were discovered disseminating a malicious, altered version of SonicWall’s SSL VPN NetExtender application in a complex cyberattack that was discovered through a partnership between SonicWall and Microsoft Threat Intelligence (MSTIC). NetExtender, a critical to…GBHACKERS.COM
25 JunIranian Educated Manticore Targets Leading Tech Academicssubmitted by Pro to cybersecurity 2 points | 0 comments https://research.checkpoint.com/2025/iranian-educated-manticore-targets-leading-tech-academics/ Amid ongoing tensions between Iran and Israel, the Iranian threat group Educated Manticore, associated with the Islamic Revoluti…INFOSEC.PUB
25 JunNew 'CitrixBleed 2' NetScaler flaw let hackers hijack sessionsA recent vulnerability in Citrix NetScaler ADC and Gateway is dubbed "CitrixBleed 2," after its similarity to an older exploited flaw that allowed unauthenticated attackers to hijack authentication session cookies from vulnerable devices. [...]BLEEPINGCOMPUTER.COM
25 JunnOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After DiscoveryNew research has uncovered continued risk from a known security weakness in Microsoft's Entra ID, potentially enabling malicious actors to achieve account takeovers in susceptible software-as-a-service (SaaS) applications. Identity security company Semperis, in an analysis of 104…THEHACKERNEWS.COM
25 JunRedirectionGuard: Mitigating unsafe junction traversal in WindowsAs attackers continue to evolve, Microsoft is committed to staying ahead by not only responding to vulnerabilities, but also by anticipating and mitigating entire classes of threats. One such threat, filesystem redirection attacks, has been a persistent vector for privilege escal…MSRC.MICROSOFT.COM
25 JunMisconfigured MCP servers expose AI agent systems to compromiseAgentic AI is on the rise, and Model Context Protocol (MCP) servers are fast proving to be essential tools for providing AI models greater context for reasoning. But security researchers warn that a large number of these publicly shared servers, which link large language models (…CSOONLINE.COM
25 JunMultiple Brother Device Vulnerabilities Allow Attackers to Execute Arbitrary HTTP RequestsA zero-day research project has uncovered eight new vulnerabilities in multifunction printers (MFPs) and related devices from Brother Industries, Ltd., affecting a staggering 748 models across five major vendors, including Brother, FUJIFILM Business Innovation, Ricoh, Toshiba Tec…GBHACKERS.COM
25 JunYou Ever Try Parsing Logs With Zero Docs? Welcome to Hell 🔥When cybersecurity engineer Neil Desai explains what it’s really like to build field extractions without proper documentation, every SOC analyst and SIEM admin feels it. In this short, he reveals the frustrating truth behind dealing with vendors who offer zero support and custome…YOUTUBE.COM
25 JunMultiple Vulnerabilities in Cisco ISE and ISE-PIC Could Allow for Remote Code ExecutionMultiple vulnerabilities have been discovered in Cisco ISE and ISE-PIC that could allow for remote code execution. Cisco Identity Services Engine (ISE) is a security policy management platform that provides secure access to network resources. Successful exploitation of these vuln…CISECURITY.ORG
25 JunRisky Business #797 -- Stuxnet vs Massive Ordnance PenetratorsOn this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news: We roll our eyes over the “16 billion credentials” leak hitting mainstream news Some interesting cyber angles emerge from the conflict in Iran Opensource maintainer of libxml2 is fed up with …RISKY.BIZ
📋 SECURITY BULLETINS 5[−]
25 JunMicrosoft Extends Windows 10 Security Updates for One Year with New Enrollment OptionsMicrosoft on Tuesday announced that it's extending Windows 10 Extended Security Updates (ESU) for an extra year by letting users either pay a small fee of $30 or by sync their PC settings to the cloud. The development comes ahead of the tech giant's upcoming October 14, 2025, dea…THEHACKERNEWS.COM
25 JunChrome Releases Security Patch for 11 Code Execution VulnerabilitiesThe Chrome team has announced the rollout of a critical security update for its popular web browser, Chrome, addressing 11 code execution vulnerabilities that could potentially put millions of users at risk. The update, Chrome 138.0.7204.49 for Linux and 138.0.7204.49/50 for Wind…GBHACKERS.COM
25 JunMicrosoft offers free Windows 10 security updates, but only for consumersMicrosoft’s latest Windows 10 Extended Security Updates announcement reveals a telling double standard: while home users get multiple free pathways to maintain security beyond the October 2025 deadline, enterprises face the same expensive pay-or-migrate ultimatum. The software gi…COMPUTERWORLD.COM
25 JunMicrosoft Extends Windows 10 Security Updates for One Year with New Enrollment Optionssubmitted by kid to cybersecurity 2 points | 0 comments https://thehackernews.com/2025/06/microsoft-extends-windows-10-security.htmlSH.ITJUST.WORKS
25 JunMicrosoft Offers Free Windows 10 Extended Security Update Options as EOS NearsWith end of support scheduled for October 2025, Windows 10 users will be able to continue receiving important security updates. The post Microsoft Offers Free Windows 10 Extended Security Update Options as EOS Nears appeared first on SecurityWeek .SECURITYWEEK.COM
📢 SECURITY ADVISORIES 9[−]
25 JunCISA Publishes Guide to Address Memory Safety Vulnerabilities in Modern Software DevelopmentThe Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the National Security Agency (NSA), has released a comprehensive guide titled “Memory Safe Languages: Reducing Vulnerabilities in Modern Software Development.” Published in June 2025, t…GBHACKERS.COM
🔥 INCIDENT REPORTING 12[−]
25 JunCybersecurity Today: Balancing Trust, Risks, and InnovationsIn this episode of Cybersecurity Today, host Jim Love discusses various pressing issues and trends in the realm of cybersecurity. The episode starts with a revelation from Okta's 2025 Customer Identity Trends report, which highlights the conflicting digital behaviors of Canadians…CYBERSECURITYTODAY.LIBSYN.COM
25 JunMainline Health, Select Medical Each Disclose Data Breaches Impacting 100,000 PeopleMainline Health and Select Medical Holdings have suffered data breaches that affect more than 100,000 individuals. The post Mainline Health, Select Medical Each Disclose Data Breaches Impacting 100,000 People appeared first on SecurityWeek .SECURITYWEEK.COM
25 JunPro-Iranian Hacktivist Group Leaks Personal Records from the 2024 Saudi GamesThousands of personal records allegedly linked to athletes and visitors of the Saudi Games have been published online by a pro-Iranian hacktivist group called Cyber Fattah. Cybersecurity company Resecurity said the breach was announced on Telegram on June 22, 2025, in the form of…THEHACKERNEWS.COM
25 JunYou may qualify for AT&T's $177 million data breach settlement - how to file a claim todaysubmitted by kid to cybersecurity 1 points | 0 comments https://www.zdnet.com/article/you-may-qualify-for-at-ts-177-million-data-breach-settlement-how-to-file-a-claim-today/SH.ITJUST.WORKS
25 JunBreachForums hacking forum operators reportedly arrested in FranceThe French police have reportedly arrested five operators of the BreachForum cybercrime forum, a website used by cybercriminals to leak and sell stolen data that exposed the sensitive information of millions. [...]BLEEPINGCOMPUTER.COM
25 JunRobinsons Malls - 195,597 breached accountsIn June 2024, the Philippines' largest shopping-mall operators Robinsons Malls suffered a data breach stemming from their mobile app . The incident exposed 195k unique email addresses along with names, phone numbers, dates of birth, genders and the user's city and province.HAVEIBEENPWNED.COM
25 JunINTERPOL Cautions of Significant Increase in Cyber Attacks on Western and Eastern AfricaThe INTERPOL 2025 Africa Cyberthreat Assessment Report has raised alarms over a dramatic surge in cybercrime across Africa, with Western and Eastern regions reporting that over 30% of all documented criminal activities are now cyber-related. Two-thirds of INTERPOL’s African membe…GBHACKERS.COM
25 JunHackers Can Bypass Biometrics. Here’s How 😳Most people think fingerprints and facial recognition make their phones secure—but Jackie McGuire explains why that trust might be misplaced. In this short, she breaks down how easily biometric authentication can be compromised if a device is hacked. From retraining new biometric…YOUTUBE.COM
25 JunBeware of Weaponized Wedding Invite Scams Delivering SpyMax RAT to Android DevicesA sophisticated Android phishing campaign, aptly named “Wedding Invitation,” has emerged as a significant threat targeting mobile users across India. According to a detailed report from K7 Computing, this malicious operation leverages the guise of digital wedding invitations to d…GBHACKERS.COM
25 JunEuropol Warns of Social Engineering AttacksSocial engineering remains a primary initial access vector for cybercriminals, according to a new report from Europol.KNOWBE4.COM
25 JunSmashing Security podcast #423: Operation Endgame, deepfakes, and dead slugsIn this episode of the "Smashing Security" podcast, Graham unravels Operation Endgame - the surprisingly stylish police crackdown that is seizing botnets, mocking malware authors with anime videos, and taunting cybercriminals via Telegram. And BBC cyber correspondent Joe Tidy joi…GRAHAMCLULEY.COM
25 JunHackers breach Norwegian damA group of hackers gained remote access to a hydroelectric dam’s control systems in Norway and fully opened a drainage valve, releasing a large amount of water.GRAHAMCLULEY.COM
🕵️ THREAT INTELLIGENCE 35[−]
25 JunISC Stormcast For Wednesday, June 25th, 2025 https://isc.sans.edu/podcastdetail/9504, (Wed, Jun 25th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
25 JunRussian APT Hits Ukrainian Government With New Malware via SignalRussia-linked APT28 deployed new malware against Ukrainian government targets through malicious documents sent via Signal chats. The post Russian APT Hits Ukrainian Government With New Malware via Signal appeared first on SecurityWeek .SECURITYWEEK.COM
25 JunAnthropic won't fix a bug in its SQLite MCP serversubmitted by BrikoX to cybersecurity 1 points | 0 comments https://www.theregister.com/2025/06/25/anthropic_sql_injection_flaw_unfixed/ Fork that - 5k+ timesSH.ITJUST.WORKS
25 JunNorth Korea-linked Supply Chain Attack Targets Developers with 35 Malicious npm PackagesCybersecurity researchers have uncovered a fresh batch of malicious npm packages linked to the ongoing Contagious Interview operation originating from North Korea. According to Socket, the ongoing supply chain attack involves 35 malicious packages that were uploaded from 24 npm a…THEHACKERNEWS.COM
25 JunGoogle Plans to Remove Chrome’s Tab Scrolling FeatureGoogle has decided to deprecate the “Tab Scrolling” feature in its Chrome browser, marking the end of a tool that many users relied on to manage large numbers of open tabs. This feature, previously accessible through a Chrome flag, allowed users to scroll horizontally through the…GBHACKERS.COM
25 JunChrome 138, Firefox 140 Patch Multiple VulnerabilitiesChrome 138 and Firefox 140 are rolling out with fixes for two dozen vulnerabilities, including high-severity memory safety issues. The post Chrome 138, Firefox 140 Patch Multiple Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
25 JunNetNerve: AI-Powered Tool for Deep PCAP Threat DetectionAs cyber threats evolve in sophistication and volume, traditional packet capture (PCAP) analysis tools are struggling to keep pace. Enter NetNerve, an AI-powered platform designed to revolutionize how security professionals, researchers, and students analyze network traffic and d…GBHACKERS.COM
25 JunWhy Sincerity Is a Strategic Asset in CybersecurityStrong security doesn’t just rely on tools—it starts with trust, clarity, and sincerity from the top down. The post Why Sincerity Is a Strategic Asset in Cybersecurity appeared first on SecurityWeek .SECURITYWEEK.COM
25 JunWhat LLMs Know About Their UsersSimon Willison talks about ChatGPT’s new memory dossier feature. In his explanation, he illustrates how much the LLM—and the company—knows about its users. It’s a big quote, but I want you to read it all. Here’s a prompt you can use to give you a sol…SCHNEIER.COM
25 JunNew Vulnerabilities Expose Millions of Brother Printers to HackingRapid7 has found several serious vulnerabilities affecting over 700 printer models from Brother and other vendors. The post New Vulnerabilities Expose Millions of Brother Printers to Hacking appeared first on SecurityWeek .SECURITYWEEK.COM
25 JunSonicWall Warns of Trojanized NetExtender Stealing User InformationSonicWall says a modified version of the legitimate NetExtender application contains information-stealing code. The post SonicWall Warns of Trojanized NetExtender Stealing User Information appeared first on SecurityWeek .SECURITYWEEK.COM
25 JunLeak of data belonging to 7.4 million Paraguayans traced back to infostealers | The Record from Recorded Future Newssubmitted by kid to cybersecurity 1 points | 0 comments https://therecord.media/data-leak-paraguayan-millions-infostealerSH.ITJUST.WORKS
25 JunMalware Campaign Uses Rogue WordPress Plugin to Skim Credit Cards - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/rogue-wordpress-plugin-skim-credit/SH.ITJUST.WORKS
25 JunCritical Meshtastic Flaw Allows Attackers to Decrypt Private Messagessubmitted by kid to cybersecurity 3 points | 0 comments https://gbhackers.com/critical-meshtastic-flaw/SH.ITJUST.WORKS
25 JunHackers Abuse ConnectWise to Hide MalwareG Data has observed a surge in malware infections originating from ConnectWise applications with modified certificate tables. The post Hackers Abuse ConnectWise to Hide Malware appeared first on SecurityWeek .SECURITYWEEK.COM
25 JunSonicWall warns of trojanized NetExtender stealing VPN loginssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-trojanized-netextender-stealing-vpn-logins/SH.ITJUST.WORKS
25 JunIn the Wild: Malware Prototype with Embedded Prompt Injectionsubmitted by Pro to cybersecurity 1 points | 0 comments https://research.checkpoint.com/2025/ai-evasion-prompt-injection/INFOSEC.PUB
25 JunIn the Wild: Malware Prototype with Embedded Prompt Injectionsubmitted by Pro to cybersecurity 1 points | 0 comments https://research.checkpoint.com/2025/ai-evasion-prompt-injection/SH.ITJUST.WORKS
25 JunWindows 11 Configuration Bug Freezes Update Scanning ProcessA recently discovered bug in Windows 11 has caused significant frustration among users, as the operating system’s update scanning process can freeze unexpectedly, leaving systems unable to check for or install critical updates. Microsoft has officially acknowledged the issu…GBHACKERS.COM
25 JunNorth Korea-linked Supply Chain Attack Targets Developers with 35 Malicious npm Packagessubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2025/06/north-korea-linked-supply-chain-attack.htmlSH.ITJUST.WORKS
25 JunIntroducing FileFix – A New Alternative to ClickFix Attackssubmitted by kid to cybersecurity 2 points | 0 comments https://www.mobile-hacker.com/2025/06/24/introducing-filefix-a-new-alternative-to-clickfix-attacks/SH.ITJUST.WORKS
25 JunHacktivist Groups Target U.S. Companies and Military Domains in Retaliation for Iran AttacksThe United States has become a popular target for hacktivist groups in the escalating Israel-Iran conflict, following U.S. attacks on Iranian nuclear sites on June 21, 2025. Several pro-Iranian hacktivist collectives, including Mr Hamza, Team 313, Cyber Jihad, and Keymous+, have …GBHACKERS.COM
25 JunWe’ve Been Teaching Cybersecurity All Wrong 😬Cybersecurity expert Jinan Budge and Ben Carr drop a truth bomb on traditional phishing training – and it's making waves. 😬 For years, companies have been obsessing over phishing simulations like it’s the only way to teach cybersecurity. But what if that’s all wrong? In this eye-…YOUTUBE.COM
25 JunThe $0 Python Stack That Automated 110 Cyber Tools! 🔥He built a Python-powered automation stack that connected over 110 cybersecurity and IT tools—and he did it with zero budget. What started as a side project turned into a full-scale integration ecosystem, solving massive data ingest issues for MSSPs and enterprise security vendor…YOUTUBE.COM
25 JunMITRE ATT&CK Overwhelms Even Smart Analysts 😵Even experienced cybersecurity professionals struggle with the MITRE ATT&CK framework. In this short, Michael from CardinalOps breaks down why so many smart analysts feel overwhelmed and what they’re doing wrong. Instead of mapping every single tactic and technique, he explai…YOUTUBE.COM
25 JunWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
25 JunMicrosoft Named a Leader in the 2025 IDC CNAPP MarketScape: Key Takeaways for Security BuyersThe cloud-native application protection platform (CNAPP) market continues to evolve rapidly as organizations look to secure increasingly complex cloud environments. In the recently published 2025 IDC MarketScape for Worldwide CNAPP, Microsoft has been recognized as a Leader, reaf…TECHCOMMUNITY.MICROSOFT.COM
25 JunChart Your SASE Transformation with Prisma SD-WANSuccessful SASE transformations often require balancing both network-led and security-led transformation priorities for a fully integrated solution. The post Chart Your SASE Transformation with Prisma SD-WAN appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
25 JunThis Is the New “Fuzzing” – But for AI Security 😳Cybersecurity pros, this one's for you. 🔐 In this short, Keith Hoodlet breaks down a jaw-dropping comparison between the rise of fuzzing in the early 2000s and what’s happening now with AI in AppSec. Inspired by Dave Aitel’s legendary take on doing what no one else was — fuzzing …YOUTUBE.COM
25 JunNorth Korean Hackers Pose as Recruiters, Target Developers with 35 New Malicious npm PackagesA new cyber campaign orchestrated by North Korean threat actors has been exposed by the Socket Threat Research Team, revealing a sophisticated supply chain attack targeting software developers through the npm registry. Linked to the Contagious Interview operation, these adversari…GBHACKERS.COM
25 JunNew wave of ‘fake interviews’ use 35 npm packages to spread malwareA new wave of North Korea's 'Contagious Interview' campaign is targeting job seekers with malicious npm packages that infect dev's devices with infostealers and backdoors. [...]BLEEPINGCOMPUTER.COM
25 JunNew Malware Discovered Using Prompt Injection to Manipulate AI Models in the WildResearchers have uncovered a new malware sample in the wild that employs a unique and unconventional evasion tactic: prompt injection aimed at manipulating AI models used in malware analysis. Dubbed “Skynet” by its creator, this malware, discovered in early June 2025 …GBHACKERS.COM
25 JunCan AI Really Handle 14,000 Tabs?Ever seen a SOC analyst’s screen? It's chaos—dozens of monitors, 14,000 Chrome tabs, and enough RAM drain to power a dam. In this clip, cybersecurity expert Joshua Marpet breaks down the real issue with trusting LLMs (Large Language Models) for threat analysis. While they’re grea…YOUTUBE.COM
25 JunHackers turn ScreenConnect into malware using Authenticode stuffingThreat actors are abusing the ConnectWise ScreenConnect installer to build signed remote access malware by modifying hidden settings within the client's Authenticode signature. [...]BLEEPINGCOMPUTER.COM
25 JunForget Leadership—Start Being HUMAN.In this short, cybersecurity expert Evgeniy Kharam challenges the idea that soft skills are just for leaders. He breaks down why even pen testers, programmers, and engineers need strong communication and emotional intelligence to thrive. It's not about leading—it's about being hu…YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
25 JunHackers abuse Microsoft ClickOnce and AWS services for stealthy attacksA sophisticated malicious campaign that researchers call OneClik has been leveraging Microsoft's ClickOnce software deployment tool and custom Golang backdoors to compromise organizations within the energy, oil, and gas sectors. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 9[−]
25 JunNew U.S. Visa Rule Requires Applicants to Set Social Media Account Privacy to PublicThe United States Embassy in India has announced that applicants for F, M, and J nonimmigrant visas should make their social media accounts public. The new guideline seeks to help officials verify the identity and eligibility of applicants under U.S. law. The U.S. Embassy said ev…THEHACKERNEWS.COM
25 JunCybercrime is surging across AfricaA new INTERPOL report has sounded the alarm over a dramatic increase in cybercrime across Africa, with digital crime now accounting for a significant proportional of all criminal activity across the continent. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
25 JunBeware the Hidden Risk in Your Entra EnvironmentIf you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk. A gap in access control in Microsoft Entra’s subscription handling is allowing guest users to create and transfer subscriptions into the tenant they are invited into, w…THEHACKERNEWS.COM
25 JunRing cameras and doorbells now use AI to provide specific descriptions of motion activityRing gets a new AI-powered feature that offers users specific text descriptions of current motion activity.TECHCRUNCH.COM
25 JunKaspersky's FAQ on using and managing passkeys | Kaspersky official blogLearn how to create, use, store, sync, and secure passkeys across different platforms in 2025.KASPERSKY.COM
25 JunGoogle releases Gemini CLI with free Gemini 2.5 ProGoogle has released Gemini 2.5 Pro-powered Gemini CLI, which allows you to use Gemini inside your terminal, including Windows Terminal. [...]BLEEPINGCOMPUTER.COM
25 JunBritish hacker 'IntelBroker' charged with $25M in cybercrime damagesA British national known online as "IntelBroker" has been charged by the U.S. for stealing and selling sensitive data from dozens of victims, causing an estimated $25 million in damages. [...]BLEEPINGCOMPUTER.COM
25 JunThe State of Post-Quantum Crypto (PQC) on the WebWe analyze the world’s most popular websites and most widely used web browsers to determine the current state of PQC adoption on the web.F5.COM
25 JunApple Wallet just went full Bono (but with Brad Pitt this time)Apple has spammed millions of iPhones with a promotion for Brad Pitt's new (Apple-backed) F1 movie.GRAHAMCLULEY.COM