🐛 COMMON VULNERABILITIES AND EXPOSURES 10[−]
27 Jun KEVCisco warns of critical API vulnerabilities in ISE and ISE-PICCSOs are being urged to quickly patch multiple vulnerabilities in Cisco Systems Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) that could allow an unauthenticated, remote attacker to issue commands on the underlying operating system as the root …CSOONLINE.COM
27 JunPre-Auth Flaw in MongoDB Server Allows Attackers to Cause DoSA critical pre-authentication vulnerability (CVE-2025-6709) in MongoDB Server enables unauthenticated attackers to trigger denial-of-service (DoS) conditions by exploiting improper input validation in OIDC authentication. The flaw allows malicious actors to crash database servers…GBHACKERS.COM
27 JunMitsubishi Electric AC Flaw Lets Hackers Remotely Control SystemsA critical security vulnerability has been discovered in multiple Mitsubishi Electric air conditioning systems, potentially allowing hackers to bypass authentication and remotely control affected units. The flaw, identified as CVE-2025-3699, was disclosed by Mitsubishi Electric o…GBHACKERS.COM
27 JunAuthoritarian states increasingly leveraging non-state cyber capabilities to expand their operational reach, challenging conventional distinctions between state and non-state activity | Studysubmitted by Hotznplotzn to cybersecurity 1 points | 0 comments https://www.swp-berlin.org/publikation/hand-and-glove-how-authoritarian-cyber-operations-leverage-non-state-capabilities cross-posted from: lemmy.sdf.org/post/37521781 Historically, Western assessments of cyber threa…INFOSEC.PUB
27 JunAuthoritarian states increasingly leveraging non-state cyber capabilities to expand their operational reach, challenging conventional distinctions between state and non-state activity | Studysubmitted by Hotznplotzn to cybersecurity 1 points | 0 comments https://www.swp-berlin.org/publikation/hand-and-glove-how-authoritarian-cyber-operations-leverage-non-state-capabilities Historically, Western assessments of cyber threats have concentrated on state adversaries. Mor…SH.ITJUST.WORKS
27 Jun KEVEvidence Suggests Exploitation of CitrixBleed 2 VulnerabilityThe Citrix NetScaler vulnerability tracked as CitrixBleed 2 and CVE-2025–5777 may be exploited in the wild for initial access. The post Evidence Suggests Exploitation of CitrixBleed 2 Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
27 JunHunt Electronic DVR Vulnerability Leaves Admin Credentials UnprotectedA newly disclosed critical vulnerability in Hunt Electronics’ hybrid DVRs has left thousands of surveillance systems dangerously exposed, with administrator credentials accessible in plaintext to anyone on the internet. Security researchers have assigned this flaw the identifier …GBHACKERS.COM
27 JunCritical Citrix Bleed 2 flaw now likely exploited in attacksA critical NetScaler ADC and Gateway vulnerability dubbed "Citrix Bleed 2" (CVE-2025-5777) is now likely exploited in attacks, according to cybersecurity firm ReliaQuest, seeing an increase in suspicious sessions on Citrix devices. [...]BLEEPINGCOMPUTER.COM
27 JunCitrix Bleed 2 flaw now believed to be exploited in attacksA critical NetScaler ADC and Gateway vulnerability dubbed "Citrix Bleed 2" (CVE-2025-5777) is now likely exploited in attacks, according to cybersecurity firm ReliaQuest, seeing an increase in suspicious sessions on Citrix devices. [...]BLEEPINGCOMPUTER.COM
27 JunSome Brother printers have a remote code execution vulnerability, and they can’t fix itBrother Industries is grappling with a critical authentication bypass vulnerability affecting hundreds of different printer models, many of them used in enterprises, allowing unauthenticated remote code execution (RCE) on the devices when chained with another flaw. The admin pass…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 20[−]
27 JunDon’t trust that email: It could be from a hacker using your printer to scam youPrinters and scanners are increasingly becoming ways for cyber crooks to deliver phishing attacks, thanks to a flaw in the Microsoft 365 Direct Send feature. The Varonis forensics team has uncovered an exploit which allows internal devices such as printers to send emails without …CSOONLINE.COM
27 JunOpen VSX Marketplace Flaw Enables Millions of Developers at Risk of Supply Chain AttacksA newly disclosed critical vulnerability in the Open VSX Registry, the open-source marketplace for Visual Studio Code (VS Code) extensions, has put millions of developers worldwide at risk of devastating supply chain attacks. The flaw, discovered by cybersecurity researchers at K…GBHACKERS.COM
27 JunUniversity Student Charged for Alleged Hacking and Data TheftA 27-year-old former student of Western Sydney University has been charged with a string of cyber offences, following an extensive investigation into a series of cyber attacks that have plagued the institution since 2021. The arrest comes after a coordinated operation by the NSW …GBHACKERS.COM
27 Jun6 key trends redefining the XDR marketThe extended detection and response (XDR) market is experiencing significant growth, driven by escalating cybersecurity threats and the need for enterprises to integrate disparate security technologies into one platform. By integrating technologies such as endpoint detection and …CSOONLINE.COM
27 JunMax Severity Flaws, Massive Exploits, and AI Security: A Cybersecurity BriefingIn this episode of 'Cybersecurity Today,' host Jim Love discusses urgent cybersecurity threats and concerns. Cisco has issued emergency patches for two maximum severity vulnerabilities in its Identity Services Engine (ISE) that could allow complete network takeover; organizations…CYBERSECURITYTODAY.LIBSYN.COM
27 JunVulnerability Exposed All Open VSX Repositories to TakeoverA vulnerability in the extension publishing mechanism of Open VSX could have allowed attackers to tamper with any repository. The post Vulnerability Exposed All Open VSX Repositories to Takeover appeared first on SecurityWeek .SECURITYWEEK.COM
27 JunMOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are TargetedThreat intelligence firm GreyNoise is warning of a "notable surge" in scanning activity targeting Progress MOVEit Transfer systems starting May 27, 2025—suggesting that attackers may be preparing for another mass exploitation campaign or probing for unpatched systems.MOVEit Trans…THEHACKERNEWS.COM
27 JunAPT-C-36 Hackers Launching Cyberattacks on Government Entities, Financial Sectors, and Critical SystemsThe cyber threat group APT-C-36, widely known as Blind Eagle, has been orchestrating sophisticated cyberattacks targeting a range of sectors across Latin America, with a pronounced focus on Colombian organizations. This group has consistently zeroed in on government institutions,…GBHACKERS.COM
27 JunMultiple Vulnerabilities in Citrix Products Could Allow For Disclosure Of Sensitive DataMultiple vulnerabilities have been discovered in Citrix products, the most severe of which could allow disclosure of sensitive data. Citrix ADC performs application-specific traffic analysis to intelligently distribute, optimize, and secure Layer 4 - Layer 7 network traffic for w…CISECURITY.ORG
27 JunClickFix Attacks Soar by 500%: Hackers Intensify Use of This Manipulative Technique to Deceive UsersA novel social engineering technique dubbed “ClickFix” has surged by an alarming 517% between the second half of 2024 and the first half of 2025, as reported by ESET telemetry data. This manipulative attack vector, now the second most prevalent after phishing, exploit…GBHACKERS.COM
27 JunBusiness Case for Agentic AI SOC AnalystsSecurity operations centers (SOCs) are under pressure from both sides: threats are growing more complex and frequent, while security budgets are no longer keeping pace. Today’s security leaders are expected to reduce risk and deliver results without relying on larger teams or inc…THEHACKERNEWS.COM
27 JunChinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden RootkitA new campaign has been observed leveraging fake websites advertising popular software such as WPS Office, Sogou, and DeepSeek to deliver Sainbox RAT and the open-source Hidden rootkit. The activity has been attributed with medium confidence to a Chinese hacking group called Silv…THEHACKERNEWS.COM
27 JunThe rise of the compliance super soldier: A new human-AI paradigm in GRCAs generative artificial intelligence (genAI) redefines enterprise operations, governance, risk and compliance (GRC) functions sit at the intersection of transformation and accountability. The common narrative focuses on “effort reduction” — how many hours automation can reclaim.…CSOONLINE.COM
27 JunHawaiian Airlines Targeted in Cyberattack, Systems CompromisedHawaiian Airlines is responding to a significant cybersecurity incident that has disrupted parts of its information technology infrastructure, the company confirmed Thursday. While the full extent and nature of the attack remain undisclosed, the airline emphasized that flight ope…GBHACKERS.COM
27 JunMicrosoft-Lücke ermöglicht E-Mail-Versand ohne AuthentifizierungDrucker und Scanner werden dank einer Schwachstelle in der Microsoft 365 Direct Send-Funktion zunehmend zu Mitteln für Hacker, um Phishing-Angriffe durchzuführen. FabrikaSimf – shutterstock.com Das Forensik-Team von Varonis hat eine Schwachstelle entdeckt, die es internen Geräten…CSOONLINE.COM
27 JunSTRATEGIC REEL: APIs are the new perimeter — and business logic attacks are slipping throughAPIs have become the digital glue of the enterprise — and attackers know it. Related: API security – the big picture In this debut edition of the Last Watchdog Strategic Reel (LWSR), A10 Networks ’ Field CISO Jamison Utter cuts … (more…) The post STRATEGIC REEL: APIs …LASTWATCHDOG.COM
27 JunUnveiling RIFT: Enhancing Rust malware analysis through pattern matchingThreat actors are adopting Rust for malware development. RIFT, an open-source tool, helps reverse engineers analyze Rust malware, solving challenges in the security industry. The post Unveiling RIFT: Enhancing Rust malware analysis through pattern matching appeared first on Micro…MICROSOFT.COM
27 JunExploitation of Microsoft 365 Direct Send to Deliver Phishing Emails as Internal UsersA sophisticated phishing campaign targeting over 70 organizations, predominantly in the US, has been uncovered by Varonis’ Managed Data Detection and Response (MDDR) Forensics team. This campaign, active since May 2025, exploits a lesser-known feature of Microsoft 365 called Dire…GBHACKERS.COM
27 JunIs Vuln Management Dead? - HD Moore - PSW #880This conversation explores the intersection of cybersecurity and emerging technologies, focusing on innovative hacking techniques, the evolution of vulnerability management, and the critical importance of asset discovery. The discussion also delves into the implications of cyber …YOUTUBE.COM
27 JunThreat Actors Leverage Windows Task Scheduler to Embed Malware and Maintain PersistenceA comprehensive follow-up analysis to the FortiGuard Incident Response Team’s (FGIR) investigation titled “Intrusion into Middle East Critical National Infrastructure” has revealed a protracted cyberattack that targeted critical national infrastructure (CNI) in …GBHACKERS.COM
📢 SECURITY ADVISORIES 4[−]
27 JunSecurity Advisory: Airoha-based Bluetooth Headphones and Earbudssubmitted by Branquinho to cybersecurity 2 points | 0 comments https://insinuator.net/2025/06/airoha-bluetooth-security-vulnerabilities/ Security researchers found that probably millions of Bluetooth headphones are vulnerable to an attack that lets others read data from the headp…SH.ITJUST.WORKS
🔥 INCIDENT REPORTING 14[−]
27 JunKansas City Man Pleads Guilty After Hacking to Promote His Cybersecurity ServicesA Kansas City man has pleaded guilty to federal charges after admitting he hacked into the computer systems of multiple organizations in an attempt to promote his cybersecurity services, according to the U.S. Department of Justice. Nicholas Michael Kloster, 32, was indicted last …GBHACKERS.COM
27 JunHawaiian Airlines discloses cyberattack, flights not affectedHawaiian Airlines, the tenth-largest commercial airline in the United States, is investigating a cyberattack that has disrupted access to some of its systems. [...]BLEEPINGCOMPUTER.COM
27 JunWhole Foods supplier UNFI restores core systems after cyberattackAmerican grocery wholesale giant United Natural Foods (UNFI) reports that it has restored its core systems and brought online the electronic ordering and invoicing systems affected by a cyberattack. [...]BLEEPINGCOMPUTER.COM
27 JunRetail giant Ahold Delhaize says data breach affects 2.2 million peopleAhold Delhaize, one of the world's largest food retail chains, is notifying over 2.2 million individuals that their personal, financial, and health information was stolen in a November ransomware attack that impacted its U.S. systems. [...]BLEEPINGCOMPUTER.COM
27 JunThe Age of IntegrityWe need to talk about data integrity. Narrowly, the term refers to ensuring that data isn’t tampered with, either in transit or in storage. Manipulating account balances in bank databases, removing entries from criminal records, and murder by removing notations about allergies fr…SCHNEIER.COM
27 JunSupply Chain Incident Imperils Glasgow Council Services and Data - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/supply-chain-imperils-glasgow/SH.ITJUST.WORKS
27 JunHawaiian Airlines suffers massive IT outage, ransomware attack suspected | Cybernewssubmitted by kid to cybersecurity 1 points | 0 comments https://cybernews.com/news/hawaiian-airlines-it-outage-ransomware-attack-suspected/SH.ITJUST.WORKS
27 JunLeeds United And Reflectiz Partner To Share Insights On Proactive Web Security After Cyber AttackLeeds, UK, June 27th, 2025, CyberNewsWire – Leeds United FC, a globally recognized football club, and Reflectiz, a leading provider ofproactive web security, today announced an upcoming webinar titled “Beyond the Breach:How Leeds United Achieved Proactive Web Security…GBHACKERS.COM
27 JunSafePay ransomware: What you need to knowSafePay is a relatively new ransomware that is making a big impact. Find out how it is different from other ransomware, and read more in my article on the Fortra blog.FORTRA.COM
27 JunIn Other News: Norway Dam Hacked, $177M Data Breach Settlement, UNFI Attack UpdateNoteworthy stories that might have slipped under the radar: Norwegian dam hacked, AT&T agrees to $177 million data breach settlement, Whole Foods distributor restores systems after attack. The post In Other News: Norway Dam Hacked, $177M Data Breach Settlement, UNFI Attack U…SECURITYWEEK.COM
27 JunOver 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage CampaignThreat hunters have discovered a network of more than 1,000 compromised small office and home office (SOHO) devices that have been used to facilitate a prolonged cyber espionage infrastructure campaign for China-nexus hacking groups. The Operational Relay Box (ORB) network has be…THEHACKERNEWS.COM
27 JunThreat Intel Is Useless Unless You Do THIS 🔍Most security teams collect threat intelligence… but never use it effectively. In this short, Michael from CardinalOps drops a truth bomb for cybersecurity pros: it’s not just what you know, but how you prioritize and act on it. He explains why knowing what’s happening to similar…YOUTUBE.COM
27 JunUS Tech Executives Cite Cyberattacks as Their Top ConcernA new survey has found that 64% of C-Suite executives in cybersecurity or data center roles view data breaches and ransomware attacks as the top threat to companies over the next decade.KNOWBE4.COM
27 JunOne Password… Shared for DECADES! 🧠Everyone used the same password for the FTP server... for decades. Adrian Sanabria and Paul Nguyen uncover a mind-blowing reality in cybersecurity: legacy systems with zero identity tracking and passwords nobody ever rotates. This isn't just a tech debt—it's a silent threat lurki…YOUTUBE.COM
🕵️ THREAT INTELLIGENCE 30[−]
27 JunISC Stormcast For Friday, June 27th, 2025 https://isc.sans.edu/podcastdetail/9508, (Fri, Jun 27th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
27 JunOff-Topic Fridaysubmitted by shellsharks to cybersecurity 1 points | 0 comments Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)INFOSEC.PUB
27 JunOneClik Malware Targets Energy Sector Using Microsoft ClickOnce and Golang BackdoorsCybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsoft's ClickOnce software deployment technology and bespoke Golang backdoors to compromise organizations within the energy, oil, and gas sectors. "The campaign exhibits characteristics align…THEHACKERNEWS.COM
27 JunMicrosoft 365 Direct Send Abused for PhishingHackers are abusing the Microsoft 365 Direct Send feature to deliver phishing emails that bypass email security controls. The post Microsoft 365 Direct Send Abused for Phishing appeared first on SecurityWeek .SECURITYWEEK.COM
27 JunWindows Says Goodbye to Blue Screen of Death, Introduces Black ScreenAfter nearly four decades as a symbol of frustration and failure for PC users worldwide, Microsoft is officially retiring the iconic Blue Screen of Death (BSOD) in favor of a new, sleeker Black Screen of Death. The change, set to roll out later this summer with Windows 11 version…GBHACKERS.COM
27 JunChinese Hackers Target Chinese Users With RAT, RootkitChina-linked Silver Fox hacking group is targeting Chinese users with fake installers carrying a RAT and a rootkit. The post Chinese Hackers Target Chinese Users With RAT, Rootkit appeared first on SecurityWeek .SECURITYWEEK.COM
27 JunRevEng.ai Raises $4.15 Million to Secure Software Supply ChainRevEng.ai has raised $4.15 million in seed funding for an AI platform that automatically detects malicious code and vulnerabilities in software. The post RevEng.ai Raises $4.15 Million to Secure Software Supply Chain appeared first on SecurityWeek .SECURITYWEEK.COM
27 JunODYSSEY STEALER : THE REBRAND OF POSEIDON STEALER - CYFIRMAsubmitted by kid to cybersecurity 1 points | 0 comments https://www.cyfirma.com/research/odyssey-stealer-the-rebrand-of-poseidon-stealer/SH.ITJUST.WORKS
27 JunMicrosoft to Preview New Windows Endpoint Security Platform After CrowdStrike OutageMicrosoft is preparing a private preview of new Windows endpoint security platform capabilities to help antimalware vendors create solutions that run outside the kernel. The post Microsoft to Preview New Windows Endpoint Security Platform After CrowdStrike Outage appeared first o…SECURITYWEEK.COM
27 JunLet’s Encrypt Launches 6-Day Certificates for IP-Based SSL EncryptionLet’s Encrypt, the world-renowned free Certificate Authority (CA), is on the verge of a significant milestone: issuing SSL/TLS certificates for IP addresses, a long-awaited feature that promises to enhance security for a broader range of internet-connected devices and services. I…GBHACKERS.COM
27 JunPatient Death Linked to NHS Cyber-Attack - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/patient-death-linked-nhs-cyber/SH.ITJUST.WORKS
27 JunJust a moment...submitted by kid to cybersecurity 1 points | 0 comments https://socket.dev/blog/north-korean-contagious-interview-campaign-drops-35-new-malicious-npm-packagesSH.ITJUST.WORKS
27 JunMicrosoft 365 'Direct Send' abused to send phishing as internal userssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/microsoft-365-direct-send-abused-to-send-phishing-as-internal-users/SH.ITJUST.WORKS
27 JunHackers abuse Microsoft ClickOnce and AWS services for stealthy attackssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/oneclik-attacks-use-microsoft-clickonce-and-aws-to-target-energy-sector/SH.ITJUST.WORKS
27 JunMicrosoft Teams to Auto-Detect Work Location Using Company Wi-FiMicrosoft Teams is set to introduce a new feature that will automatically detect and set users’ work locations when they connect to their organization’s Wi-Fi network, marking a significant step forward in streamlining the hybrid workplace experience. The feature, scheduled for g…GBHACKERS.COM
27 JunYour KnowBe4 Fresh Content Updates from June 2025Check out the 33 new pieces of training content added in June, alongside the always fresh content update highlights, new features and events.KNOWBE4.COM
27 JunPUBLOAD and Pubshell Malware Used in Mustang Panda's Tibet-Specific AttackA China-linked threat actor known as Mustang Panda has been attributed to a new cyber espionage campaign directed against the Tibetan community. The spear-phishing attacks leveraged topics related to Tibet, such as the 9th World Parliamentarians' Convention on Tibet (WPCT), China…THEHACKERNEWS.COM
27 JunWhy Ethereum Hates Rust (And Solana Loves It!)The battle between Solidity and Rust is heating up! 🔥 Ethereum developers swear by Solidity, but Rust is taking over blockchains like Solana, Near, and Polkadot. While Rust boasts better memory management and security, Solidity remains the king of Ethereum Virtual Machines (EVMs)…YOUTUBE.COM
27 JunNew Cyber Workflows = New People, New ProblemsCybersecurity has evolved—and Jinan Budge breaks down how modern platforms are nothing like what we saw just a few years ago. With complex workflows, smart triggers, and ever-changing skill demands, the real question is: who’s actually equipped to manage these tools now? Even ven…YOUTUBE.COM
27 JunWindows’ Infamous ‘Blue Screen of Death’ Will Soon Turn BlackAfter more than 40 years of being set against a very recognizable blue, the updated error message will soon be displayed across a black background. The post Windows’ Infamous ‘Blue Screen of Death’ Will Soon Turn Black appeared first on SecurityWeek .SECURITYWEEK.COM
27 JunThis Cybersecurity Ritual is WILDER Than DEF CONBefore DEF CON even kicks off, cybersecurity pros like JP Bourget gather at 6:37 AM—not to code, not to hack, but to ride. 🚴♂️ In this unreal pre-conference ritual, 50 to 70 hackers rent bikes, hit the Vegas streets, and ride 25 miles to Red Rock Canyon. Tandems, scenic overlook…YOUTUBE.COM
27 JunHumans or Machines? Identity in the Age of AIIn a world where AI is evolving fast, cybersecurity expert Geoff Cairns explains the blurred line between human and machine identities. This YouTube Short dives into how autonomous AI agents are shifting from simple bots to complex decision-makers acting on behalf of real people.…YOUTUBE.COM
27 JunCriminals Posing as Legitimate Health Insurers and Fraud Investigators to Commit Health Care Fraudsubmitted by Pro to cybersecurity 2 points | 0 comments https://www.ic3.gov/PSA/2025/PSA250627INFOSEC.PUB
27 JunFrom Cyber Threats to Seafood Regrets in IbizaWhile most cybersecurity professionals spend their time dodging digital threats, Jackie and Adrian reveal an unexpected memory: hungover paella in Ibiza. This short dives into a hilarious moment of contrast between cyber defense and seafood indulgence under the Spanish sun. It’s …YOUTUBE.COM
27 Junmommy Access Brokersubmitted by Pro to cybersecurity 1 points | 0 comments https://intel471.com/blog/mommy-access-brokerINFOSEC.PUB
27 JunThreat Actors Use Clickfix Tactics to Deploy Malicious AppleScripts for Stealing Login CredentialsIn a recent discovery by the CYFIRMA research team, a sophisticated malware campaign dubbed Odyssey Stealer has been uncovered, targeting macOS users through a deceptive method known as Clickfix tactics. This campaign leverages typosquatted domains malicious websites mimicking le…GBHACKERS.COM
27 JunRiverside.fm = 100% Adult?! AI Said So 💥When cybersecurity expert Rob Allen asked an AI to classify Riverside.fm, the response? "100% adult content." 🤯 What followed was a hilarious chain of increasingly confident wrong answers from the AI. This short exposes the sometimes absurd — and dangerous — ways large language m…YOUTUBE.COM
27 JunCybersecurity Just Got Sci-Fi… And I’m Going.Adrian Sanabria is headed to Identiverse 2025 in Las Vegas — but this year, it’s not just another cybersecurity event. With over 3,000 identity pros and a mysterious new “Non-Human Identity Pavilion,” things are feeling more Star Wars than InfoSec. Will there be robots? AI? Alien…YOUTUBE.COM
27 JunFriday Squid Blogging: What to Do When You Find a Squid “Egg Mop”Tips on what to do if you find a mop of squid eggs. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.SCHNEIER.COM
27 JunBroadcom, Direct Send, N0auth, UNFI, Cisco, Oneclik, Russ Beauchemin, and more... - SWN #489Broadcom is coming for you, Direct Send, N0auth, UNFI, Cisco, Oneclik, Russ Beauchemin, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-489YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
27 JunScattered Spider hackers shift focus to aviation, transportation firmsHackers associated with Scattered Spider tactics have expanded their targeting to the aviation and transportation industries after previously attacking insurance and retail sectors [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 6[−]
27 JunWindows 11 KB5060829 update released with 38 new changes, fixesMicrosoft has released the KB5060829 preview cumulative update for Windows 11 24H2, which includes 38 changes, including improvements to the taskbar and a new PC-to-PC migration experience. [...]BLEEPINGCOMPUTER.COM
27 JunRussia’s throttling of Cloudflare makes sites inaccessibleStarting June 9, 2025, Russian internet service providers (ISPs) have begun throttling access to websites and services protected by Cloudflare, an American internet giant. [...]BLEEPINGCOMPUTER.COM
27 JunPasskey FAQ for power users | Kaspersky official blogHow to use passkeys to sign in from someone else's device, transfer them between devices, and secure your passkey-protected account with backup sign-in methodsKASPERSKY.COM
27 JunProlific cybercrime gang now targeting airlines and the transportation sectorThe fresh wave of attacks targeting airlines comes soon after the hackers hit the U.K. retail sector and the insurance industry.TECHCRUNCH.COM
27 JunWhy Trend Micro Continues to be Named a CNAPP LeaderTrend Micro is recognized for our Cloud CNAPP capabilities and product strategy—affirming our vision to deliver a cloud security solution that predicts, protects, and responds to threats across hybrid and multi-cloud environments.TRENDMICRO.COM
27 JunHow to Build an Effective Security Awareness ProgramThis is a step-by-step guide to build a strong security awareness and training program that empowers your employees and protects your business.TRENDMICRO.COM