2025 January(178) February(102) March(349) April(412) May(435) June(360) July(0) August(0) September(0)
DATE |
NAME |
Info |
CATEG. |
WEB |
| 27.6.25 | PUBLOAD and Pubshell Malware Used in Mustang Panda's Tibet-Specific Attack | A China-linked threat actor known as Mustang Panda has been attributed to a new cyber espionage campaign directed against the Tibetan community. The spear- | Virus | The Hacker News |
| 27.6.25 | DeepSeek Deception: Sainbox RAT & Hidden Rootkit Delivery | Netskope Threat Labs has discovered a campaign using fake installers to deliver the Sainbox RAT and Hidden rootkit. During our threat hunting activities, we encountered multiple installers disguised as legitimate software, including WPS Office, Sogou, and DeepSeek. | Malware blog | NETSKOPE |
| 27.6.25 | Surge in MOVEit Transfer Scanning Could Signal Emerging Threat Activity | GreyNoise has identified a notable surge in scanning activity targeting MOVEit Transfer systems, beginning on May 27, 2025. Prior to this date, scanning was minimal — typically fewer than 10 IPs observed per day. But on May 27, that number spiked to over 100 unique IPs, followed by 319 IPs on May 28. | Vulnerebility blog | GREYNOISE |
| 27.6.25 | OneClik: A ClickOnce-Based APT Campaign Targeting Energy, Oil and Gas Infrastructure | The Trellix Advanced Research Center has uncovered a sophisticated APT malware campaign that we’ve dubbed OneClik. | APT blog | Trelix |
| 27.6.25 | Chinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden Rootkit | A new campaign has been observed leveraging fake websites advertising popular software such as WPS Office, Sogou, and DeepSeek to deliver Sainbox RAT and the | Virus | The Hacker News |
| 27.6.25 | MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted | Threat intelligence firm GreyNoise is warning of a "notable surge" in scanning activity targeting Progress MOVEit Transfer systems starting May 27, 2025— | Vulnerebility | The Hacker News |
| 27.6.25 | OneClik Malware Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors | Cybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsoft's ClickOnce software deployment technology and bespoke | Virus | The Hacker News |
| 27.6.25 | Marketplace Takeover: How We Could’ve Taken Over Every Developer Using a VSCode Fork; Putting Millions at Risk | We discovered a critical vulnerability in open-vsx.org, the open-source VS Code extensions marketplace powering popular VSCode forks like Cursor, Windsurf and VSCodium, used by over 8,000,000 developers. | Vulnerebility blog | KOI SECURITY |
| 27.6.25 | Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks | Cybersecurity researchers have disclosed a critical vulnerability in the Open VSX Registry ("open-vsx[.]org") that, if successfully exploited, could have enabled | Vulnerebility | The Hacker News |
| 26.6.25 | Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access | Cisco has released updates to address two maximum-severity security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that | Vulnerebility | The Hacker News |
| 26.6.25 | New FileFix Method Emerges as a Threat Following 517% Rise in ClickFix Attacks | The ClickFix social engineering tactic as an initial access vector using fake CAPTCHA verifications increased by 517% between the second half of 2024 and the | Hack | The Hacker News |
| 26.6.25 | Iranian Educated Manticore Targets Leading Tech Academics | Amid ongoing tensions between Iran and Israel, the Iranian threat group Educated Manticore, associated with the Islamic Revolutionary Guard Corps, has launched spear-phishing campaigns targeting Israeli journalists, high-profile cyber security experts and computer science professors from leading Israeli universities. | APT blog | Checkpoint |
| 26.6.25 | Cybercriminals Abuse Open-Source Tools To Target Africa’s Financial Sector | Unit 42 researchers have been monitoring a series of attacks targeting financial organizations across Africa. We assess that the threat actor may be gaining initial access to these financial institutions and then selling it to others on the dark web. | Hacking blog | Palo Alto |
| 26.6.25 | Dire Wolf Strikes: New Ransomware Group Targeting Global Sectors | Dire Wolf is a newly emerged ransomware group first observed in May 2025 and Trustwave SpiderLabs recently uncovered a Dire Wolf ransomware sample that revealed for the first time key details about how the ransomware operates. | Ransom blog | SPIDERLABS BLOG |
| 26.6.25 | The Hidden Risks of SaaS: Why Built-In Protections Aren't Enough for Modern Data Resilience | SaaS Adoption is Skyrocketing, Resilience Hasn't Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate | Security | The Hacker News |
| 26.6.25 | Iranian APT35 Hackers Targeting Israeli Tech Experts with AI-Powered Phishing Attacks | An Iranian state-sponsored hacking group associated with the Islamic Revolutionary Guard Corps (IRGC) has been linked to a spear-phishing campaign targeting | APT | The Hacker News |
| 26.6.25 | Cyber Criminals Exploit Open-Source Tools to Compromise Financial Institutions Across Africa | Cybersecurity researchers are calling attention to a series of cyber attacks targeting financial organizations across Africa since at least July 2023 using a mix of open- | Exploit | The Hacker News |
| 26.6.25 | How Today’s Pentest Models Compare and Why Continuous Wins | Legacy pentests give you a snapshot. Attackers see a live stream. Sprocket's Continuous Penetration Testing (CPT) mimics real-world attackers—daily, not annually—so you can fix what matters, faster. Learn why CPT is the future. | Security | BleepingComputer |
| 26.6.25 | US House bans WhatsApp on staff devices over security concerns | The U.S. House of Representatives has banned the installation and use of WhatsApp on government-issued devices belonging to congressional staff, citing concerns over how the app encrypts and secures data. | Social | BleepingComputer |
| 26.6.25 | APT28 hackers use Signal chats to launch new malware attacks on Ukraine | The Russian state-sponsored threat group APT28 is using Signal chats to target government targets in Ukraine with two previously undocumented malware families named BeardShell and SlimAgent. | APT | BleepingComputer |
| 26.6.25 | Malware on Google Play, Apple App Store stole your photos—and crypto | A new mobile crypto-stealing malware called SparkKitty was found in apps on Google Play and the Apple App Store, targeting Android and iOS devices. | Virus | |
| 26.6.25 | US Homeland Security warns of escalating Iranian cyberattack risks | The U.S. Department of Homeland Security (DHS) warned over the weekend of escalating cyberattack risks by Iran-backed hacking groups and pro-Iranian hacktivists. | APT | |
| 26.6.25 | Canada says Salt Typhoon hacked telecom firm via Cisco flaw | The Canadian Centre for Cyber Security and the FBI confirm that the Chinese state-sponsored 'Salt Typhoon' hacking group is also targeting Canadian telecommunication firms, breaching a telecom provider in February. | APT | |
| 26.6.25 | Revil ransomware members released after time served on carding charges | Four REvil ransomware members arrested in January 2022 were released by Russia on time served after they pleaded guilty to carding and malware distribution charges. | Ransom | |
| 26.6.25 | McLaren Health Care says data breach impacts 743,000 patients | McLaren Health Care is warning 743,000 patients that the health system suffered a data breach caused by a July 2024 attack by the INC ransomware gang. | Incindent | |
| 26.6.25 | Steel giant Nucor confirms hackers stole data in recent breach | Nucor, North America's largest steel producer and recycler, has confirmed that attackers behind a recent cybersecurity incident have also stolen data from the company's network. | Incindent | |
| 26.6.25 | Responsible Disclosure: Vulnerabilities in SAP GUI Client (CVE-2025-0056 & CVE-2025-0055) | As an SAP Security Analyst and Lead Researcher at Pathlock, I believe that responsible security research is the foundation for maintaining secure IT environments. Today, I am excited to disclose research on two vulnerabilities in the SAP Graphical User Interface (SAP GUI) input history feature, which we identified together with Julian Petersohn of Fortinet. | Vulnerebility blog | PATHLOCK |
| 26.6.25 | nOAuth Abuse Alert: Full Account Takeover of Entra Cross-Tenant SaaS Applications | The nOAuth vulnerability exposes a critical authentication flaw in vulnerable software-as-a-service (SaaS) applications. With only access to an Entra tenant—a low barrier—and the target user’s email address, an attacker can take over that user’s account in the vulnerable application. From there, the attacker can access all the data that the target has access to within that application. | Vulnerebility blog | SEMPERIS |
| 26.6.25 | Iran-Linked Threat Actors Leak Visitors and Athletes' Data from Saudi Games | Today (June 22, 2025) — the threat actors associated with the "Cyber Fattah" movement leaked thousands of records containing information about visitors and athletes from past Saudi Games, one of the major sports events in the Kingdom. | APT blog | RESECURITY |
| 26.6.25 | CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added three security flaws, each impacting AMI MegaRAC, D-Link DIR-859 router, | Vulnerebility | The Hacker News |
| 26.6.25 | WhatsApp Adds AI-Powered Message Summaries for Faster Chat Previews | Popular messaging platform WhatsApp has added a new artificial intelligence (AI)-powered feature that leverages its in-house solution Meta AI to summarize unread | AI | The Hacker News |
| 26.6.25 | nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery | New research has uncovered continued risk from a known security weakness in Microsoft's Entra ID , potentially enabling malicious actors to achieve account | Vulnerebility | The Hacker News |
| 26.6.25 | Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC | Citrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in the wild. The vulnerability, tracked as CVE- | Vulnerebility | The Hacker News |
| 26.6.25 | Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure | Cybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface (GUI) for Windows and Java that, if successfully exploited, | Vulnerebility | The Hacker News |
| 26.6.25 | Pro-Iranian Hacktivist Group Leaks Personal Records from the 2024 Saudi Games | Thousands of personal records allegedly linked to athletes and visitors of the Saudi Games have been published online by a pro-Iranian hacktivist group called Cyber | APT | The Hacker News |
| 25.6.25 | ConnectUnwise: Threat actors abuse ConnectWise as builder for signed malware | Since March 2025 there has been a noticeable increase in infections and fake applications using validly signed ConnectWise samples | Malware blog | G DATA |
| 25.6.25 | SonicWall NetExtender Trojan and ConnectWise Exploits Used in Remote Access Attacks | Unknown threat actors have been distributing a trojanized version of SonicWall's SSL VPN NetExtender application to steal credentials from unsuspecting users who | Exploit | The Hacker News |
| 25.6.25 | North Korea-linked Supply Chain Attack Targets Developers with 35 Malicious npm Packages | Cybersecurity researchers have uncovered a fresh batch of malicious npm packages linked to the ongoing Contagious Interview operation originating from | APT | The Hacker News |
| 25.6.25 | Microsoft Extends Windows 10 Security Updates for One Year with New Enrollment Options | Microsoft on Tuesday announced that it's extending Windows 10 Extended Security Updates ( ESU ) for an extra year by letting users either pay a small fee of $30 or by | OS | The Hacker News |
| 25.6.25 | Exchange mutations. Malicious code in Outlook pages | In May 2024, specialists from the Incident Response team at the Positive Technologies Expert Security Center (PT Expert Security Center) discovered an attack using an unknown keylogger injected into the home page of a compromised Exchange Server. In 2025, | Malware blog | POSITIVE TECHNOLOGIES |
| 25.6.25 | Cryptominers’ Anatomy: Shutting Down Mining Botnets | Welcome to the final installment of our Cryptominers’ Anatomy blog series | BotNet blog | AKAMAI |
| 25.6.25 | New U.S. Visa Rule Requires Applicants to Set Social Media Account Privacy to Public | The United States Embassy in India has announced that applicants for F, M, and J nonimmigrant visas should make their social media accounts public. The new | Social | The Hacker News |
| 25.6.25 | Hackers Target Over 70 Microsoft Exchange Servers to Steal Credentials via Keyloggers | Unidentified threat actors have been observed targeting publicly exposed Microsoft Exchange servers to inject malicious code into the login pages that harvest their | Hack | The Hacker News |
| 25.6.25 | Hackers Exploit Misconfigured Docker APIs to Mine Cryptocurrency via Tor Network | Misconfigured Docker instances are the target of a campaign that employs the Tor anonymity network to stealthily mine cryptocurrency in susceptible environments. | Cryptocurrency | The Hacker News |
| 25.6.25 | U.S. House Bans WhatsApp on Official Devices Over Security and Data Protection Issues | The U.S. House of Representatives has formally banned congressional staff members from using WhatsApp on government-issued devices, citing security | Social | The Hacker News |
| 25.6.25 | APT28 Uses Signal Chat to Deploy BEARDSHELL Malware and COVENANT in Ukraine | The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new cyber attack campaign by the Russia-linked APT28 (aka UAC-0001) threat | APT | The Hacker News |
| 24.6.25 | China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom | The Canadian Centre for Cyber Security and the U.S. Federal Bureau of Investigation (FBI) have issued an advisory warning of cyber attacks mounted by the China-linked Salt Typhoon actors to breach major global telecommunications providers as part of a cyber espionage campaign. | APT | The Hacker News |
| 24.6.25 | Echo Chamber Jailbreak Tricks LLMs Like OpenAI and Google into Generating Harmful Content | Cybersecurity researchers are calling attention to a new jailbreaking method called Echo Chamber that could be leveraged to trick popular large language models | AI | The Hacker News |
| 24.6.25 | DHS Warns Pro-Iranian Hackers Likely to Target U.S. Networks After Iranian Nuclear Strikes | The United States government has warned of cyber attacks mounted by pro-Iranian groups after it launched airstrikes on Iranian nuclear sites as part of the Iran–Israel | APT | The Hacker News |
| 24.6.25 | XDigo Malware Exploits Windows LNK Flaw in Eastern European Government Attacks | Cybersecurity researchers have uncovered a Go-based malware called XDigo that has been used in attacks targeting Eastern European governmental entities in | Virus | The Hacker News |
| 24.6.25 | Google Adds Multi-Layered Defenses to Secure GenAI from Prompt Injection Attacks | Google has revealed the various safety measures that are being incorporated into its generative artificial intelligence (AI) systems to mitigate emerging attack vectors | AI | The Hacker News |
| 23.6.25 | Scattered Spider Behind Cyberattacks on M&S and Co-op, Causing Up to $592M in Damages | The April 2025 cyber attacks targeting U.K. retailers Marks & Spencer and Co-op have been classified as a "single combined cyber event." That's according to an | Hack | The Hacker News |
| 23.6.25 | CoinMarketCap briefly hacked to drain crypto wallets via fake Web3 popup | CoinMarketCap, the popular cryptocurrency price tracking site, suffered a website supply chain attack that exposed site visitors to a wallet drainer campaign to steal visitors' crypto. | Cryptocurrency | BleepingComputer |
| 23.6.25 | Oxford City Council suffers breach exposing two decades of data | Oxford City Council warns it suffered a data breach where attackers accessed personally identifiable information from legacy systems. | Incindent | BleepingComputer |
| 23.6.25 | Russian hackers bypass Gmail MFA using stolen app passwords | Russian hackers bypass multi-factor authentication and access Gmail accounts by leveraging app-specific passwords in advanced social engineering attacks that impersonate U.S. Department of State officials. | APT | BleepingComputer |
| 23.6.25 | WordPress Motors theme flaw mass-exploited to hijack admin accounts | Hackers are exploiting a critical privilege escalation vulnerability in the WordPress theme "Motors" to hijack administrator accounts and gain complete control of a targeted site. | Exploit | |
| 23.6.25 | BitoPro exchange links Lazarus hackers to $11 million crypto heist | The Taiwanese cryptocurrency exchange BitoPro claims the North Korean hacking group Lazarus is behind a cyberattack that led to the theft of $11,000,000 worth of cryptocurrency on May 8, 2025. | Cryptocurrency | |
| 23.6.25 | Microsoft investigates OneDrive bug that breaks file search | Microsoft is investigating a known OneDrive issue that is causing searches to appear blank for some users or return no results even when searching for files they know they've already uploaded. | Vulnerebility | |
| 23.6.25 | Cloudflare blocks record 7.3 Tbps DDoS attack against hosting provider | Cloudflare says it mitigated a record-breaking distributed denial of service (DDoS) attack in May 2025 that peaked at 7.3 Tbps, targeting a hosting provider. | Attack | BleepingComputer |
| 23.6.25 | Aflac discloses breach amidst Scattered Spider insurance attacks | On Friday, American insurance giant Aflac disclosed that its systems were breached in a broader campaign targeting insurance companies across the United States by attackers who may have stolen personal and health information. | Hack | BleepingComputer |
| 23.6.25 | Can users reset their own passwords without sacrificing security? | Self-service password resets (SSPR) reduce helpdesk strain—but without strong security, they can open the door to attackers. Learn why phishing-resistant MFA, context-aware verification, and risk-based detection are critical to secure SSPR implementation. | Security | |
| 23.6.25 | Microsoft to remove legacy drivers from Windows Update for security boost | Microsoft has announced plans to periodically remove legacy drivers from the Windows Update catalog to mitigate security and compatibility risks. | Security | |
| 23.6.25 | No, the 16 billion credentials leak is not a new data breach | News broke today of a "mother of all breaches," sparking wide media coverage filled with warnings and fear-mongering. However, it appears to be a compilation of previously leaked credentials stolen by infostealers, exposed in data breaches, and via credential stuffing attacks. | Incindent | |
| 23.6.25 | Godfather Android malware now uses virtualization to hijack banking apps | A new version of the Android malware "Godfather" creates isolated virtual environments on mobile devices to steal account data and transactions from legitimate banking apps. | Virus | |
| 23.6.25 | Webinar: Stolen credentials are the new front door to your network | Cybercriminals no longer need zero-days to breach your systems—these days, they just log in. Join BleepingComputer, SC Media, and Specops Software's Darren Siegel on July 9 at 2:00 PM ET for a live webinar on how attackers are using stolen credentials to infiltrate networks and how you can stop them. | Hack | BleepingComputer |
| 23.6.25 | US recovers $225 million of crypto stolen in investment scams | The U.S. Department of Justice has seized more than $225 million in cryptocurrency linked to investment fraud and money laundering operations, the largest crypto seizure in the history of the U.S. Secret Service. | Cryptocurrency | BleepingComputer |
| 22.6.25 | Special Webinar: Key Insights from Verizon’s 2025 DBIR | GenAI, credential theft, third-party risks—Verizon's 2025 DBIR reveals what's putting your org at risk. Join DBIR author Alex Pinto & LayerX CEO Or Eshed as they break down this year's key insights and defense strategies. Don't miss the webinar—register now. | Cyber | BleepingComputer |
| 22.6.25 | Microsoft unveils new security defaults for Windows 365 Cloud PCs | Microsoft has announced new Windows 365 security defaults starting in the second half of 2025 and affecting newly provisioned and reprovisioned Cloud PCs. | Security | |
| 22.6.25 | DuckDuckGo beefs up scam defense to block fake stores, crypto sites | The DuckDuckGo web browser has expanded its built-in Scam Blocker tool to protect against a broader range of online scams, including fake e-commerce, cryptocurrency exchanges, and "scareware" sites. | Cryptocurrency | |
| 22.6.25 | Telecom giant Viasat breached by China's Salt Typhoon hackers | Satellite communications company Viasat is the latest victim of China's Salt Typhoon cyber-espionage group, which has previously hacked into the networks of multiple other telecom providers in the United States and worldwide. | APT | |
| 22.6.25 | Krispy Kreme says November data breach impacts over 160,000 people | U.S. doughnut chain Krispy Kreme confirmed that attackers stole the personal information of over 160,000 individuals in a November 2024 cyberattack. | Incindent | |
| 22.6.25 | Ryuk ransomware’s initial access expert extradited to the U.S. | A member of the notorious Ryuk ransomware operation who specialized in gaining initial access to corporate networks has been extradited to the United States. | Ransom | |
| 22.6.25 | Pro-Israel hackers hit Iran's Nobitex exchange, burn $90M in crypto | The pro-Israel "Predatory Sparrow" hacking group claims to have stolen over $90 million in cryptocurrency from Nobitex, Iran's largest crypto exchange, and burned the funds in a politically motivated cyberattack. | Cryptocurrency | BleepingComputer |
| 22.6.25 | North Korean hackers deepfake execs in Zoom call to spread Mac malware | North Korean advanced persistent threat (APT) 'BlueNoroff' (aka 'Sapphire Sleet' or 'TA444') are using deepfake company executives during fake Zoom calls to trick employees into installing custom malware on their computers. | APT | BleepingComputer |
| 22.6.25 | 'Stargazers' use fake Minecraft mods to steal player passwords | A large-scale malware campaign specifically targets Minecraft players with malicious mods and cheats that infect Windows devices with infostealers that steal credentials, authentication tokens, and cryptocurrency wallets. | Virus | BleepingComputer |
| 22.6.25 | ChainLink Phishing: How Trusted Domains Become Threat Vectors | Phishing has evolved—and trust is the new attack vector. ChainLink Phishing uses real platforms like Google Drive & Dropbox to sneak past filters and steal credentials in the browser. Watch Keep Aware's on-demand webinar to see how these attacks work—and how to stop them. | Phishing | |
| 22.6.25 | CISA warns of attackers exploiting Linux flaw with PoC exploit | CISA has warned U.S. federal agencies about attackers targeting a high-severity vulnerability in the Linux kernel's OverlayFS subsystem that allows them to gain root privileges. | Exploit | |
| 22.6.25 | Healthcare SaaS firm says data breach impacts 5.4 million patients | Episource warns of a data breach after hackers stole health information of over 5 million people in the United States in a January cyberattack. | Incindent | |
| 22.6.25 | BeyondTrust warns of pre-auth RCE in Remote Support software | BeyondTrust has released security updates to fix a high-severity flaw in its Remote Support (RS) and Privileged Remote Access (PRA) solutions that can let unauthenticated attackers gain remote code execution on vulnerable servers. | Vulnerebility | |
| 21.6.25 | New Linux udisks flaw lets attackers get root on major Linux distros | Attackers can exploit two newly discovered local privilege escalation (LPE) vulnerabilities to gain root privileges on systems running major Linux distributions. | Vulnerebility | BleepingComputer |
| 21.6.25 | Asana warns MCP AI feature exposed customer data to other orgs | Work management platform Asana is warning users of its new Model Context Protocol (MCP) feature that a flaw in its implementation potentially led to data exposure from their instances to other users and vice versa. | Incindent | BleepingComputer |
| 21.6.25 | Paddle settles for $5 million over facilitating tech support scams | Paddle.com and its U.S. subsidiary will pay $5 million to settle Federal Trade Commission (FTC) allegations that the company facilitated deceptive tech-support schemes that harmed many U.S. consumers, including older adults. | Spam | |
| 21.6.25 | Scania confirms insurance claim data breach in extortion attempt | Automotive giant Scania confirmed it suffered a cybersecurity incident where threat actors used compromised credentials to breach its systems and steal insurance claim documents. | Incindent | |
| 21.6.25 | Instagram ads mimicking BMO, EQ Bank are finance scams | Instagram ads impersonating financial institutions like Bank of Montreal (BMO) and EQ Bank (Equitable Bank) are being used to target Canadian consumers with phishing scams and investment fraud. | Social | |
| 21.6.25 | New Veeam RCE flaw lets domain users hack backup servers | Veeam has released security updates today to fix several Veeam Backup & Replication (VBR) flaws, including a critical remote code execution (RCE) vulnerability. | Vulnerebility | |
| 21.6.25 | Sitecore CMS exploit chain starts with hardcoded 'b' password | A chain of Sitecore Experience Platform (XP) vulnerabilities allows attackers to perform remote code execution (RCE) without authentication to breach and hijack servers. | Exploit | BleepingComputer |
| 21.6.25 | UK fines 23andMe for ‘profoundly damaging’ breach exposing genetics data | The UK Information Commissioner's Office (ICO) has fined genetic testing provider 23andMe £2.31 million ($3.12 million) over 'serious security failings' that led to a 'profoundly damaging' data breach in 2023. | Incindent | BleepingComputer |
| 21.6.25 | Microsoft fixes Surface Hub boot issues with emergency update | Microsoft has released an emergency update to fix a known issue causing startup failures for some Surface Hub v1 devices running Windows 10. | OS | BleepingComputer |
| 21.6.25 | Hacker steals 1 million Cock.li user records in webmail data breach | Email hosting provider Cock.li has confirmed it suffered a data breach after threat actors exploited flaws in its now-retired Roundcube webmail platform to steal over a million user records. | Incindent | BleepingComputer |
| 21.6.25 | Hackers switch to targeting U.S. insurance companies | Threat intelligence researchers are warning of hackers breaching multiple U.S. companies in the insurance industry using all the tactics observed with Scattered Spider activity. | Hack | BleepingComputer |
| 21.6.25 | ASUS Armoury Crate bug lets attackers get Windows admin privileges | A high-severity vulnerability in ASUS Armoury Crate software could allow threat actors to escalate their privileges to SYSTEM level on Windows machines. | Vulnerebility | BleepingComputer |
| 21.6.25 | Washington Post's email system hacked, journalists' accounts compromised | Email accounts of several Washington Post journalists were compromised in a cyberattack believed to have been carried out by a foreign government. | Incindent | |
| 21.6.25 | Kali Linux 2025.2 released with 13 new tools, car hacking updates | Kali Linux 2025.2, the second release of the year, is now available for download with 13 new tools and an expanded car hacking toolkit. | OS | |
| 21.6.25 | Zoomcar discloses security breach impacting 8.4 million users | Zoomcar Holdings (Zoomcar) has disclosed via an 8-K form filing with the U.S. Securities and Exchange Commission (SEC) a data breach incident impacting 8.4 million users. | Incindent | |
| 21.6.25 | Microsoft shares temp fix for Outlook crashes when opening emails | Microsoft has shared a workaround for a known issue that causes the classic Outlook email client to crash when opening or starting a new message. | OS | |
| 21.6.25 | Police seizes Archetyp Market drug marketplace, arrests admin | Law enforcement authorities from six countries took down the Archetyp Market, an infamous darknet drug marketplace that has been operating since May 2020. | CyberCrime | BleepingComputer |
| 21.6.25 | Microsoft: June Windows Server security updates cause DHCP issues | Microsoft acknowledged a new issue caused by the June 2025 security updates, causing the DHCP service to freeze on some Windows Server systems. | OS | BleepingComputer |
| 21.6.25 | Over 46,000 Grafana instances exposed to account takeover bug | More than 46,000 internet-facing Grafana instances remain unpatched and exposed to a client-side open redirect vulnerability that allows executing a malicious plugin and account takeover. | Incindent | BleepingComputer |
| 21.6.25 | WestJet investigates cyberattack disrupting internal systems | WestJet, Canada's second-largest airline, is investigating a cyberattack that has disrupted access to some internal systems as it responds to the breach. | Incindent | BleepingComputer |
| 21.6.25 | Anubis ransomware adds wiper to destroy files beyond recovery | The Anubis ransomware-as-a-service (RaaS) operation has added to its file-encrypting malware a wiper module that destroys targeted files, making recovery impossible even if the ransom is paid. | Ransom | BleepingComputer |
| 21.6.25 | Windows 11 users want these five features back | When Windows 11 was first released, many long-time users felt features they loved had been taken away overnight. Three and a half years later, the same complaints still rise to the top of the Feedback Hub with tens of thousands of votes. | OS | BleepingComputer |
| 21.6.25 | Discord flaw lets hackers reuse expired invites in malware campaign | Hackers are hijacking expired or deleted Discord invite links to redirect users to malicious sites that deliver remote access trojans and information-stealing malware. | Hack | BleepingComputer |
| 21.6.25 | Qilin Ransomware Adds "Call Lawyer" Feature to Pressure Victims for Larger Ransoms | The threat actors behind the Qilin ransomware-as-a-service (RaaS) scheme are now offering legal counsel for affiliates to put more pressure on victims to pay up, as the | Ransom | BleepingComputer |
| 21.6.25 | Threat actor Banana Squad exploits GitHub repos in new campaign | ReversingLabs researchers discovered more than 60 GitHub repositories that contain hundreds of trojanized files. | APT blog | Reversinglabs |
| 21.6.25 | Threat Group Targets Companies in Taiwan | FortiGuard Labs has uncovered an ongoing cyberattack, targeting companies in Taiwan using phishing emails disguised as tax-related communications | APT blog | FOTINET |
| 21.6.25 | CERT-In Vulnerability Note Highlights Critical Security Risks in Ivanti, Trend Micro, Apache Kafka, and SAP Products | CERT-In Vulnerability Note reveals serious flaws in Ivanti, Trend Micro, Apache Kafka, and SAP products. | Vulnerebility blog | Cyble |
| 21.6.25 | NCSC Q1 2025 Report Reveals 14.7% Surge in Cybercrime Financial Losses in New Zealand | The NCSC’s Cyber Security Insights report for Q1 2025 shows a 14.7% rise in financial losses from cybercrime, with $7.8M lost mainly due to scams and fraud targeting NZ businesses. | Cyber blog | Cyble |
| 21.6.25 | DOJ Seizes $225M in Crypto Tied to Fraud and Money Laundering | The U.S. Department of Justice (DOJ) filed a civil forfeiture complaint to seize over $225.3 million in cryptocurrency. The funds are allegedly tied to a sprawling cryptocurrency investment fraud and money laundering operation that targeted hundreds of victims through blockchain-based schemes. | Cryptocurrency blog | Cyble |
| 21.6.25 | Masslogger Fileless Variant – Spreads via .VBE, Hides in Registry | During our recent investigation at Seqrite Labs, we identified a sophisticated variant of Masslogger credential stealer malware spreading through .VBE (VBScript Encoded) files | Malware blog | Seqrite |
| 21.6.25 | APT36 Phishing Campaign Targets Indian Defense Using Credential-Stealing Malware | Executive Summary APT36, also known as Transparent Tribe, is a Pakistan-based cyber espionage group that has been actively targeting Indian defense personnel through highly | APT blog | Cyfirma |
| 21.6.25 | Amatera Stealer: Rebranded ACR Stealer With Improved Evasion, Sophistication | Proofpoint has been closely monitoring a stealer malware formerly known as ACR Stealer. In 2025, Proofpoint analysts identified a new, unnamed malware exhibiting significant code overlap, shared features, and capabilities with ACR Stealer. | Malware blog | PROOFPOINT |
| 21.6.25 | Uncovering a Tor-Enabled Docker Exploit | A recent attack campaign took advantage of exposed Docker Remote APIs and used the Tor network to deploy a stealthy cryptocurrency miner. This blog breaks down the attack chain. | Exploit blog | Trend Micro |
| 21.6.25 | An Investigation of AWS Credential Exposure via Overprivileged Containers | Overprivileged or misconfigured containers in Amazon EKS can expose sensitive AWS credentials to threats like packet sniffing and API spoofing, highlighting the need for least privilege and proactive security to detect and reduce these risks. | Incident blog | Trend Micro |
| 21.6.25 | Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet | This blog uncovers an active campaign exploiting CVE-2025-3248 in Langflow versions before 1.3.0 that deploys the Flodrix botnet, enabling threat actors to achieve full system compromise, initiate DDoS attacks, and potentially exfiltrate sensitive data. | Vulnerebility blog | Trend Micro |
| 21.6.25 | VMDetector-Based Loader Abuses Steganography to Deliver Infostealers | Recently, the SonicWall Capture Labs threat research team has identified various malware strains being distributed through a custom VMDetector Loader. | Malware blog | SonicWall |
| 21.6.25 | Medusa RaaS Group Continues Company Focused Triple Extortion Attacks | The SonicWall Capture Labs threat research team continues to track the developments of Medusa ransomware. Medusa is a Russian-speaking Ransomware-as-a-Service (RaaS) operation that has been active since mid-2021. | Ransom blog | SonicWall |
| 21.6.25 | Pre-Auth RCE Alert: Critical SSH Flaw in Erlang/OTP (CVE-2025-32433) | The SonicWall Capture Labs threat research team became aware of a pre-authentication vulnerability in Erlang/OTP (Open Telegram Platform) SSH server implementation, assessed its impact, and developed mitigation measures | Vulnerebility blog | SonicWall |
| 21.6.25 | Exploring a New KimJongRAT Stealer Variant and Its PowerShell Implementation | This article provides a comprehensive analysis of two new variants of the KimJongRAT stealer. We combine our new research findings with existing knowledge to provide a comprehensive resource for understanding and combating these new KimJongRAT variants. | Malware blog | Palo Alto |
| 21.6.25 | Resurgence of the Prometei Botnet | In March 2025, Unit 42 researchers identified a wave of Prometei attacks. Prometei refers to both the botnet and the malware family used to operate it. | BotNet blog | Palo Alto |
| 21.6.25 | Fake Minecraft mods distributed by the Stargazers Ghost Network to steal gamers’ data | Check Point Research discovered a multistage campaign targeting Minecraft users via the distribution as a service (DaaS) Stargazers Ghost Network, which operates on GitHub. The malware impersonates, among others, Oringo and Taunahi, which are “Scripts & Macro” tools (a.k.a cheats). | Malware blog | Checkpoint |
| 21.6.25 | Famous Chollima deploying Python version of GolangGhost RAT | Learn how the North Korean-aligned Famous Chollima is using the a new Python-based RAT, "PylangGhost," to target cryptocurrency and blockchain jobseekers in a campaign affecting users primarily in India. | Malware blog | CISCO TALOS |
| 21.6.25 | A week with a "smart" car | In this edition, Thor shares how a week off with a new car turned into a crash course in modern vehicle tech. Surprisingly, it offers many parallels to cybersecurity usability. | Hacking blog | CISCO TALOS |
| 21.6.25 | When legitimate tools go rogue | Attackers are increasingly hiding in plain sight, using the same tools IT and security teams rely on for daily operations. This blog breaks down common techniques and provides recommendations to defenders. | Hacking blog | CISCO TALOS |
| 21.6.25 | Microsoft Patch Tuesday for June 2025 — Snort rules and prominent vulnerabilities | Microsoft has released its monthly security update for June 2025, which includes 66 vulnerabilities affecting a range of products, including 10 that Microsoft marked as “critical.” | Vulnerebility blog | CISCO TALOS |
| 21.6.25 | catdoc zero-day, NVIDIA, High-Logic FontCreator and Parallel vulnerabilities | Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three zero-day vulnerabilities in catdoc, as well as vulnerabilities in Parallel, NVIDIA and High-Logic FontCreator 15. | Vulnerebility blog | CISCO TALOS |
| 21.6.25 | Ransomware Gangs Collapse as Qilin Seizes Control | In this Threat Alert, Cybereason explores the rise of Qilin amidst a turbulent realignment of the ransomware landscape. | Ransom blog | Cybereason |
| 21.6.25 | Hidden Malware Discovered in jQuery Migrate: A Stealthy Supply Chain Threat | This blog breaks down how a commonly used JavaScript library was weaponized to deliver browser-based malware via compromised WordPress assets. | Malware blog | Trelix |
| 20.6.25 | Defending the Internet: how Cloudflare blocked a monumental 7.3 Tbps DDoS attack | In mid-May 2025, Cloudflare blocked the largest DDoS attack ever recorded: a staggering 7.3 terabits per second (Tbps). | Attack blog | blog.cloudflare |
| 20.6.25 | Threat actor Banana Squad exploits GitHub repos in new campaign | ReversingLabs researchers discovered more than 60 GitHub repositories that contain hundreds of trojanized files. | Exploit blog | ReversingLabs |
| 20.6.25 | Steam Account Checker Poisoned with Infostealer | I found an interesting script targeting Steam users. Steam is a popular digital distribution platform for purchasing, downloading, and playing video games on personal computers. The script is called "steam-account-checker" and is available in Github | Malware blog | SANS |
| 20.6.25 | Clone, Compile, Compromise: Water Curse’s Open-Source Malware Trap on GitHub | The Trend Micro™ Managed Detection and Response team uncovered a threat campaign orchestrated by an active group, Water Curse. The threat actor exploits GitHub, one of the most trusted platforms for open-source software, as a delivery channel for weaponized repositories. | Malware blog | Trend Micro |
| 20.6.25 | Iran's State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist | Iran's state-owned TV broadcaster was hacked Wednesday night to interrupt regular programming and air videos calling for street protests against the Iranian | BigBrothers | The Hacker News |
| 20.6.25 | Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider | Cloudflare on Thursday said it autonomously blocked the largest ever distributed denial-of-service (DDoS) attack ever recorded, which hit a peak of 7.3 terabits per | Attack | The Hacker News |
| 20.6.25 | 200+ Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers | Cybersecurity researchers have uncovered a new campaign in which the threat actors have published more than 67 GitHub repositories that claim to offer Python- | Virus | The Hacker News |
| 20.6.25 | New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft | Cybersecurity researchers have exposed the inner workings of an Android malware called AntiDot that has compromised over 3,775 devices as part of 273 unique | Virus | The Hacker News |
| 20.6.25 | BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with macOS Backdoor Malware | The North Korea-aligned threat actor known as BlueNoroff has been observed targeting an employee in the Web3 sector with deceptive Zoom calls featuring deepfaked company executives to trick them into installing malware on their Apple macOS devices. | APT | The Hacker News |
| 20.6.25 | Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session | Most cyberattacks today don't start with loud alarms or broken firewalls. They start quietly—inside tools and websites your business already trusts. It's called " Living | Attack | The Hacker News |
| 20.6.25 | Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign | Threat actors with suspected ties to Russia have been observed taking advantage of a Google account feature called application specific passwords (or app | APT | The Hacker News |
| 20.6.25 | Meta Adds Passkey Login Support to Facebook for Android and iOS Users | Meta Platforms on Wednesday announced that it's adding support for passkeys, the next-generation password standard, on Facebook. "Passkeys are a new way to | Social | The Hacker News |
| 20.6.25 | New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions | Cybersecurity researchers have uncovered two local privilege escalation (LPE) flaws that could be exploited to gain root privileges on machines running major Linux | Vulnerebility | The Hacker News |
| 20.6.25 | New Malware Campaign Uses Cloudflare Tunnels to Deliver RATs via Phishing Chains | A new campaign is making use of Cloudflare Tunnel subdomains to host malicious payloads and deliver them via malicious attachments embedded in phishing emails. | Virus | The Hacker News |
| 20.6.25 | 1,500+ Minecraft Players Infected by Java Malware Masquerading as Game Mods on GitHub | A new multi-stage malware campaign is targeting Minecraft users with a Java-based malware that employs a distribution-as-service (DaaS) offering called | Virus | The Hacker News |
| 18.6.25 | Heightened Cyberthreat Amidst Israel-Iran Conflict | In the wake of Israel’s large-scale military operation, Operation Rising Lion, which targeted Iranian nuclear and military infrastructure on June 13, 2025, the Israelian cyberthreat landscape has escalated significantly. | APT blog | REDWARE |
| 18.6.25 | Team46 and TaxOff: two sides of the same coin | In March 2025, the Threat Intelligence Department of the Positive Technologies Expert Security Center (PT ESC) analyzed an attack that exploited a Google Chrome zero-day vulnerability (sandbox escape), which was registered around the same time and has since been tracked as CVE-2025-2783. | Vulnerebility blog | POSITIVE TECHNOLOGIES |
| 18.6.25 | Threat Group Targets Companies in Taiwan | In January 2025, FortiGuard Labs observed an attack targeting users in Taiwan. The threat actor is spreading the malware known as winos 4.0 via an email masquerading as being from Taiwan's National Taxation Bureau | APT blog | FOTINET |
| 18.6.25 | Is b For Backdoor? Pre-Auth RCE Chain In Sitecore Experience Platform | Welcome to June! We’re back—this time, we're exploring Sitecore’s Experience Platform (XP), demonstrating a pre-auth RCE chain that we reported to Sitecore in February 2025. | Vulnerebility blog | labs.watchtowr |
| 18.6.25 | Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet | This blog uncovers an active campaign exploiting CVE-2025-3248 in Langflow versions before 1.3.0 that deploys the Flodrix botnet, enabling threat actors to achieve full system compromise, initiate DDoS attacks, and potentially exfiltrate sensitive data. | Vulnerebility blog | Trend Micro |
| 18.6.25 | Water Curse Employs 76 GitHub Accounts to Deliver Multi-Stage Malware Campaign | Cybersecurity researchers have exposed a previously unknown threat actor known as Water Curse that relies on weaponized GitHub repositories to deliver multi-stage | Virus | The Hacker News |
| 18.6.25 | CISA Warns of Active Exploitation of Linux Kernel Privilege Escalation Vulnerability | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed a security flaw impacting the Linux kernel in its Known Exploited Vulnerabilities ( KEV ) catalog, stating it has been actively exploited in the wild. | Exploit | The Hacker News |
| 18.6.25 | Ex-CIA Analyst Sentenced to 37 Months for Leaking Top Secret National Defense Documents | A former U.S. Central Intelligence Agency (CIA) analyst has been sentenced to little more than three years in prison for unlawfully retaining and transmitting top secret | BigBrothers | The Hacker News |
| 18.6.25 | Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication | Veeam has rolled out patches to contain a critical security flaw impacting its Backup & Replication software that could result in remote code execution under | Vulnerebility | The Hacker News |
| 18.6.25 | Iran Slows Internet to Prevent Cyber Attacks Amid Escalating Regional Conflict | Iran has throttled internet access in the country in a purported attempt to hamper Israel's ability to conduct covert cyber operations, days after the latter launched an | APT | The Hacker News |
| 18.6.25 | Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor | A now-patched security flaw in Google Chrome was exploited as a zero-day by a threat actor known as TaxOff to deploy a backdoor codenamed Trinper . The attack, | Exploit | The Hacker News |
| 18.6.25 | LangSmith Bug Could Expose OpenAI Keys and User Data via Malicious Agents | Cybersecurity researchers have disclosed a now-patched security flaw in LangChain's LangSmith platform that could be exploited to capture sensitive data, | AI | The Hacker News |
| 18.6.25 | Silver Fox APT Targets Taiwan with Complex Gh0stCringe and HoldingHands RAT Malware | Cybersecurity researchers are warning of a new phishing campaign that's targeting users in Taiwan with malware families such as HoldingHands RAT and Gh0stCringe. | APT | The Hacker News |
| 18.6.25 | Google Warns of Scattered Spider Attacks Targeting IT Support Teams at U.S. Insurance Firms | The notorious cybercrime group known as Scattered Spider (aka UNC3944) that recently targeted various U.K. and U.S. retailers has begun to target major insurance | Hack | The Hacker News |
| 18.6.25 | Hard-Coded 'b' Password in Sitecore XP Sparks Major RCE Risk in Enterprise Deployments | Cybersecurity researchers have disclosed three security flaws in the popular Sitecore Experience Platform (XP) that could be chained to achieve pre- | Vulnerebility | The Hacker News |
| 18.6.25 | New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks | Cybersecurity researchers have called attention to a new campaign that's actively exploiting a recently disclosed critical security flaw in Langflow to deliver the Flodrix | BotNet | The Hacker News |
| 18.6.25 | TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw in TP-Link wireless routers to its Known Exploited | Vulnerebility | The Hacker News |
| 18.6.25 | Meta Starts Showing Ads on WhatsApp After 6-Year Delay From 2018 Announcement | Meta Platforms on Monday announced that it's bringing advertising to WhatsApp, but emphasized that the ads are "built with privacy in mind." The ads are expected to | Social | The Hacker News |
| 18.6.25 | U.S. Seizes $7.74M in Crypto Tied to North Korea's Global Fake IT Worker Network | The U.S. Department of Justice (DoJ) said it has filed a civil forfeiture complaint in federal court that targets over $7.74 million in cryptocurrency, non-fungible tokens | Cryptocurrency | The Hacker News |
| 18.6.25 | Anubis Ransomware Encrypts and Wipes Files, Making Recovery Impossible Even After Payment | An emerging ransomware strain has been discovered incorporating capabilities to encrypt files as well as permanently erase them, a development that has been | Ransom | The Hacker News |
| 18.6.25 | PyPI, npm, and AI Tools Exploited in Malware Surge Targeting DevOps and Cloud Environments | Cybersecurity researchers from SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and | AI | The Hacker News |
| 15.6.25 | Microsoft: KB5060533 update triggers boot errors on Surface Hub v1 devices | Microsoft is investigating a known issue that triggers Secure Boot errors and prevents Surface Hub v1 devices from starting up. | OS | |
| 15.6.25 | Microsoft confirms auth issues affecting Microsoft 365 users | Microsoft is investigating an ongoing incident that is causing users to experience errors with some Microsoft 365 authentication features. | OS | |
| 15.6.25 | Victoria’s Secret restores critical systems after cyberattack | Victoria's Secret has restored all critical systems impacted by a May 24 security incident that forced it to shut down corporate systems and the e-commerce website. | Incindent | |
| 15.6.25 | Cloudflare: Outage not caused by security incident, data is safe | Cloudflare has confirmed that the massive service outage yesterday was not caused by a security incident and no data has been lost. | Safety | |
| 15.6.25 | Trend Micro fixes critical vulnerabilities in multiple products | Trend Micro has released security updates to address multiple critical-severity remote code execution and authentication bypass vulnerabilities that impact its Apex Central and Endpoint Encryption (TMEE) PolicyServer products. | Vulnerebility | BleepingComputer |
| 15.6.25 | Graphite spyware used in Apple iOS zero-click attacks on journalists | Forensic investigation has confirmed the use of Paragon's Graphite spyware platform in zero-click attacks that targeted Apple iOS devices of at least two journalists in Europe. | Virus | BleepingComputer |
| 15.6.25 | Password-spraying attacks target 80,000 Microsoft Entra ID accounts | Hackers have been using the TeamFiltration pentesting framework to target more than 80,000 Microsoft Entra ID accounts at hundreds of organizations worldwide. | Hack | BleepingComputer |
| 15.6.25 | Microsoft Edge now offers secure password deployment for businesses | Microsoft announced that a new Edge feature allowing employees to share passwords more securely in enterprise environments has reached general availability. | Security | BleepingComputer |
| 15.6.25 | GitLab patches high severity account takeover, missing auth issues | GitLab has released security updates to address multiple vulnerabilities in the company's DevSecOps platform, including ones enabling attackers to take over accounts and inject malicious jobs in future pipelines. | Vulnerebility | BleepingComputer |
| 15.6.25 | Windows 11 24H2 emergency update fixes Easy Anti-Cheat BSOD issue | Microsoft has released an emergency Windows 11 24H2 update to address an incompatibility issue triggering restarts with blue screen of death (BSOD) errors on systems with Easy Anti-Cheat. | OS | |
| 15.6.25 | Fog ransomware attack uses unusual mix of legitimate and open-source tools | Fog ransomware hackers are using an uncommon toolset, which includes open-source pentesting utilities and a legitimate employee monitoring software called Syteca. | Ransom | |
| 15.6.25 | SmartAttack uses smartwatches to steal data from air-gapped systems | A new attack dubbed 'SmartAttack' uses smartwatches as a covert ultrasonic signal receiver to exfiltrate data from physically isolated (air-gapped) systems. | Attack | |
| 15.6.25 | Erie Insurance confirms cyberattack behind business disruptions | Erie Insurance and Erie Indemnity Company have disclosed that a weekend cyberattack is behind the recent business disruptions and platform outages on its website. | Hack | |
| 14.6.25 | Zero-click AI data leak flaw uncovered in Microsoft 365 Copilot | A new attack dubbed 'EchoLeak' is the first known zero-click AI vulnerability that enables attackers to exfiltrate sensitive data from Microsoft 365 Copilot from a user's context without interaction. | Vulnerebility | BleepingComputer |
| 14.6.25 | Microsoft creates separate Windows 11 24H2 update for incompatible PCs | Microsoft confirmed on Tuesday that it's pushing a revised security update targeting some Windows 11 24H2 systems incompatible with the initial update released during this month's Patch Tuesday. | OS | BleepingComputer |
| 14.6.25 | Brute-force attacks target Apache Tomcat management panels | A coordinated campaign of brute-force attacks using hundreds of unique IP addresses targets Apache Tomcat Manager interfaces exposed online. | Attack | BleepingComputer |
| 14.6.25 | Operation Secure disrupts global infostealer malware operations | An international law enforcement action codenamed "Operation Secure" targeted infostealer malware infrastructure in a massive crackdown across 26 countries, resulting in 32 arrests, data seizures, and server takedowns. | CyberCrime | BleepingComputer |
| 14.6.25 | Microsoft fixes unreachable Windows Server domain controllers | Microsoft has resolved a known issue that caused some Windows Server 2025 domain controllers to become unreachable after a restart and triggered app or service failures. | OS | BleepingComputer |
| 14.6.25 | Microsoft fixes Windows Server auth issues caused by April updates | Microsoft has fixed a known issue causing authentication problems on Windows Server domain controllers after installing the April 2025 security updates. | OS | BleepingComputer |
| 14.6.25 | DanaBot malware operators exposed via C2 bug added in 2022 | A vulnerability in the DanaBot malware operation introduced in June 2022 update led to the identification, indictment, and dismantling of their operations in a recent law enforcement action | Virus | BleepingComputer |
| 14.6.25 | ConnectWise rotating code signing certificates over security concerns | ConnectWise is warning customers that it is rotating the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise RMM executables over security concerns. | Security | BleepingComputer |
| 14.6.25 | New Secure Boot flaw lets attackers install bootkit malware, patch now | Security researchers have disclosed a new Secure Boot bypass tracked as CVE-2025-3052 that can be used to turn off security on PCs and servers and install bootkit malware. | Vulnerebility | BleepingComputer |
| 14.6.25 | Windows 10 KB5060533 cumulative update released with 7 changes, fixes | Microsoft has released the KB5060533 cumulative update for Windows 10 22H2 and Windows 10 21H2, with seven fixes or changes, including bringing seconds back to the time shown in the Calendar flyout. | OS | BleepingComputer |
| 14.6.25 | Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws | Today is Microsoft's June 2025 Patch Tuesday, which includes security updates for 66 flaws, including one actively exploited vulnerability and another that was publicly disclosed. | OS | |
| 14.6.25 | Windows 11 KB5060842 and KB5060999 cumulative updates released | Microsoft has released Windows 11 KB5060842 and KB5060999 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues, including 66 flaws. | OS | |
| 14.6.25 | Microsoft Outlook to block more risky attachments used in attacks | Microsoft announced it will expand the list of blocked attachments in Outlook Web and the new Outlook for Windows starting next month. | Hack | |
| 14.6.25 | Texas Dept. of Transportation breached, 300k crash records stolen | The Texas Department of Transportation (TxDOT) is warning that it suffered a data breach after a threat actor downloaded 300,000 crash records from its database. | Incindent | |
| 14.6.25 | FIN6 hackers pose as job seekers to backdoor recruiters’ devices | In a twist on typical hiring-related social engineering attacks, the FIN6 hacking group impersonates job seekers to target recruiters, using convincing resumes and phishing sites to deliver malware. | APT | BleepingComputer |
| 14.6.25 | Ivanti Workspace Control hardcoded key flaws expose SQL credentials | Ivanti has released security updates to fix three high-severity hardcoded key vulnerabilities in the company's Workspace Control (IWC) solution. | Vulnerebility | BleepingComputer |
| 14.6.25 | AI is a data-breach time bomb, reveals new report | AI acts like Pac-Man—devouring sensitive data across clouds, apps, and copilots. Varonis analyzed 1,000 orgs and found 99% have exposed data AI can access, exposing them to data risks. | AI | BleepingComputer |
| 14.6.25 | Five plead guilty to laundering $36 million stolen in investment scams | Five men from China, the United States, and Turkey pleaded guilty to their involvement in an international crime ring and laundering nearly $37 million stolen from U.S. victims in cryptocurrency investment scams carried out from Cambodia. | Incindent | BleepingComputer |
| 14.6.25 | Stolen Ticketmaster data from Snowflake attacks briefly for sale again | The Arkana Security extortion gang briefly listed over the weekend what appeared to be newly stolen Ticketmaster data but is instead the data stolen during the 2024 Snowflake data theft attacks. | Incindent | BleepingComputer |
| 14.6.25 | Over 84,000 Roundcube instances vulnerable to actively exploited flaw | Over 84,000 instances of the Roundcube webmail software are vulnerable to CVE-2025-49113, a critical remote code execution (RCE) vulnerability with a publicly available exploit. | Exploit | BleepingComputer |
| 14.6.25 | Google patched bug leaking phone numbers tied to accounts | A vulnerability allowed researchers to brute-force any Google account's recovery phone number simply by knowing a their profile name and an easily retrieved partial phone number, creating a massive risk for phishing and SIM-swapping attacks. | Mobil | BleepingComputer |
| 14.6.25 | SentinelOne shares new details on China-linked breach attempt | SentinelOne has shared more details on an attempted supply chain attack by Chinese hackers through an IT services and logistics firm that manages hardware logistics for the cybersecurity firm. | Incindent | BleepingComputer |
| 14.6.25 | Sensata Technologies says personal data stolen by ransomware gang | Sensata Technologies is warning former and current employees it suffered a data breach after concluding an investigation into an April ransomware attack. | Incindent | BleepingComputer |
| 14.6.25 | Designing Blue Team playbooks with Wazuh for proactive cyber defense | Designing Blue Team playbooks with Wazuh for proactive cyber defense | Safety | |
| 14.6.25 | Grocery wholesale giant United Natural Foods hit by cyberattack | United Natural Foods (UNFI), North America's largest publicly traded wholesale distributor, was forced to shut down some systems following a recent cyberattack. | Incindent | BleepingComputer |
| 14.6.25 | New Mirai botnet infect TBK DVR devices via command injection flaw | A new variant of the Mirai malware botnet is exploiting a command injection vulnerability in TBK DVR-4104 and DVR-4216 digital video recording devices to hijack them. | BotNet | BleepingComputer |
| 14.6.25 | Malware found in NPM packages with 1 million weekly downloads | A significant supply chain attack hit NPM after 15 popular Gluestack packages with over 950,000 weekly downloads were compromised to include malicious code that acts as a remote access trojan (RAT). | Virus | |
| 14.6.25 | Discord Invite Link Hijacking Delivers AsyncRAT and Skuld Stealer Targeting Crypto Wallets | A new malware campaign is exploiting a weakness in Discord's invitation system to deliver an information stealer called Skuld and the AsyncRAT remote access trojan. | Virus | The Hacker News |
| 14.6.25 | Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month | Cybersecurity researchers are calling attention to a "large-scale campaign" that has been observed compromising legitimate websites with malicious JavaScript | Virus | The Hacker News |
| 14.6.25 | Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows | Since early March 2025, Volexity has observed multiple suspected Russian threat actors conducting highly targeted social engineering operations aimed at gaining access to the Microsoft 365 (M365) accounts of targeted individuals. | Phishing blog | VELOXITY |
| 14.6.25 | GoResolver: Using Control-flow Graph Similarity to Deobfuscate Golang Binaries, Automatically | In the course of its investigations, Volexity frequently encounters malware samples written in Golang. Binaries written in Golang are often challenging to analyze because of the embedded libraries and the sheer size of the resulting binaries. This issue is amplified when samples are obfuscated using tools such as Garble, an open-source Golang obfuscation tool. | Malware blog | VELOXITY |
| 14.6.25 | Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication | Starting in mid-January 2025, Volexity identified several social-engineering and spear-phishing campaigns by Russian threat actors aimed at compromising Microsoft 365 (M365) accounts. These attack campaigns were highly targeted and carried out in a variety of ways. The majority of these attacks originated via spear-phishing emails with different themes. In one case, the eventual breach began with highly tailored outreach via Signal. | APT blog | VELOXITY |
| 14.6.25 | The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access | In early February 2022, notably just ahead of the Russian invasion of Ukraine, Volexity made a discovery that led to one of the most fascinating and complex incident investigations Volexity had ever worked. | APT blog | VELOXITY |
| 14.6.25 | BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA | In July 2024, Volexity identified exploitation of a zero-day credential disclosure vulnerability in Fortinet’s Windows VPN client that allowed credentials to be stolen from the memory of the client’s process. This vulnerability was discovered while analyzing a recent sample of the DEEPDATA malware family. | Attack blog | VELOXITY |
| 14.6.25 | StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms | In mid-2023, Volexity detected and responded to multiple incidents involving systems becoming infected with malware linked to StormBamboo (aka Evasive Panda, and previously tracked by Volexity under “StormCloud”). | Malware blog | VELOXITY |
| 14.6.25 | DISGOMOJI Malware Used to Target Indian Government | In 2024, Volexity identified a cyber-espionage campaign undertaken by a suspected Pakistan-based threat actor that Volexity currently tracks under the alias UTA0137 | Malware blog | VELOXITY |
| 14.6.25 | Detecting Compromise of CVE-2024-3400 on Palo Alto Networks GlobalProtect Devices | Last month, Volexity reported on its discovery of zero-day, in-the-wild exploitation of CVE-2024-3400 in the GlobalProtect feature of Palo Alto Networks PAN-OS by a threat actor Volexity tracks as UTA0218. | Vulnerebility blog | VELOXITY |
| 14.6.25 | The Week in Vulnerabilities: Ivanti, Versa Flaws Flagged by Cyble | The week also included Patch Tuesday for many vendors, making it a busy one for security teams dealing... | Vulnerebility blog | Cyble |
| 14.6.25 | The Week in Vulnerabilities: Cyble Warns of Rising Exploits Targeting ICS, Enterprise, and Web Systems | Cyble reports rising vulnerability threats from May 28–June 3, highlighting flaws in ICS, enterprise,... | Exploit blog | Cyble |
| 14.6.25 | Software Supply Chain Attacks Surged in April and May | Threat actors are getting better at exploiting software supply chain vulnerabilities. We look at recent... | Hacking blog | Cyble |
| 14.6.25 | Over 20 Crypto Phishing Applications Found on the Play Store Stealing Mnemonic Phrases | CRIL discovers over 20 malicious apps targeting crypto wallet users with phishing tactics and Play Store... | Phishing blog | Cyble |
| 14.6.25 | Security Flaws in eMagicOne Store Manager for WooCommerce in WordPress (CVE-2025-5058 and CVE-2025-4603) | Security Flaws in eMagicOne Store Manager for WooCommerce in WordPress (CVE-2025-5058 and CVE-2025-4603) The eMagicOne Store Manager for WooCommerce plugin is in WordPress used to simplify and improve store management by providing functionality not found in the normal WooCommerce... | Vulnerebility blog | Seqrite |
| 14.6.25 | How Seqrite Endpoint Protection Blocks Non-Human Threats like Bots, Scripts, and Malware | How Seqrite Endpoint Protection Blocks Non-Human Threats like Bots, Scripts, and Malware In today’s hyper-connected digital world, the cybersecurity landscape is shifting dramatically. Gone are the days when cyberattacks primarily relied on human intervention. We’re now facing a new... | Security blog | Seqrite |
| 14.6.25 | Operation DRAGONCLONE: Chinese Telecommunication industry targeted via VELETRIX & VShell malware | Operation DRAGONCLONE: Chinese Telecommunication industry targeted via VELETRIX & VShell malware. Contents Introduction Initial Findings Infection Chain. Technical Analysis Stage 0 – Malicious ZIP File. Stage 1 – Malicious VELETRIX implant. Stage 2 – Malicious V-Shell implant. Hunting and... | BigBrother blog | Seqrite |
| 14.6.25 | Trapped by a Call: The Digital Arrest Scam | Digital Arrest Scam: It all starts with a phone call that seems routine at first—measured, official-sounding, and unexpectedly serious. On the other end is someone claiming to represent a government body, calmly accusing you of crimes you’ve never committed—drug... | Spam blog | Seqrite |
| 14.6.25 | TRACKING RANSOMWARE : MAY 2025 | EXECUTIVE SUMMARY In May 2025, ransomware attacks targeted critical industries such as Professional Goods & Services, Consumer Goods, and Manufacturing, with a total of | Ransom blog | Cyfirma |
| 14.6.25 | APT PROFILE – MISSION2025 | MISSION2025 is a Chinese state-sponsored advanced persistent threat (APT) group linked to APT41. Active since at least 2012, the group has conducted cyberespionage and | APT blog | Cyfirma |
| 14.6.25 | Understanding CyberEYE RAT Builder: Capabilities and Implications | EXECUTIVE SUMMARY CyberEye (also distributed under names like TelegramRAT) is a modular, .NET-based Remote Access Trojan (RAT) that provides a wide array of surveillance and | Malware blog | Cyfirma |
| 14.6.25 | AI is Critical Infrastructure: Securing the Foundation of the Global Future | AI data centers are critical infrastructure now. The U.S. investment in AI is nearing a trillion dollars, and new agreements between global superpowers and hyperscaler companies are turning AI into what recent congressional testimony from the Center for Strategic and International Studies described as “the defining competition of the 21st century.” | AI blog | Eclypsium |
| 14.6.25 | Even More Holes In Your Boot: Critical UEFI Secure Boot Bypass Vulnerabilities | Short Description: CVE-2025-427 (aka “Hydroph0bia”), CVE-2025-3052, and CVE-2025-47827 expose fundamental flaws in how firmware handles Secure Boot validation. Affecting systems using UEFI firmware, these vulnerabilities allow attackers to bypass critical security controls and execute malicious code during early boot phases. Here’s what you need to know: | Vulnerebility blog | Eclypsium |
| 14.6.25 | Anubis: A Closer Look at an Emerging Ransomware with Built-in Wiper | Anubis is an emerging ransomware-as-a-service (RaaS) group that adds a destructive edge to the typical double-extortion model with its file-wiping feature. We explore its origins and examine the tactics behind its dual-threat approach. | Ransom blog | Trend Micro |
| 14.6.25 | Critical SAP Vulnerability Exposes Enterprises | CVE-2025-31324 in SAP NetWeaver Visual Composer enables unauthenticated file uploads, exposing systems to RCE and data loss - learn what to do about it. | Vulnerebility blog | Trend Micro |
| 14.6.25 | High-Severity Open Redirect Vulnerability in Grafana Leads to Account Takeover: CVE-2025-4123 | The SonicWall Capture Labs threat research team became aware of an open redirect vulnerability in Grafana, assessed its impact and developed mitigation measures. | Vulnerebility blog | SonicWall |
| 14.6.25 | Microsoft Security Bulletin Coverage for June 2025 | Microsoft’s June 2025 Patch Tuesday includes 66 vulnerabilities, 25 of which are classified as Remote Code Execution (RCE). The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month and produced protection coverage for eight of the reported vulnerabilities. | OS Blog | SonicWall |
| 14.6.25 | JSFireTruck: Exploring Malicious JavaScript Using JSF*ck as an Obfuscation Technique | We recently discovered a large-scale campaign that has been compromising legitimate websites with injected, obfuscated JavaScript code. | Malware blog | Palo Alto |
| 14.6.25 | The Evolution of Linux Binaries in Targeted Cloud Operations | Unit 42 researchers have identified a growing threat to cloud security: Linux Executable and Linkage Format (ELF) files that threat actors are developing to target cloud infrastructure. | Hacking blog | Palo Alto |
| 14.6.25 | Serverless Tokens in the Cloud: Exploitation and Detections | This article outlines the mechanics and security implications of serverless authentication across major cloud platforms. | Exploit blog | Palo Alto |
| 14.6.25 | CVE-2025-33053, Stealth Falcon and Horus: A Saga of Middle Eastern Cyber Espionage | Check Point Research (CPR) discovered a new campaign conducted by the APT group Stealth Falcon. The attack used a .url file that exploited a zero-day vulnerability (CVE-2025-33053) to execute malware from an actor-controlled WebDAV server. | Vulnerebility blog | Checkpoint |
| 14.6.25 | From Trust to Threat: Hijacked Discord Invites Used for Multi-Stage Malware Delivery | Check Point Research uncovered an active malware campaign exploiting expired and released Discord invite links. Attackers hijacked the links through vanity link registration, allowing them to silently redirect users from trusted sources to malicious servers. | Malware blog | Checkpoint |
| 14.6.25 | Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine | Cisco Talos observed a destructive attack on a critical infrastructure entity within Ukraine, using a previously unknown wiper we are calling “PathWiper.” | Malware blog | CISCO TALOS |
| 14.6.25 | Microsoft Patch Tuesday for June 2025 — Snort rules and prominent vulnerabilities | Microsoft has released its monthly security update for June 2025, which includes 66 vulnerabilities affecting a range of products, including 10 that Microsoft marked as “critical.” | OS Blog | CISCO TALOS |
| 14.6.25 | Copyright Phishing Lures Leading to Rhadamanthys Stealer Now Targeting Europe | Cybereason issues Threat Alerts to inform customers of emerging impacting threats, critical vulnerabilities and attacker campaigns. Cybereason Threat Alerts summarize these threats and provide practical recommendations for protecting against them. | Phishing blog | Cybereason |
| 14.6.25 | Inside LockBit's Admin Panel Leak | the LockBit admin panel was hacked by an anonymous actor who replaced their TOR website with the text ‘Don’t do crime CRIME IS BAD xoxo from Prague’ and shared a SQL dump of their admin panel database in an archived file ‘paneldb_dump.zip’. | Ransom blog | Trelix |
| 13.6.25 | Fog Ransomware: Unusual Toolset Used in Recent Attack | Legitimate employee monitoring software and various pentesting tools deployed. | Ransom blog | SYMANTEC BLOG |
| 13.6.25 | First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted | On April 29, 2025, a select group of iOS users were notified by Apple that they were targeted with advanced spyware. Among the group were two journalists that consented for the technical analysis of their cases. The key findings from our forensic analysis of their devices are summarized below: | Malware blog | THE CITIZENLAB |
| 13.6.25 | Vexing and Vicious: The Eerie Relationship between WordPress Hackers and an Adtech Cabal | On November 13, 2024, Qurium researchers exposed that the Swiss-Czech adtech company Los Pollos was part of VexTrio, the largest and oldest known malicious TDS. | Malware blog | Infoblox |
| 13.6.25 | Attackers Unleash TeamFiltration: Account Takeover Campaign (UNK_SneakyStrike) Leverages Popular Pentesting Tool | Proofpoint threat researchers have recently uncovered an active account takeover (ATO) campaign, tracked as UNK_SneakyStrike, using the TeamFiltration pentesting framework to target Entra ID user accounts. | Malware blog | PROOFPOINT |
| 13.6.25 | Gone But Not Forgotten: Black Basta’s Enduring Legacy | The ransomware operator “Black Basta” has experienced a sharp decline following the public leak of its internal chat logs, but its legacy lives on. | Ransom blog | RELIAQUEST |
| 13.6.25 | Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday disclosed that ransomware actors are targeting unpatched SimpleHelp Remote | Ransom | The Hacker News |
| 13.6.25 | Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware | Apple has disclosed that a now-patched security flaw present in its Messages app was actively exploited in the wild to target civil society members in sophisticated | Exploit | The Hacker News |
| 13.6.25 | WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network | The threat actors behind the VexTrio Viper Traffic Distribution Service (TDS) have been linked to other TDS services like Help TDS and Disposable TDS, indicating that | Virus | The Hacker News |
| 13.6.25 | New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes | Cybersecurity researchers have discovered a novel attack technique called TokenBreak that can be used to bypass a large language model's (LLM) safety and | AI | The Hacker News |
| 13.6.25 | AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar | AI is changing everything — from how we code, to how we sell, to how we secure. But while most conversations focus on what AI can do, this one focuses on what AI | AI | The Hacker News |
| 13.6.25 | Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction | A novel attack technique named EchoLeak has been characterized as a "zero-click" artificial intelligence (AI) vulnerability that allows bad actors to exfiltrate sensitive | AI | The Hacker News |
| 13.6.25 | ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks | ConnectWise has disclosed that it's planning to rotate the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise | Security | The Hacker News |
| 13.6.25 | Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool | Cybersecurity researchers have uncovered a new account takeover (ATO) campaign that leverages an open-source penetration testing framework called TeamFiltration | Hack | The Hacker News |
| 13.6.25 | Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks | Former members tied to the Black Basta ransomware operation have been observed sticking to their tried-and-tested approach of email bombing and | Ransom | The Hacker News |
| 13.6.25 | 295 Malicious IPs Launch Coordinated Brute-Force Attacks on Apache Tomcat Manager | Threat intelligence firm GreyNoise has warned of a "coordinated brute-force activity" targeting Apache Tomcat Manager interfaces. The company said it observed a | Attack | The Hacker News |
| 11.6.25 | INTERPOL Dismantles 20,000+ Malicious IPs Linked to 69 Malware Variants in Operation Secure | INTERPOL on Wednesday announced the dismantling of more than 20,000 malicious IP addresses or domains that have been linked to 69 information-stealing | CyberCrime | The Hacker News |
| 11.6.25 | SinoTrack GPS Devices Vulnerable to Remote Vehicle Control via Default Passwords | Two security vulnerabilities have been disclosed in SinoTrack GPS devices that could be exploited to control certain remote functions on connected vehicles and | Vulnerebility | The Hacker News |
| 11.6.25 | Microsoft Patches 67 Vulnerabilities Including WEBDAV Zero-Day Exploited in the Wild | Microsoft has released patches to fix 67 security flaws , including one zero-day bug in Web Distributed Authoring and Versioning (WebDAV) that it said has come under | Vulnerebility | The Hacker News |
| 11.6.25 | Adobe Releases Patch Fixing 254 Vulnerabilities, Closing High-Severity Security Gaps | Adobe on Tuesday pushed security updates to address a total of 254 security flaws impacting its software products, a majority of which affect Experience Manager | Vulnerebility | The Hacker News |
| 11.6.25 | FIN6 Uses AWS-Hosted Fake Resumes on LinkedIn to Deliver More_eggs Malware | The financially motivated threat actor known as FIN6 has been observed leveraging fake resumes hosted on Amazon Web Services (AWS) infrastructure to deliver a | APT | The Hacker News |
| 11.6.25 | Rust-based Myth Stealer Malware Spread via Fake Gaming Sites Targets Chrome, Firefox Users | Cybersecurity researchers have shed light on a previously undocumented Rust-based information stealer called Myth Stealer that's being propagated via fraudulent | Virus | The Hacker News |
| 10.6.25 | Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets | In October 2024, SentinelLABS observed and countered a reconnaissance operation targeting SentinelOne, which we track as part of a broader activity cluster named PurpleHaze. | APT blog | SENTINEL LABS |
| 10.6.25 | Bruteforcing the phone number of any Google user | A few months ago, I disabled javascript on my browser while testing if there were any Google services left that still worked without JS in the modern web. Interestingly enough, the username recovery form still worked! | Hacking blog | BRUTECAT |
| 10.6.25 | Two Botnets, One Flaw: Mirai Spreads Through Wazuh Vulnerability | The Akamai Security Intelligence and Response Team (SIRT) has identified active exploitation of the critical remote code execution (RCE) vulnerability CVE-2025-24016 against Wazuh servers (CVSS 9.9). | BotNet blog | AKAMAI |
| 10.6.25 | Researcher Found Flaw to Discover Phone Numbers Linked to Any Google Account | Google has stepped in to address a security flaw that could have made it possible to brute-force an account's recovery phone number, potentially exposing them to | Vulnerebility | The Hacker News |
| 10.6.25 | Rare Werewolf APT Uses Legitimate Software in Attacks on Hundreds of Russian Enterprises | The threat actor known as Rare Werewolf (formerly Rare Wolf) has been linked to a series of cyber attacks targeting Russia and the Commonwealth of Independent | APT | The Hacker News |
| 10.6.25 | CISA Adds Erlang SSH and Roundcube Flaws to Known Exploited Vulnerabilities Catalog | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two critical security flaws impacting Erlang/Open Telecom Platform (OTP) SSH and | Exploit | The Hacker News |
| 10.6.25 | Over 70 Organizations Across Multiple Sectors Targeted by China-Linked Cyber Espionage Group | The reconnaissance activity targeting American cybersecurity company SentinelOne was part of a broader set of partially-related intrusions into several | APT | The Hacker News |
| 10.6.25 | Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks | A now-patched critical security flaw in the Wazur Server is being exploited by threat actors to drop two different Mirai botnet variants and use them to conduct | BotNet | The Hacker News |
| 10.6.25 | OpenAI Bans ChatGPT Accounts Used by Russian, Iranian, and Chinese Hacker Groups | OpenAI has revealed that it banned a set of ChatGPT accounts that were likely operated by Russian-speaking threat actors and two Chinese nation-state hacking | AI | The Hacker News |
| 10.6.25 | New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally | Cybersecurity researchers have flagged a supply chain attack targeting over a dozen packages associated with GlueStack to deliver malware. The malware, | Virus | The Hacker News |
| 8.6.25 | Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines | UNC3944, which overlaps with public reporting on Scattered Spider, is a financially-motivated threat actor characterized by its persistent use of social engineering and brazen communications with victims. In early operations, UNC3944 largely targeted telecommunications-related organizations to support SIM swap operations | Hacking blog | Google Threat Intelligence |
| 8.6.25 | Malicious Browser Extensions Infect 722 Users Across Latin America Since Early 2025 | Cybersecurity researchers have shed light on a new campaign targeting Brazilian users since the start of 2025 to infect users with a malicious extension for Chromium-based web browsers and siphon user authentication data. | Virus | The Hacker News |
| 8.6.25 | Supply chain attack hits Gluestack NPM packages with 960K weekly downloads | A significant supply chain attack hit NPM after 15 popular Gluestack packages with over 950,000 weekly downloads were compromised to include malicious code that acts as a remote access trojan (RAT). | Hack | |
| 8.6.25 | Malicious npm packages posing as utilities delete project directories | Two malicious packages have been discovered in the npm JavaScript package index, which masquerades as useful utilities but, in reality, are destructive data wipers that delete entire application directories. | Virus | |
| 8.6.25 | Microsoft shares script to restore inetpub folder you shouldn’t delete | Microsoft has released a PowerShell script to help restore an empty 'inetpub' folder created by the April 2025 Windows security updates if deleted. As Microsoft previously warned, this folder helps mitigate a high-severity Windows Process Activation privilege escalation vulnerability. | OS | |
| 8.6.25 | Tax resolution firm Optima Tax Relief hit by ransomware, data leaked | U.S. tax resolution firm Optima Tax Relief suffered a Chaos ransomware attack, with the threat actors now leaking data stolen from the company. | Ransom | |
| 8.6.25 | Kettering Health confirms Interlock ransomware behind cyberattack | Healthcare giant Kettering Health, which manages 14 medical centers in Ohio, confirmed that the Interlock ransomware group breached its network and stole data in a May cyberattack. | Ransom | BleepingComputer |
| 8.6.25 | New PathWiper data wiper malware hits critical infrastructure in Ukraine | A new data wiper malware named 'PathWiper' is being used in targeted attacks against critical infrastructure in Ukraine, aimed at disrupting operations in the country | Virus | BleepingComputer |
| 8.6.25 | Critical Fortinet flaws now exploited in Qilin ransomware attacks | The Qilin ransomware operation has recently joined attacks exploiting two Fortinet vulnerabilities that allow bypassing authentication on vulnerable devices and executing malicious code remotely. | Exploit | BleepingComputer |
| 8.6.25 | Police arrests 20 suspects for distributing child sexual abuse content | Law enforcement authorities from over a dozen countries have arrested 20 suspects in an international operation targeting the production and distribution of child sexual abuse material. | BigBrothers | BleepingComputer |
| 8.6.25 | FBI: BADBOX 2.0 Android malware infects millions of consumer devices | The FBI is warning that the BADBOX 2.0 malware campaign has infected over 1 million home Internet-connected devices, converting consumer electronics into residential proxies that are used for malicious activity. | Virus | BleepingComputer |
| 8.6.25 | Old AT&T data leak repackaged to link SSNs, DOBs to 49M phone numbers | A threat actor has re-released data from a 2021 AT&T breach affecting 70 million customers, this time combining previously separate files to directly link Social Security numbers and birth dates to individual users. | Incindent | BleepingComputer |
| 8.6.25 | Hacker selling critical Roundcube webmail exploit as tech info disclosed | Hackers are actively exploiting CVE-2025-49113, a critical vulnerability in the widely used Roundcube open-source webmail application that allows remote execution. | Exploit | BleepingComputer |
| 8.6.25 | How to build a robust Windows service to block malware and ransomware | Designing a security-focused Windows Service? Learn more from ThreatLocker about the core components for real-time monitoring, threat detection, and system hardening to defend against malware and ransomware. | Virus | BleepingComputer |
| 8.6.25 | Germany fines Vodafone $51 million for privacy, security breaches | The German data protection authority (BfDI) has fined Vodafone GmbH, the telecommunications company's German subsidiary, €45 million ($51.4 million) for privacy and security violations. | Incindent | |
| 8.6.25 | ViLE gang members sentenced for DEA portal breach, extortion | Two members of a group of cybercriminals named ViLE were sentenced this week for hacking into a federal law enforcement web portal in an extortion scheme. | APT | BleepingComputer |
| 8.6.25 | Interlock ransomware claims Kettering Health breach, leaks stolen data | The Interlock ransomware gang has claimed a recent cyberattack on the Kettering Health healthcare network and leaked data allegedly stolen from breached systems. | Ransom | |
| 8.6.25 | US offers $10M for tips on state hackers tied to RedLine malware | The U.S. Department of State has announced a reward of up to $10 million for any information on government-sponsored hackers with ties to the RedLine infostealer malware operation and its suspected creator, Russian national Maxim Alexandrovich Rudometov. | Virus | |
| 7.6.25 | Microsoft unveils free EU cybersecurity program for governments | Microsoft announced in Berlin today a new European Security Program that promises to bolster cybersecurity for European governments. | BigBrothers | BleepingComputer |
| 7.6.25 | FBI: Play ransomware breached 900 victims, including critical orgs | In an update to a joint advisory with CISA and the Australian Cyber Security Centre, the FBI said that the Play ransomware gang had breached roughly 900 organizations as of May 2025, three times the number of victims reported in October 2023. | Ransom | BleepingComputer |
| 7.6.25 | Hacker arrested for breaching 5,000 hosting accounts to mine crypto | The Ukrainian police arrested a 35-year-old hacker who breached 5,000 accounts at an international hosting company and used them to mine cryptocurrency, resulting in $4.5 million in damages. | Cryptocurrency | BleepingComputer |
| 7.6.25 | Cisco warns of ISE and CCP flaws with public exploit code | Cisco has released patches to address three vulnerabilities with public exploit code in its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP) solutions. | Exploit | BleepingComputer |
| 7.6.25 | Ukraine claims it hacked Tupolev, Russia’s strategic warplane maker | The Main Intelligence Directorate (GUR) of Ukraine's Ministry of Defense claims it hacked the Russian aerospace and defense company Tupolev, which develops Russia's supersonic strategic bombers. | BigBrothers | BleepingComputer |
| 7.6.25 | BidenCash carding market domains seized in international operation | Earlier today, law enforcement seized multiple domains of BidenCash, the infamous dark web market for stolen credit cards, personal information, and SSH access. | CyberCrime | |
| 7.6.25 | FBI warns of NFT airdrop scams targeting Hedera Hashgraph wallets | The FBI is warning about a new scam where cybercriminals exploit NFT airdrops on the Hedera Hashgraph network to steal crypto from cryptocurrency wallets. | Spam | |
| 7.6.25 | Media giant Lee Enterprises says data breach affects 39,000 people | Publishing giant Lee Enterprises is notifying nearly 40,000 people whose personal information was stolen in a February 2025 ransomware attack. | Incindent | BleepingComputer |
| 7.6.25 | Google: Hackers target Salesforce accounts in data extortion attacks | Google has observed hackers claiming to be the ShinyHunters extortion group conducting social engineering attacks against multi-national companies to steal data from organizations' Salesforce platforms. | Hack | |
| 7.6.25 | Kerberos AS-REP roasting attacks: What you need to know | Think your passwords are strong enough? AS-REP Roasting is back in the spotlight — and it's targeting weak spots in Active Directory. Learn more from Specops Software how attackers exploit missing Kerberos pre-auth and how to stop them with strong password policies. | Attack | |
| 7.6.25 | Hacker targets other hackers and gamers with backdoored GitHub code | A hacker targets other hackers, gamers, and researchers with exploits, bots, and game cheats in source code hosted on GitHub that contain hidden backdoors to give the threat actor remote access to infected devices. | Virus | BleepingComputer |
| 7.6.25 | Hewlett Packard Enterprise warns of critical StoreOnce auth bypass | Hewlett Packard Enterprise (HPE) has issued a security bulletin to warn about eight vulnerabilities impacting StoreOnce, its disk-based backup and deduplication solution. | Vulnerebility | |
| 7.6.25 | Coinbase breach tied to bribed TaskUs support agents in India | Microsoft is testing a dedicated page in Windows Settings for quick machine recovery, which will provide users with additional configuration options. | Cryptocurrency | BleepingComputer |
| 7.6.25 | New Atomic macOS Stealer Campaign Exploits ClickFix to Target Apple Users | Cybersecurity researchers are alerting to a new malware campaign that employs the ClickFix social engineering tactic to trick users into downloading an information | Virus | The Hacker News |
| 7.6.25 | Security Flaws in Chrome Extensions: The Hidden Dangers of Hardcoded Credentials | API keys, secrets, and tokens commonly left exposed in browser extensions’ code. | Vulnerebility blog | SYMANTEC BLOG |
| 7.6.25 | The strange tale of ischhfd83: When cybercriminals eat their own | A simple customer query leads to a rabbit hole of backdoored malware and game cheats | Cyber blog | Sophos |
| 7.6.25 | How a Malicious Excel File (CVE-2017-0199) Delivers the FormBook Payload | Read how a malicious Excel file exploits CVE-2017-0199 to deliver FormBook malware via phishing. | Vulnerebility blog | FOTINET |
| 7.6.25 | CISA Issues Advisories Highlighting Siemens SiPass and Other Critical Vulnerabilities targeting ICS systems | CISA’s latest ICS advisories reveal major flaws in Siemens SiPass, Consilium fire panels, and more. | ICS blog | Cyble |
| 7.6.25 | Ransomware Landscape May 2025: SafePay, DevMan Emerge as Major Threats | Top Ransomware Groups of May 2025: SafePay and DevMan Rise | Ransom blog | Cyble |
| 7.6.25 | Over 20 Crypto Phishing Applications Found on the Play Store Stealing Mnemonic Phrases | CRIL discovers over 20 malicious apps targeting crypto wallet users with phishing tactics and Play Store distribution under compromised developer accounts. | Cryptocurrency blog | Cyble |
| 7.6.25 | Trapped by a Call: The Digital Arrest Scam | Digital Arrest Scam: It all starts with a phone call that seems routine at first—measured, official-sounding, and unexpectedly serious. On the other end is someone claiming to represent a government body, calmly accusing you of crimes you’ve never committed—drug | Spam blog | Seqrite |
| 7.6.25 | UKRAINE’S ATTACK ON RUSSIA’S STRATEGIC AIR FORCE – LIVE FEED FROM A REVOLUTION IN MILITARY AFFAIRS | EXECUTIVE SUMMARY In a stunning move on June 1, 2025, Ukraine unleashed "Operation Spider's Web", a daring, long-range drone attack that reportedly crippled up to a third of | BigBrother blog | Cyfirma |
| 7.6.25 | DuplexSpy RAT: Stealthy Windows Malware Enabling Full Remote Control and Surveillance | EXECUTIVE SUMMARY At CYFIRMA, we are committed to delivering timely intelligence on emerging cyber threats and adversarial tactics targeting individuals and organizations. | Malware blog | Cyfirma |
| 7.6.25 | Firewalls and Frontlines: The India-Pakistan Cyber Battlefield Crisis | EXECUTIVE SUMMARY At CYFIRMA, we are committed to offering up-to-date insights into prevalent threats and tactics employed by malicious actors, targeting both organizations | BigBrother blog | Cyfirma |
| 7.6.25 | Versa Concerto: Understanding and Mitigating CVE-2025-34027 | EXECUTIVE SUMMARY In May 2025, a set of critical zero-day vulnerabilities was disclosed in Versa Concerto, a popular SD-WAN and SASE solution used across enterprises for secure | Vulnerebility blog | Cyfirma |
| 7.6.25 | SMM Callout Vulnerabilities in UEFI | Eclypsium Automata has identified multiple, separate SMM callout vulnerabilities in UEFI modules supplied by AMD and leading firmware vendor AMI. | Vulnerebility blog | Eclypsium |
| 7.6.25 | Verizon DBIR 2025 Key Stats: Network Device Attacks, Third Party Risk, and More | Massive shifts in cyber attack behavior have been revealed in the 2025 Verizon Data Breach Investigation Report (DBIR). Here are a few of the most surprising stats with real world implications for cybersecurity strategy and attack surface management. | Security blog | Eclypsium |
| 7.6.25 | The Bitter End: Unraveling Eight Years of Espionage Antics—Part One | Analyst note: Throughout this blog, researchers have defanged TA397-controlled indicators and modified certain technical details to protect investigation methods. | APT blog | PROOFPOINT |
| 7.6.25 | GuLoader Brings the Noise — and the Obfuscation | This week the SonicWall Capture Labs threat research team analyzed a sample of GuLoader, a dropper and infostealer capable of harvesting credentials, evading AV, and creating persistence through a variety of techniques. It drops a number of files and uses them as timers and canaries to ensure uptime on the victim system. | Malware blog | SonicWall |
| 7.6.25 | Cacti v1.2.25 CVE-2023-49085 and CVE-2023-49084 Enable SQLi, LFI, and RCE | SonicWall Capture Labs threat research team became aware of the threat CVE-2023-49085, assessed its impact and developed mitigation measures for this vulnerability. | Vulnerebility blog | SonicWall |
| 7.6.25 | High-Severity Open Redirect Vulnerability in Grafana Leads to Account Takeover: CVE-2025-4123 | The SonicWall Capture Labs threat research team became aware of an open redirect vulnerability in Grafana, assessed its impact and developed mitigation measures. Grafana is known for creating dynamic charts, graphs, and alerts based on data sources, making it a critical component in many monitoring stacks. | Vulnerebility blog | SonicWall |
| 7.6.25 | How Good Are the LLM Guardrails on the Market? A Comparative Study on the Effectiveness of LLM Content Filtering Across Major GenAI Platforms | We conducted a comparative study of the built-in guardrails offered by three major cloud-based large language model (LLM) platforms. We examined how each platform's guardrails handle a broad range of prompts, from benign queries to malicious instructions. | AI blog | Palo Alto |
| 7.6.25 | Lost in Resolution: Azure OpenAI's DNS Resolution Issue | In late 2024, Unit 42 researchers discovered an issue with Azure OpenAI’s Domain Name System (DNS) resolution logic that could have enabled cross-tenant data leaks and meddler-in-the-middle (MitM) attacks. This issue stemmed from a misconfiguration in how the Azure OpenAI API handled domain assignments, versus how the user interface (UI) handled them. | AI blog | Palo Alto |
| 7.6.25 | Blitz Malware: A Tale of Game Cheats and Code Repositories | In 2024, we discovered new Windows-based malware called Blitz. This article provides an in-depth analysis of the malware, examines its distribution and reviews Blitz malware's command and control (C2) infrastructure. We found a new version of Blitz in early 2025, which indicates this malware has been in active development. | Malware blog | Palo Alto |
| 7.6.25 | Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine | Cisco Talos observed a destructive attack on a critical infrastructure entity within Ukraine, using a previously unknown wiper we are calling “PathWiper.” | Malware blog | CISCO TALOS |
| 7.6.25 | BladedFeline: Whispering in the dark | ESET researchers analyzed a cyberespionage campaign conducted by BladedFeline, an Iran-aligned APT group with likely ties to OilRig | APT blog | Eset |
| 7.6.25 | Don’t let dormant accounts become a doorway for cybercriminals | Do you have online accounts you haven't used in years? If so, a bit of digital spring cleaning might be in order. | Cyber blog | Eset |
| 7.6.25 | Demystifying Myth Stealer: A Rust Based InfoStealer | During regular proactive threat hunting, the Trellix Advanced Research Center identified a fully undetected infostealer malware sample written in Rust. | Malware blog | Trelix |
| 7.6.25 | Unmasking Insecure HTTP Data Leaks in Popular Chrome Extensions | Extensions analyzed expose information such as browsing domains, machine IDs, OS details, usage analytics, and more. | Hacking blog | SYMANTEC BLOG |
| 6.6.25 | Microsoft adds quick machine recovery to Windows 11 settings | Microsoft is testing a dedicated page in Windows Settings for quick machine recovery, which will provide users with additional configuration options. | OS | BleepingComputer |
| 6.6.25 | Malicious RubyGems pose as Fastlane to steal Telegram API data | Two malicious RubyGems packages posing as popular Fastlane CI/CD plugins redirect Telegram API requests to attacker-controlled servers to intercept and steal data. | Virus | BleepingComputer |
| 6.6.25 | Mozilla launches new system to detect Firefox crypto drainer add-ons | Mozilla has developed a new security feature for its add-on portal that helps block Firefox malicious extensions that drain cryptocurrency wallets. | Cryptocurrency | |
| 6.6.25 | Scattered Spider: Three things the news doesn’t tell you | Scattered Spider isn't one group — it's an identity-first threat model evolving fast. From vishing to AiTM phishing, they're exploiting MFA gaps to hijack the cloud. Watch the Push Security webinar to learn how their identity-based tactics work — and how to stop them. | APT | |
| 6.6.25 | CISA warns of ConnectWise ScreenConnect bug exploited in attacks | CISA is alerting federal agencies in the U.S. of hackers exploiting a recently patched ScreenConnect vulnerability that could lead to executing remote code on the server. | Exploit | BleepingComputer |
| 6.6.25 | Victoria’s Secret delays earnings release after security incident | Fashion retail giant Victoria's Secret has delayed its first quarter 2025 earnings release because of ongoing corporate system restoration efforts following a May 24 security incident. | Incindent | BleepingComputer |
| 6.6.25 | Google patches new Chrome zero-day bug exploited in attacks | Google has released an emergency security update to fix the third Chrome zero-day vulnerability exploited in attacks since the start of the year. | Vulnerebility | BleepingComputer |
| 6.6.25 | Android malware Crocodilus adds fake contacts to spoof trusted callers | The latest version of the 'Crocodilus' Android malware has introduced a new mechanism that adds a fake contact on the infected device's contact list to deceive victims. | Virus | BleepingComputer |
| 6.6.25 | Cartier discloses data breach amid fashion brand cyberattacks | Luxury fashion brand Cartier is warning customers it suffered a data breach that exposed customers' personal information after its systems were compromised. | Incindent | BleepingComputer |
| 6.6.25 | The North Face warns customers of April credential stuffing attack | Outdoor apparel retailer The North Face is warning customers that their personal information was stolen in credential stuffing attacks targeting the company's website in April. | Incindent | |
| 6.6.25 | SentinelOne: Last week’s 7-hour outage caused by software flaw | American cybersecurity company SentinelOne revealed over the weekend that a software flaw triggered a seven-hour-long outage on Thursday. | Vulnerebility | |
| 6.6.25 | Google Chrome to distrust Chunghwa Telecom, Netlock certificates in August | Google says it will no longer trust root CA certificates signed by Chunghwa Telecom and Netlock in the Chrome Root Store due to a pattern of compliance failures and failure to make improvements. | CyberCrime | BleepingComputer |
| 6.6.25 | Microsoft and CrowdStrike partner to link hacking group names | Microsoft and CrowdStrike announced today that they've partnered to connect the aliases used for specific threat groups without actually using a single naming standard. | APT | BleepingComputer |
| 6.6.25 | ‘Russian Market’ emerges as a go-to shop for stolen credentials | The "Russian Market" cybercrime marketplace has emerged as one of the most popular platforms for buying and selling credentials stolen by information stealer malware. | CyberCrime | BleepingComputer |
| 6.6.25 | Microsoft ships emergency patch to fix Windows 11 startup failures | Microsoft has released an out-of-band update to address a known issue causing some Windows 11 systems to enter recovery and fail to start after installing the KB5058405 May 2025 security update. | OS | |
| 6.6.25 | Qualcomm fixes three Adreno GPU zero-days exploited in attacks | Qualcomm has released security patches for three zero-day vulnerabilities in the Adreno Graphics Processing Unit (GPU) driver that impact dozens of chipsets and are actively exploited in targeted attacks. | Exploit | BleepingComputer |
| 6.6.25 | Exploit details for max severity Cisco IOS XE flaw now public | Technical details about a maximum-severity Cisco IOS XE WLC arbitrary file upload flaw tracked as CVE-2025-20188 have been made publicly available, bringing us closer to a working exploit. | Exploit | BleepingComputer |
| 6.6.25 | Hackers are exploiting critical flaw in vBulletin forum software | Two critical vulnerabilities affecting the open-source forum software vBulletin have been discovered, with one confirmed to be actively exploited in the wild. | Exploit | BleepingComputer |
| 6.6.25 | Unmasking Insecure HTTP Data Leaks in Popular Chrome Extensions | Extensions analyzed expose information such as browsing domains, machine IDs, OS details, usage analytics, and more. | Hacking blog | SYMANTEC BLOG |
| 6.6.25 | Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks | A now-patched critical security flaw in the Wazuh Server is being exploited by threat actors to drop two different Mirai botnet variants and use them to conduct | Exploit | The Hacker News |
| 6.6.25 | Microsoft Helps CBI Dismantle Indian Call Centers Behind Japanese Tech Support Scam | India's Central Bureau of Investigation (CBI) has revealed that it has arrested four individuals and dismantled two illegal call centers that were found to be engaging in | Spam | The Hacker News |
| 6.6.25 | New PathWiper Data Wiper Malware Disrupts Ukrainian Critical Infrastructure in 2025 Attack | A critical infrastructure entity within Ukraine was targeted by a previously unseen data wiper malware named PathWiper, according to new findings from Cisco Talos. | Virus | The Hacker News |
| 6.6.25 | Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hard-Coded Credentials | Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, | Hack | The Hacker News |
| 5.6.25 | The Bitter End: Unraveling Eight Years of Espionage Antics – Part Two | Bitter's malware has significantly evolved since 2016, moving from basic downloaders to more capable RATs. The group primarily uses simple and home-grown payloads delivered via their infection chain, rather than relying on advanced anti-analysis techniques within the payloads itself. | APT blog | THREATRAY |
| 5.6.25 | The Bitter End: Unraveling Eight Years of Espionage Antics—Part One | Proofpoint Threat Research assesses it is highly likely that TA397 is a state-backed threat actor tasked with intelligence gathering in the interests of the Indian state. | APT blog | PROOFPOINT |
| 5.6.25 | Researchers Detail Bitter APT's Evolving Tactics as Its Geographic Scope Expands | The threat actor known as Bitter has been assessed to be a state-backed hacking group that's tasked with gathering intelligence that aligns with the interests of the | APT | The Hacker News |
| 5.6.25 | Iran-Linked BladedFeline Hits Iraqi and Kurdish Targets with Whisper and Spearal Malware | An Iran-aligned hacking group has been attributed to a new set of cyber attacks targeting Kurdish and Iraqi government officials in early 2024. The activity is tied to | APT | The Hacker News |
| 5.6.25 | DoJ Seizes 145 Domains Tied to BidenCash Carding Marketplace in Global Takedown | The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of cryptocurrency funds and about 145 clearnet and dark web domains associated | CyberCrime | The Hacker News |
| 5.6.25 | Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI | Cisco has released security patches to address a critical security flaw impacting the Identity Services Engine (ISE) that, if successfully exploited, could allow | Vulnerebility | The Hacker News |
| 5.6.25 | Google Exposes Vishing Group UNC6040 Targeting Salesforce with Fake Data Loader App | Google has disclosed details of a financially motivated threat cluster that it said "specializes" in voice phishing (aka vishing ) campaigns designed to breach | APT | The Hacker News |
| 4.6.25 | Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloads | Threat hunters are calling attention to a new variant of a remote access trojan (RAT) called Chaos RAT that has been used in recent attacks targeting Windows and Linux | Virus | The Hacker News |
| 4.6.25 | Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks | Several malicious packages have been uncovered across the npm, Python, and Ruby package repositories that drain funds from cryptocurrency wallets, erase | Virus | The Hacker News |
| 4.6.25 | HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass | Hewlett Packard Enterprise (HPE) has released security updates to address as many as eight vulnerabilities in its StoreOnce data backup and deduplication | Vulnerebility | The Hacker News |
| 4.6.25 | Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack | Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their | Virus | The Hacker News |
| 3.6.25 | Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code | Cybersecurity researchers have disclosed details of a critical security flaw in the Roundcube webmail software that has gone unnoticed for a decade and could be | Vulnerebility | The Hacker News |
| 3.6.25 | Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets | A growing number of malicious campaigns have leveraged a recently discovered Android banking trojan called Crocodilus to target users in Europe and South | Virus | The Hacker News |
| 3.6.25 | Google Chrome to Distrust Two Certificate Authorities Over Compliance and Conduct Issues | Google has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock citing "patterns of concerning behavior observed | Security | The Hacker News |
| 3.6.25 | Microsoft and CrowdStrike Launch Shared Threat Actor Glossary to Cut Attribution Confusion | Microsoft and CrowdStrike have announced that they are teaming up to align their individual threat actor taxonomies by publishing a new joint threat actor mapping. | APT | The Hacker News |
| 3.6.25 | New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch | Google on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the | Exploit | The Hacker News |
| 3.6.25 | Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub | Cybersecurity researchers have discovered a new cryptojacking campaign that's targeting publicly accessible DevOps web servers such as those associated with | Cryptocurrency | The Hacker News |
| 3.6.25 | Preinstalled Apps on Ulefone, Krüger&Matz Phones Let Any App Reset Device, Steal PIN | Three security vulnerabilities have been disclosed in preloaded Android applications on smartphones from Ulefone and Krüger&Matz that could enable any app installed | Security | The Hacker News |
| 3.6.25 | Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU | Qualcomm has shipped security updates to address three zero-day vulnerabilities that it said have been exploited in limited, targeted attacks in the wild. The flaws in | Vulnerebility | The Hacker News |
| 3.6.25 | Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions | Cybersecurity researchers have warned of a new spear-phishing campaign that uses a legitimate remote access tool called Netbird to target Chief Financial | Phishing | The Hacker News |
| 1.6.25 | Behind the Script: Unmasking Phishing Attacks Using Google Apps Script | When we think about phishing attacks, we typically picture suspicious emails containing questionable links that lead to fake websites designed to mimic authentic ones. However, threat actors are becoming more strategic, now leveraging tools from trusted tech giants to exploit users. | Phishing | CONFENSE |
| 1.6.25 | Police takes down AVCheck site used by cybercriminals to scan malware | An international law enforcement operation has taken down AVCheck, a service used by cybercriminals to test whether their malware is detected by commercial antivirus software before deploying it in the wild. | CyberCrime | BleepingComputer |
| 1.6.25 | Germany doxxes Conti ransomware and TrickBot ring leader | The Federal Criminal Police Office of Germany (Bundeskriminalamt or BKA) claims that Stern, the leader of the Trickbot and Conti cybercrime gangs, is a 36-year-old Russian named Vitaly Nikolaevich Kovalev. | CyberCrime | BleepingComputer |
| 1.6.25 | Getting Exposure Management Right: Insights from 500 CISOs | Pentesting isn't just about finding flaws — it's about knowing which ones matter. Pentera's 2025 State of Pentesting report uncovers which assets attackers target most, where security teams are making progress, and which exposures still fly under the radar. Focus on reducing breach impact, not just breach count. | Security | |
| 1.6.25 | Mozilla releases Firefox 139.0.1 update to fix artifacts on Nvidia GPUs | Mozilla has rolled out an emergency Firefox 139.0.1 update after the Tuesday release caused graphical artifacts on PCs with NVIDIA GPUs. | Vulnerebility | |
| 1.6.25 | Microsoft Authenticator now warns to export passwords before July cutoff | The Microsoft Authenticator app is now issuing notifications warning that the password autofill feature is being deprecated in July, suggesting users move to Microsoft Edge instead. | Safety | BleepingComputer |
| 1.6.25 | ConnectWise breached in cyberattack linked to nation-state hackers | IT management software firm ConnectWise says a suspected state-sponsored cyberattack breached its environment and impacted a limited number of ScreenConnect customers. | APT | BleepingComputer |
| 1.6.25 | Threat actors abuse Google Apps Script in evasive phishing attacks | Threat actors are abusing the trusted Google platform 'Google Apps Script' to host phishing pages, making them appear legitimate and eliminating the risk of them getting flagged by security tools. | Phishing | BleepingComputer |
| 1.6.25 | Apple Safari exposes users to fullscreen browser-in-the-middle attacks | A weakness in Apple's Safari web browser allows threat actors to leverage the fullscreen browser-in-the-middle (BitM) technique to steal account credentials from unsuspecting users. | Hack | BleepingComputer |
| 1.6.25 | US sanctions firm linked to cyber scams behind $200 million in losses | The U.S. Treasury Department has sanctioned Funnull Technology, a Philippines-based company that supports hundreds of thousands of malicious websites behind cyber scams linked to over $200 million in losses for Americans. | Spam | |
| 1.6.25 | Cybercriminals exploit AI hype to spread ransomware, malware | Threat actors linked to lesser-known ransomware and malware projects now use AI tools as lures to infect unsuspecting victims with malicious payloads. | AI | |
| 1.6.25 | Victoria’s Secret takes down website after security incident | Victoria's Secret, the fashion giant, has taken down its website and some store services because of an ongoing security incident | Incindent | BleepingComputer |
| 1.6.25 | Microsoft: Windows 11 might fail to start after installing KB5058405 | Microsoft has confirmed that some Windows 11 systems might fail to start after installing the KB5058405 security update released during this month's Patch Tuesday. | OS | BleepingComputer |
| 1.6.25 | Data broker LexisNexis discloses data breach affecting 364,000 people | Data broker giant LexisNexis Risk Solutions has revealed that unknown attackers stole the personal information of over 364,000 individuals in a December breach. | Incindent | BleepingComputer |
| 1.6.25 | Windows 10 KB5058481 update brings seconds back to calendar flyout | Microsoft has released the optional KB5058481 preview cumulative update for Windows 10 22H2 with seven changes, including restoring seconds to the time display in the calendar flyout for those who previously lost it. | OS | BleepingComputer |
| 1.6.25 | Windows 11 KB5058499 update rolls out new Share and Click to Do features | Microsoft has released the KB5058499 preview cumulative update for Windows 11 24H2 with forty-eight new features or changes, with many gradually rolling out, such as the new Windows Share feature and tje Click to Do Preview. | OS | BleepingComputer |
| 1.6.25 | APT41 malware abuses Google Calendar for stealthy C2 communication | The Chinese APT41 hacking group uses a new malware named 'ToughProgress' that abuses Google Calendar for command-and-control (C2) operations, hiding malicious activity behind a trusted cloud service. | APT | |
| 1.6.25 | New PumaBot botnet brute forces SSH credentials to breach devices | A newly discovered Go-based Linux botnet malware named PumaBot is brute-forcing SSH credentials on embedded IoT devices to deploy malicious payloads. | BotNet | |
| 1.6.25 | Interlock ransomware gang deploys new NodeSnake RAT on universities | The Interlock ransomware gang is deploying a previously undocumented remote access trojan (RAT) named NodeSnake against educational institutes for persistent access to corporate networks. | Ransom | BleepingComputer |
| 1.6.25 | Botnet hacks 9,000+ ASUS routers to add persistent SSH backdoor | Over 9,000 ASUS routers are compromised by a novel botnet dubbed "AyySSHush" that was also observed targeting SOHO routers from Cisco, D-Link, and Linksys. | BotNet | BleepingComputer |
| 1.6.25 | Dark Partners cybercrime gang fuels large-scale crypto heists | A sprawling network of fake AI, VPN, and crypto software download sites is being used by the "Dark Partner" threat actors to conduct a crypto theft attacks worldwide. | Cryptocurrency | BleepingComputer |
| 1.6.25 | New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora | Two information disclosure flaws have been identified in apport and systemd-coredump , the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, | Vulnerebility | The Hacker News |
| 1.6.25 | U.S. DoJ Seizes 4 Domains Supporting Cybercrime Crypting Services in Global Operation | A multinational law enforcement operation has resulted in the takedown of an online cybercrime syndicate that offered services to threat actors to ensure that | CyberCrime | The Hacker News |
| 1.6.25 | Infostealer Malware FormBook Spread via Phishing Campaign – Part II | Learn how the FormBook payload operates on a compromised machine, including the complicated anti-analysis techniques employed by this variant. | Malware blog | FOTINET |
| 1.6.25 | Storm-0558 and the Dangers of Cross-Tenant Token Forgery | Modern cloud ecosystems often place a single identity provider in charge of handling logins and tokens for a wide range of customers. | Hacking blog | TRUSTWAVE |
| 1.6.25 | U.S. Treasury Sanctions FUNNULL CDN, FBI Issues Advisory Warning Against Major Cyber Scam Facilitator | The U.S. Department of the Treasury sanctioned Chinese-based content delivery network (CDN), FUNNULL, labeling it as a major distributor of online scams. The FBI concurrently released an advisory report to disseminate indicators of compromise (IOCs) associated with malicious cyber activities linked to FUNNULL. | Spam blog | Silent Push |
| 1.6.25 | Lumma Infostealer – Down but Not Out? | The takedown achieved a significant disruption to Lumma infostealers’ infrastructure, but likely didn’t permanently affect most of its Russia-hosted infrastructure. | Malware blog | Checkpoint |
| 1.6.25 | The Week in Vulnerabilities: Cyble Sensors Detect Attack Attempts on SAP, Ivanti | Attack attempts picked up by Cyble Sensors’ honeypots highlight threat actors’ resourcefulness and the need for strong security defenses. | Vulnerebility blog | Cyble |
| 1.6.25 | CISA Updates Advisory for Active Exploitation Targeting Commvault Metallic SaaS Cloud Platform | CISA issues urgent update on threats targeting Commvault’s Metallic SaaS platform, widely used for Microsoft 365 backups. | Exploit blog | Cyble |
| 1.6.25 | FBI Warns Silent Ransom Group Targeting U.S. Law Firms Using Social Engineering and Callback Phishing | The U.S. Federal Bureau of Investigation (FBI) has issued a fresh alert warning law firms and cybersecurity professionals about ongoing cyber threat activity linked to the Silent Ransom Group (SRG)—also known as Luna Moth, Chatty Spider, or UNC3753. | Ransom blog | Cyble |
| 1.6.25 | Lyrix Ransomware | EXECUTIVE SUMMARY CYFIRMA’s research team discovered Lyrix Ransomware while monitoring underground forums as part of our Threat Discovery Process. Developed in Python and | Ransom blog | Cyfirma |
| 1.6.25 | Windows 11 Migration: Navigating the Hardware-Driven Challenges | The clock is ticking. With Microsoft ending Windows 10 support on October 25, 2025—just six months away—organizations worldwide are racing against time to complete their Windows 11 migration. | OS Blog | Eclypsium |
| 1.6.25 | Enhanced Threat Detection: Bootloaders, Bootkits, and Secure Boot | The attack surface Eclypsium set out to defend extends to areas in our systems that many security teams and monitoring tools are either overlooking or trusting someone else has secured for them. | Malware blog | Eclypsium |
| 1.6.25 | Trend Micro Leading the Fight to Secure AI | New MITRE ATLAS submission helps strengthen organizations’ cyber resilience | AI blog | Trend Micro |
| 1.6.25 | Earth Lamia Develops Custom Arsenal to Target Multiple Industries | Trend™ Research has been tracking an active APT threat actor named Earth Lamia, targeting multiple industries in Brazil, India and Southeast Asia countries at least since 2023. The threat actor primarily exploits vulnerabilities in web applications to gain access to targeted organizations. | APT blog | Trend Micro |
| 1.6.25 | NightSpire Ransomware Encrypts Cloud-Stored OneDrive Files | This week, the SonicWall Capture Labs threat research team analyzed a ransomware variant known as NightSpire. While its behavior is typical of most ransomware—encrypting user files and providing recovery instructions via a text file—what makes NightSpire especially concerning is its rapid growth. | Ransom blog | SonicWall |
| 1.6.25 | Cybercriminals camouflaging threats as AI tool installers | Cisco Talos has uncovered new threats, including ransomware like CyberLock and Lucky_Gh0$t, and a destructive malware called Numero, all disguised as legitimate AI tool installers to target victims. | Cyber blog | CISCO TALOS |
| 1.6.25 | This month in security with Tony Anscombe – May 2025 edition | From a flurry of attacks targeting UK retailers to campaigns corralling end-of-life routers into botnets, it's a wrap on another month filled with impactful cybersecurity news | Cyber blog | Eset |
| 1.6.25 | Word to the wise: Beware of fake Docusign emails | Cybercriminals impersonate the trusted e-signature brand and send fake Docusign notifications to trick people into giving away their personal or corporate data | Cyber blog | Eset |
| 1.6.25 | The Windows Registry Adventure #8: Practical exploitation of hive memory corruption | In the previous blog post, we focused on the general security analysis of the registry and how to effectively approach finding vulnerabilities in it. | Vulnerebility blog | Project Zero |
| 1.6.25 | A Flyby on the CFO's Inbox: Spear-Phishing Campaign Targeting Financial Executives with NetBird Deployment | On May 15th, Trellix's email security products alerted on a highly targeted spear-phishing operation aimed at CFOs and finance executives at banks, energy companies, insurers, and investment firms across Europe, Africa, Canada, the Middle East, and South Asia. | Phishing blog | Trelix |