June, 2025
June 30, 2025 – Malware
Stealthy WordPress Malware Drops Windows Trojan via PHP Backdoor Full Text
Abstract
A stealthy malware campaign has been discovered targeting WordPress websites to deliver a Windows-based RAT through a PHP backdoor. The infection chain involves a malicious ZIP archive containing the trojan executable.Sucuri
June 30, 2025 – Phishing
CapCut Con: Apple Phishing & Card-Stealing Refund Ruse Full Text
Abstract
Threat actors are leveraging the popularity of CapCut, a widely used video editing app, to execute a sophisticated phishing campaign aimed at stealing Apple ID credentials and credit card information.Cofense
June 30, 2025 – General
NFC data for contactless payments are the new target. Here is what you need to know. Full Text
Abstract
Cybercriminals are increasingly targeting Near Field Communication (NFC) data used in contactless payments, leveraging sophisticated malware and social engineering tactics.ESET
June 30, 2025 – Phishing
TikTok Videos Promise Pirated Apps, Deliver Vidar and StealC Infostealers Instead Full Text
Abstract
A sophisticated social engineering campaign is exploiting TikTok to distribute the Vidar and StealC information-stealing malware. The campaign uses pirated software themes such as Windows OS, Microsoft Office, CapCut, and Spotify to lure users.TrendMicro
June 30, 2025 – Vulnerabilities
Bluetooth flaws could let hackers spy through your microphone Full Text
Abstract
Three Bluetooth vulnerabilities in Airoha chipsets affect 29 audio devices from 10 vendors: Beyerdynamic, Bose, Sony, Marshall, Jabra, JBL, Jlab, EarisMax, MoerLabs, and Teufel.Bleeping Computer
June 30, 2025 – Breach
RansomHub Breach: Six-Day Attack Leveraged RDP, RMM Tools & Mimikatz for Data Exfiltration & Ransomware Full Text
Abstract
A threat actor exploited RDP misconfigurations and password spraying to deploy RansomHub ransomware. The attacker used legitimate administrative tools and Windows features to maintain stealth and efficiency throughout the operation.Security Online
June 28, 2025 – APT
Tracing Blind Eagle to Proton66 Full Text
Abstract
Blind Eagle, also known as APT-C-36, is a persistent threat actor that targets organizations across Latin America, with a particular focus on Colombian financial institutions.TrustWave
June 28, 2025 – Phishing
Fake DocuSign email hides tricky phishing attempt Full Text
Abstract
A sophisticated phishing campaign has been observed leveraging legitimate services such as DocuSign, Webflow, and Google to deceive users and conduct system reconnaissance.MalwareBytes
June 27, 2025 – Vulnerabilities
Hunt Electronic DVR Vulnerability Leaves Admin Credentials Unprotected Full Text
Abstract
A critical vulnerability (CVE-2025-6561) in Hunt Electronics’ hybrid DVRs (models HBF-09KD and HBF-16NK) allows unauthenticated remote attackers to access configuration files containing plaintext administrator credentials.GBHackers
June 27, 2025 – Outage
Hawaiian Airlines discloses cyberattack, flights not affected Full Text
Abstract
Hawaiian Airlines, the tenth-largest commercial airline in the United States, has disclosed a cybersecurity incident that disrupted access to some of its IT systems. The nature of the attack remains under investigation.Bleeping Computer
June 27, 2025 – Hacker
GIFTEDCROOK’s Strategic Pivot: From Browser Stealer to Data Exfiltration Platform During Critical Ukraine Negotiations Full Text
Abstract
Threat actor UAC-0226 is leveraging the evolving GIFTEDCROOK malware in an espionage campaign. Initially a browser credential stealer, GIFTEDCROOK has transformed into a robust surveillance tool targeting Ukrainian government and military entities.Artic Wolf
June 26, 2025 – Deepfake
N. Korean Group BlueNoroff Uses Deepfake Zoom Calls in Crypto Scams Full Text
Abstract
BlueNoroff, a North Korean state-sponsored APT group and a subgroup of the Lazarus Group, is conducting a sophisticated campaign targeting macOS users in the cryptocurrency sector.Security Boulevard
June 26, 2025 – Vulnerabilities
Decrement by one to rule them all: AsIO3.sys driver exploitation Full Text
Abstract
Two critical vulnerabilities in the ASUS AsIO3.sys driver (CVE-2025-1533 and CVE-2025-3464) allow local privilege escalation to SYSTEM level. These flaws affect ASUS Armory Crate and AI Suite applications.Talos Intelligence
June 26, 2025 – Breach
Freight forwarder Estes notifies data breach victims; ransomware gang takes credit Full Text
Abstract
Estes Forwarding Worldwide experienced a ransomware attack on May 28, 2025. The Qilin ransomware gang claimed responsibility, posting stolen documents including passport scans, driver’s licenses, and spreadsheets.CompariTech
June 26, 2025 – Criminals
US, France crack down on BreachForums with arrests, IntelBroker indictment Full Text
Abstract
Authorities in the United States and France have intensified their crackdown on the cybercrime marketplace BreachForums, arresting key figures and issuing indictments in a coordinated international effort to dismantle the platform’s operations.SCWorld
June 26, 2025 – Phishing
Microsoft 365 ‘Direct Send’ abused to send phishing as internal users Full Text
Abstract
A phishing campaign is actively exploiting Microsoft 365's "Direct Send" feature to send spoofed internal emails and steal user credentials. Direct Send, which allows unauthenticated email sending via a tenant's smart host, is a known security risk.Bleeping Computer
June 26, 2025 – Vulnerabilities
Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks Full Text
Abstract
A critical vulnerability in the Open VSX Registry (open-vsx[.]org) exposed millions of developers to potential supply chain attacks. If exploited, attackers could have gained full control over the Visual Studio Code extensions marketplace.The Hacker News
June 26, 2025 – Attack
MOVEit Transfer Systems Hit by Wave of Attacks Using Over 100 Unique IPs Full Text
Abstract
A significant surge in scanning and exploitation activity has been observed targeting Progress Software’s MOVEit Transfer platform. Over 682 unique IP addresses have been identified in scanning operations.GBHackers
June 26, 2025 – APT
Blind Eagle (APT-C-36) Exploits WebDAV and Dynamic DNS in Post-Patch Malware Campaign Targeting Colombia Full Text
Abstract
Blind Eagle (APT-C-36), a threat group active since 2018, has launched a new phishing campaign targeting Colombian organizations. The group uses phishing emails to deliver malware via malicious URLs.Dark Trace
June 26, 2025 – Attack
The Case of Hidden Spam Pages Full Text
Abstract
A campaign targeting WordPress websites involves attackers brute-forcing wp-admin credentials to deploy spam posts and pages for blackhat SEO purposes. The attackers use two malicious plugins to conceal their activity and maintain persistent access.Sucuri
June 26, 2025 – Vulnerabilities
Multiple Vulnerabilities in Cisco ISE and ISE-PIC Could Allow for Remote Code Execution Full Text
Abstract
Two critical vulnerabilities in Cisco Identity Services Engine (ISE) and ISE-PIC (versions 3.3 and later) could allow unauthenticated remote attackers to execute arbitrary code with root privileges.Center for Internet Society
June 25, 2025 – Hacker
Hackers Use Open-Source Tools to Attack Financial Businesses in Africa Full Text
Abstract
A threat actor group tracked as CL-CRI-1014 has been targeting financial institutions across Africa since at least 2023. These attackers function as initial access brokers (IABs), compromising networks and selling access on the dark web.Infosecurity Magazine
June 25, 2025 – Breach
Ransomware attack contributed to patient’s death, says Britain’s NHS Full Text
Abstract
A ransomware attack by the Qilin cybercrime group on Synnovis, a pathology service provider in London, severely disrupted NHS services in June 2023. The breach also exposed sensitive data of over 900,000 individuals.The Record
June 25, 2025 – Outage
Glasgow City Council impacted by ‘cyber incident’ Full Text
Abstract
Glasgow City Council has reported a cyber incident that has disrupted several of its online services and may have resulted in the exfiltration of customer data. The council has taken affected servers offline as a precautionary measure.The Record
June 25, 2025 – Vulnerabilities
Kubernetes NodeRestriction Flaw Lets Nodes Bypass Resource Authorization Full Text
Abstract
A vulnerability in Kubernetes, tracked as CVE-2025-4563, allows compromised nodes to bypass authorization checks for dynamic resource allocation. It can lead to privilege escalation in clusters where specific configurations are enabled.GBHackers
June 25, 2025 – Phishing
Sextortion email scammers increase their “Hello pervert” money demands Full Text
Abstract
A new variant of the long-running "sextortion" scam campaign has emerged, featuring increased ransom demands, spoofed email addresses, and references to Pegasus spyware. The email usually starts with “Hello pervert.”Malware Bytes
June 25, 2025 – Breach
Home Office anti-encryption site pushes payday loan scheme Full Text
Abstract
A UK government website originally created for the Home Office’s 2022 “No Place to Hide” anti-encryption campaign has been hijacked to promote a payday loan scheme. The campaign was initially expected to target Facebook Messenger.The Register
June 25, 2025 – Vulnerabilities
NVIDIA Megatron LM Flaw Allows Attackers to Inject Malicious Code Full Text
Abstract
NVIDIA addressed two high-severity vulnerabilities—CVE-2025-23264 and CVE-2025-23265—in open-source Megatron-LM framework, addressing . These flaws allow attackers to inject and execute malicious code via specially crafted files.GBHackers
June 25, 2025 – General
Black Hat SEO Poisoning Search Engine Results For AI Full Text
Abstract
Threat actors are exploiting the popularity of AI tools by using Black Hat SEO to poison search engine results and Vidar Stealer, Lumma Stealer, and Legion Loader through complex redirection chains and obfuscated JavaScript.ZScalar
June 25, 2025 – Breach
Leak of data belonging to 7.4 million Paraguayans traced back to infostealers Full Text
Abstract
A massive data breach has compromised the personal information of approximately 7.4 million Paraguayan citizens. The stolen data includes names, ID card numbers, dates of birth, professions, and certificates.The Record
June 25, 2025 – Botnet
Androxgh0st Botnet Expands Reach, Exploiting US University Servers Full Text
Abstract
The Androxgh0st botnet has significantly evolved since its emergence in early 2023, now leveraging a broader range of attack vectors and targeting misconfigured servers, particularly in academic institutions.Hack Read
June 24, 2025 – Attack
New FileFix attack weaponizes Windows File Explorer for stealthy commands Full Text
Abstract
A new social engineering technique called FileFix has emerged as a variant of the ClickFix attack, leveraging the Windows File Explorer address bar to stealthily execute malicious PowerShell commands.Bleeping Computer
June 24, 2025 – Malware
Dissecting a Malicious Havoc Sample Full Text
Abstract
A sophisticated variant of the Havoc Remote Access Trojan (RAT) was deployed in a targeted cyber intrusion against critical national infrastructure in the Middle East. This variant leverages a disguised remote injector to deploy the Havoc payload.Fortinet
June 24, 2025 – Vulnerabilities
Critical Convoy Flaw Allows Remote Code Execution on Servers Full Text
Abstract
A critical vulnerability (CVE-2025-52562) in Performave Convoy, a KVM server management panel used by hosting providers, allows unauthenticated remote attackers to execute arbitrary PHP code on affected systems.GBHackers
June 24, 2025 – Skimming
Advanced Malware Campaign Targets WordPress and WooCommerce Sites with Hidden Skimmers Full Text
Abstract
A sophisticated malware campaign has been uncovered targeting WordPress and WooCommerce platforms. The campaign involves over 20 malware variants focused on credit card skimming, credential theft, ad fraud, and further payload distribution.GBHackers
June 24, 2025 – Vulnerabilities
Xiaomi Interoperability App Flaw Allows Unauthorized Access to User Devices Full Text
Abstract
A critical vulnerability, tracked as CVE-2024-45347, has been identified in Xiaomi’s Mi Connect Service App, exposing millions of users to the risk of unauthorized access. The flaw is rated 9.6 on the CVSS scale.GBHackers
June 24, 2025 – Vulnerabilities
WinRAR Vulnerability Exploited with Malicious Archives to Execute Code Full Text
Abstract
A critical vulnerability in RARLAB’s WinRAR for Windows, tracked as CVE-2025-6218 with a CVSS score of 7.8 (High), allows attackers to execute arbitrary code by tricking users into opening specially crafted archive files.GBHackers
June 24, 2025 – Vulnerabilities
Aviatrix Cloud Controller Flaw Enables Remote Code Execution via Authentication Bypass Full Text
Abstract
Two critical vulnerabilities—CVE-2025-2171 and CVE-2025-2172—were discovered in Aviatrix Controller. These flaws enable full system compromise through an authentication bypass followed by command injection, affecting versions 7.2.5012.GBHackers
June 24, 2025 – Vulnerabilities
Notepad++ Vulnerability Allows Full System Takeover — PoC Released Full Text
Abstract
A critical privilege escalation vulnerability, CVE-2025-49144, has been identified in Notepad++ v8.8.1. This flaw allows attackers to gain full system control through a supply-chain attack by exploiting insecure search paths in the installer.GBHackers
June 24, 2025 – Vulnerabilities
HPE security advisory (AV25-365) - Canadian Centre for Cyber Security Full Text
Abstract
HPE issued a security advisory addressing a vulnerability in the HPE Telco Unified OSS Console. The affected versions include all releases prior to v3.1.16. Users and administrators should apply the necessary updates to mitigate potential risks.Government of Canada
June 24, 2025 – Government
CISA ICS security advisories (AV25–363) Full Text
Abstract
CISA published ICS advisories addressing vulnerabilities in several industrial control system products. These advisories cover multiple products from vendors including Dover Fueling Solutions, Fuji Electric, LS Electric, and Siemens.Government of Canada
June 23, 2025 – APT
Analysis of TAG-140 Campaign and DRAT V2 Development Targeting Indian Government Organizations Full Text
Abstract
A new Delphi-based variant of the DRAT remote access trojan, dubbed DRAT V2, has been deployed by TAG-140 (a subgroup of Transparent Tribe/APT36) in a campaign targeting Indian government entities.Recorded Future
June 23, 2025 – APT
Ukrainian Government Systems Targeted With Backdoors Hidden in Cloud APIs and Docs Full Text
Abstract
A sophisticated cyberattack campaign attributed to APT28 (Fancy Bear), a Russian GRU-linked threat actor, has targeted Ukrainian government systems. The campaign deployed two novel malware strains—BEARDSHELL and SLIMAGENT.The Cyber Express
June 23, 2025 – Malware
NCSC Issues Alert on ‘UMBRELLA STAND’ Malware Targeting Fortinet FortiGate Firewalls Full Text
Abstract
The NCSC issued an alert regarding a newly discovered malware dubbed UMBRELLA STAND, which targets internet-facing Fortinet FortiGate 100D firewalls. This malware is designed to establish persistent access to embedded network devices.GBHackers
June 23, 2025 – Malware
Threat Actors abuse signed ConnectWise application as malware builder Full Text
Abstract
A new malware campaign tracked as EvilConwi is actively abusing ConnectWise’s ScreenConnect software to distribute signed malware. This follows earlier exploitation of CVE-2024-1708 and CVE-2024-1709 in February 2024.GData Software
June 23, 2025 – Vulnerabilities
Amazon EKS Flaws Expose AWS Credentials and Enable Privilege Escalation Full Text
Abstract
Security researchers have identified critical vulnerabilities in Amazon Elastic Kubernetes Service (EKS) that could expose AWS credentials and enable privilege escalation. These flaws arise from misconfigured containers and excessive privileges.GBHackers
June 23, 2025 – Vulnerabilities
Critical Meshtastic Flaw Allows Attackers to Decrypt Private Messages Full Text
Abstract
A critical cryptographic vulnerability in the open-source Meshtastic project exposes users to message decryption and node hijacking risks. The issue affects multiple hardware platforms, increasing the scope of potential exposure.GBHackers
June 23, 2025 – Breach
Anubis Ransomware Lists Disneyland Paris as New Victim Full Text
Abstract
Anubis, a ransomware-as-a-service (RaaS) group that emerged in December 2024, has claimed responsibility for a significant data breach involving Disneyland Paris. The group alleges it exfiltrated 64GB of sensitive data.Hack Read
June 23, 2025 – Malware
Malicious WordPress Plugin Creates Hidden Admin User Backdoor Full Text
Abstract
A malicious WordPress plugin named php-ini.php was discovered that conditionally created a malicious admin user on infected websites. The plugin mimicked the legitimate wpforms plugin but only included a single file.Sucuri
June 23, 2025 – Botnet
Resurgence of the Prometei Botnet Full Text
Abstract
Prometei has evolved significantly, with its Linux variant gaining prominence since December 2020. As of March 2025, researchers have observed a renewed wave of Prometei botnet activity targeting Linux servers.Palo Alto Networks
June 23, 2025 – Vulnerabilities
Critical Authentication Bypass Vulnerability in Teleport (CVE-2025-49825) Affects SSH and Git Proxy Setups Full Text
Abstract
A critical authentication bypass vulnerability (CVE-2025-49825) has been identified in Teleport, an open-source platform used for secure access to infrastructure via SSH, RDP, Kubernetes, and other protocols.Fortiguard
June 21, 2025 – Vulnerabilities
IBM QRadar SIEM Bug Lets Attackers Run Arbitrary Commands Full Text
Abstract
IBM has released a critical security update for its QRadar SIEM platform following the discovery of multiple vulnerabilities, including a severe flaw that allows privileged users to execute arbitrary commands.GBHackers
June 21, 2025 – Malware
PowerShell Loaders Use In-Memory Execution to Evade Disk-Based Detection Full Text
Abstract
A newly discovered PowerShell-based shellcode loader, y1.ps1, was identified by Shenzhen Tencent Computer Systems Company Ltd. on June 1, 2025. This malware leverages advanced in-memory execution and evasion techniques.GBHackers
June 21, 2025 – Outage
Tonga Ministry of Health hit with cyberattack affecting website, IT systems Full Text
Abstract
Tonga’s Ministry of Health has suffered a ransomware attack that has crippled its National Health Information System, affecting hospital operations and public access to medical services.The Record
June 21, 2025 – Breach
Ransomware gang says it stole confidential files from Taos County, NM; demands ransom in 7 days Full Text
Abstract
The ransomware group Kairos has claimed responsibility for stealing 1.94 TB of sensitive data from the Taos County government in New Mexico. The group issued a 7-day ultimatum, threatening to sell or publicly release the data if a ransom is not paid.CompariTech
June 21, 2025 – Outage
Russian dairy supply disrupted by cyberattack on animal certification system Full Text
Abstract
A significant cyberattack has disrupted Russia’s Mercury platform, a critical component of the country’s Federal State Information System for Veterinary Surveillance (VetIS). The platform was taken offline.The Record
June 21, 2025 – Malware
New Mocha Manakin Malware Deploys NodeInitRAT via Clickfix Attack Full Text
Abstract
A newly identified cyber threat, Mocha Manakin, leverages social engineering and a custom NodeJS-based backdoor named NodeInitRAT to compromise systems. This threat uses deceptive paste-and-run tactics to bypass security controls and deliver malware.HackRead
June 20, 2025 – Malware
Famous Chollima deploying Python version of GolangGhost RAT Full Text
Abstract
PylangGhost is tailored for Windows, while the Golang version targets MacOS. The threat actors target professionals in cryptocurrency and blockchain industries, mostly in India, using fake job interviews.Talos Intelligence
June 20, 2025 – Ransomware
Qilin’s ‘on-call lawyer’ capability is fooling no one Full Text
Abstract
Qilin introduced a controversial new feature in its affiliate panel—a "Call lawyer" button. This feature is designed to provide affiliates with access to legal experts who can assist in ransom negotiations by advising on legal implications.The Register
June 20, 2025 – APT
APT36 Phishing Campaign Targets Indian Defense Using Credential-Stealing Malware Full Text
Abstract
APT36 is conducting a targeted phishing campaign against Indian defense personnel. The campaign uses spear-phishing emails with malicious PDF attachments that mimic official government documents to deliver credential-stealing malware.Cyfirma
June 20, 2025 – Attack
Russian Hackers Exploit Oracle Cloud Infrastructure to Target Scaleway Object Storage Full Text
Abstract
Russian threat actors have been leveraging trusted cloud infrastructure platforms like Oracle Cloud Infrastructure (OCI) Object Storage and Scaleway Object Storage to propagate sophisticated attacks using the Lumma Stealer malware.GBHackers
June 19, 2025 – Malware
Amatera Stealer: Rebranded ACR Stealer With Improved Evasion, Sophistication Full Text
Abstract
Amatera Stealer is a rebranded and significantly enhanced version of ACR Stealer, now distributed as a malware-as-a-service (MaaS). It features advanced evasion techniques, dynamic payload delivery, and a stealthy command-and-control (C2) mechanism.ProofPoint
June 19, 2025 – Denial Of Service
Active Exploitation of CVE-2024-3721 in TBK DVRs Enables Botnet-Driven DDoS Attacks Full Text
Abstract
A critical command injection vulnerability, CVE-2024-3721, in TBK DVR devices is being actively exploited by multiple botnet operators. This flaw enables unauthenticated remote code execution via crafted HTTP requests.Fortiguard
June 19, 2025 – Malware
Malicious WordPress Plugin ‘wordpress-player.php’ Redirects Users via Hidden Video and WebSocket C2 Full Text
Abstract
A new malicious WordPress plugin named wordpress-player.php has been discovered, designed to covertly redirect site visitors to suspicious domains. At least 26 websites have been confirmed as infected, indicating a growing campaign.Sucuri
June 19, 2025 – Deepfake
North Korean hackers deepfake execs in Zoom call to spread Mac malware Full Text
Abstract
A new campaign by the North Korean APT group BlueNoroff (also known as TA444 or Sapphire Sleet) leverages deepfake videos of company executives during Zoom calls to distribute custom macOS malware.Bleeping Computer
June 17, 2025 – Malware
Multi-Stage Malware Attack on PyPI: “chimera-sandbox-extensions” Malicious Package Threatens Chimera Sandbox Users Full Text
Abstract
A malicious Python package named chimera-sandbox-extensions was discovered on PyPI, targeting developers using the chimera-sandbox environment. The package is designed to steal sensitive infrastructure-specific data.JFrog
June 17, 2025 – Breach
Freedman HealthCare targeted by cyber extortionists Full Text
Abstract
A cyber extortion group known as World Leaks has claimed responsibility for a significant data breach at Freedman HealthCare. The attackers allege they have exfiltrated 52.4 GB of sensitive data comprising 42,204 files.The Register
June 17, 2025 – Malware
Malicious Windows Executable Hidden in JPEG Image via Steganography and Base64 Obfuscation Full Text
Abstract
A recent discovery has revealed a sophisticated steganographic technique used to embed a malicious Windows executable within a JPEG image. The payload was hidden using Base64 obfuscation and detected through dynamic analysis.Sans
June 14, 2025 – Outage
Government offices in North Carolina, Georgia disrupted by cyberattacks Full Text
Abstract
Two separate cyberattacks have disrupted government operations in Thomasville, North Carolina, and the Ogeechee Judicial Circuit District Attorney’s Office in Georgia. These incidents have led to significant service outages.The Record
June 14, 2025 – Hacker
GrayAlpha Unmasked: New FIN7-Linked Infrastructure, PowerNet Loader, and Fake Update Attacks Full Text
Abstract
GrayAlpha, a threat actor overlapping with FIN7, has been observed deploying NetSupport RAT using diverse infection vectors and custom loaders. The group utilizes PowerNet, a PowerShell loader, and MaskBat.Recorded Future
June 14, 2025 – Breach
Medical software maker Episource data breach leaks thousands of patients’ private health info Full Text
Abstract
Episource, a medical software provider, suffered a ransomware attack between January 27 and February 6, 2025, compromising sensitive health and insurance data. The breach impacted at least 24,259 individuals in Texas.CompariTech
June 14, 2025 – Vulnerabilities
Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header Full Text
Abstract
A medium-severity Reflected File Download (RFD) vulnerability, tracked as CVE-2025-41234, has been identified and patched in VMware’s Spring Framework. Successful exploitation of this vulnerability can lead to client-side code execution.GBHackers
June 14, 2025 – Vulnerabilities
Microsoft Defender Spoofing Flaw Enables Privilege Escalation and AD Access Full Text
Abstract
A newly disclosed spoofing vulnerability, CVE-2025-26685, affects Microsoft Defender for Identity (MDI), enabling unauthenticated attackers to capture Net-NTLM hashes of Directory Service Accounts (DSAs).GBHackers
June 13, 2025 – Vulnerabilities
Amazon Cloud Cam Flaw Allows Attackers to Intercept and Modify Network Traffic Full Text
Abstract
GBHackers
June 13, 2025 – Phishing
Developers Beware - Sophisticated Phishing Scams Exploit GitHub Device Code Flow to Hijack Tokens Full Text
Abstract
A new wave of sophisticated phishing attacks is targeting software developers by exploiting GitHub’s OAuth 2.0 Device Code Flow. These attacks enable threat actors to hijack developer tokens and more.GBHackers
June 13, 2025 – Vulnerabilities
Acer Control Center Flaw Lets Attackers Run Malicious Code as Elevated User Full Text
Abstract
A critical remote code execution vulnerability (CVE-2025-5491, CVSS 8.8) has been identified in Acer ControlCenter. The flaw arises from insecure permissions on a custom protocol pipe exposed by the ACCSvc.exe service.GBHackers
June 13, 2025 – Vulnerabilities
Critical Vulnerability in OneLogin AD Connector Enables JWT Forgery and Cross-Tenant Account Takeovers Full Text
Abstract
A critical vulnerability in OneLogin’s AD Connector exposed enterprise authentication systems to severe risk. The flaw allowed attackers to obtain credentials, impersonate users, and access sensitive applications by forging JSON Web Tokens (JWTs).Specterops
June 13, 2025 – Malware
Understanding CyberEYE RAT Builder: Capabilities and Implications Full Text
Abstract
CyberEye, also referred to as TelegramRAT, is a newly discovered RAT that utilizes Telegram’s Bot API for C2 operations. It is gaining popularity among cybercriminals due to its powerful surveillance features and ease of deployment.Cyfirma
June 11, 2025 – Vulnerabilities
ShapeBlue Security Advisory: Security Fixes in CloudStack 4.19.3.0 and Apache CloudStack 4.20.1.0 Full Text
Abstract
Apache CloudStack has released Long-Term Support (LTS) versions 4.19.3.0 and 4.20.1.0 to address five security vulnerabilities, including two critical flaws—CVE-2025-26521 and CVE-2025-47713.Shape Blue
June 11, 2025 – Vulnerabilities
Google Chrome security advisory (AV25-336) - Canadian Centre for Cyber Security Full Text
Abstract
Government of Canada
June 11, 2025 – Vulnerabilities
Security Vulnerabilities Patched in Mozilla Firefox Versions Prior to 139.0.4 Full Text
Abstract
On June 10, 2025, Mozilla released a security advisory addressing vulnerabilities in Firefox. The affected versions include all releases prior to Firefox 139.0.4. Users and administrators are urged to update to the latest version.Government of Canada
June 11, 2025 – Malware
Rust-based Myth Stealer Malware Spread via Fake Gaming Sites Targets Chrome, Firefox Users Full Text
Abstract
Cybersecurity researchers have identified a new Rust-based information stealer named Myth Stealer, distributed via fraudulent gaming websites and cracked software. The malware targets Chromium and Gecko-based browsers.The Hacker News
June 11, 2025 – Vulnerabilities
Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws Full Text
Abstract
Microsoft's June 2025 Patch Tuesday addresses 66 vulnerabilities, including one actively exploited and one publicly disclosed zero-day. Ten of the vulnerabilities are rated as Critical.Bleeping Computer
June 11, 2025 – Cryptocurrency
Hundreds of Russian devices hit by Rare Werewolf crypto-mining attacks Full Text
Abstract
A threat actor known as Rare Werewolf has launched a crypto-mining campaign targeting hundreds of devices in Russia, Belarus, and Kazakhstan. The attackers deploy the XMRig miner to hijack computing resources for Monero mining.The Record
June 11, 2025 – Breach
Birmingham, AL dermatologist notifies 86K people of data breach Full Text
Abstract
Dermatologists of Birmingham, operating under the name Shelby Dermatology and running two clinics in Birmingham and Alabaster, Alabama, has disclosed a data breach affecting 86,414 individuals.CompariTech
June 10, 2025 – Vulnerabilities
CVE-2025-4275: Insyde H2O UEFI Vulnerability Enables Certificate Injection via Unprotected NVRAM Variable Full Text
Abstract
A critical vulnerability (CVE-2025-4275) in Insyde H2O UEFI firmware allows attackers to inject unauthorised digital certificates via an unprotected NVRAM variable. This flaw enables the execution of arbitrary firmware during the early boot process.CERT
June 10, 2025 – Vulnerabilities
Critical Vulnerabilities in Ivanti Workspace Control Allow Credential Decryption via Hardcoded Keys Full Text
Abstract
Ivanti has released critical patches for three high-severity vulnerabilities in its Workspace Control software. These flaws are identified as CVE-2025-5353, CVE-2025-22463, and CVE-2025-22455.Ivanti
June 10, 2025 – Vulnerabilities
Critical Privilege Escalation and Remote Code Execution Vulnerability in ISPConfig 3.2.12p1 Full Text
Abstract
A critical vulnerability in ISPConfig version 3.2.12p1 enables authenticated attackers to escalate privileges to superadmin and execute arbitrary PHP code remotely. ISPConfig segregates users into clients, resellers, admins, and a unique superadmin.SSD Disclosure
June 9, 2025 – Vulnerabilities
New Salesforce SOQL Injection 0-Day Vulnerability Exposes Millions of Deployments Full Text
Abstract
A critical SOQL injection vulnerability was discovered in Salesforce's default Aura controller, potentially exposing millions of user records across thousands of deployments.Cyber Express
June 9, 2025 – Vulnerabilities
NICKNAME: Zero-Click iMessage Exploit Targeted Key Figures in US, EU Full Text
Abstract
A critical zero-click vulnerability in Apple’s iMessage service, dubbed NICKNAME, has been discovered and exploited in targeted attacks against high-value individuals in the US and EU.HackRead
June 9, 2025 – Phishing
Over 20 Malicious Apps on Google Play Target Users for Seed Phrases Full Text
Abstract
A coordinated phishing campaign has been discovered on the Google Play Store, involving over 20 malicious Android applications impersonating popular cryptocurrency wallets. These apps are designed to steal users’ 12-word mnemonic phrases.HackRead
June 9, 2025 – Phishing
Malware found in NPM packages with 1 million weekly downloads Full Text
Abstract
A major supply chain attack has compromised 16 popular Gluestack 'react-native-aria' packages on NPM, affecting nearly 960,000 weekly downloads. The attack involves the injection of obfuscated remote access trojan (RAT) code.Bleeping Computer
June 9, 2025 – Vulnerabilities
Critical Path Traversal and RCE Vulnerabilities Patched in Metasploit 6.4.68 Update Full Text
Abstract
Rapid 7
June 9, 2025 – Breach
Tax resolution firm Optima Tax Relief hit by ransomware, data leaked Full Text
Abstract
Optima Tax Relief, a prominent U.S.-based tax resolution firm, has been targeted in a ransomware attack by the Chaos ransomware gang. The attackers employed a double-extortion strategy, encrypting servers and exfiltrating sensitive data.Bleeping Computer
June 7, 2025 – Malware
New Rust-Developed InfoStealer Drains Sensitive Data from Chromium-Based Browsers Full Text
Abstract
A newly discovered Rust-based malware, dubbed RustStealer, poses a significant threat to users of Chromium-based browsers like Google Chrome and Microsoft Edge. It extracts sensitive data such as login credentials, cookies, and browsing history.GBHackers
June 7, 2025 – Vulnerabilities
Microsoft Unveils European Security Effort to Disrupt Cybercrime Networks Full Text
Abstract
A critical heap-based buffer overflow vulnerability, tracked as CVE-2025-24993, has been discovered in the Windows NTFS driver. Actively exploited as a zero-day, this flaw allows attackers to execute arbitrary code.GBHackers
June 7, 2025 – Vulnerabilities
Jenkins Gatling Plugin Vulnerability Addressed in Security Advisory AV25-321 Full Text
Abstract
On June 6, 2025, Jenkins published a security advisory addressing a vulnerability in the Gatling Plugin. The Canadian Centre for Cyber Security (CCCS) urges users and administrators to apply the necessary updates to mitigate potential risks.Government of Canada
June 7, 2025 – Breach
Sensata notifies victims of ransomware data breach that compromised SSNs, financial and medical info Full Text
Abstract
Sensata Technologies, a U.S.-based industrial tech firm, has disclosed a ransomware attack that compromised sensitive personal data, including Social Security numbers, financial account details, and medical information.CompariTech
June 7, 2025 – Vulnerabilities
Critical Fortinet flaws now exploited in Qilin ransomware attacks Full Text
Abstract
Qilin RaaS is now exploiting two critical Fortinet vulnerabilities—CVE-2024-21762 and CVE-2024-55591—to bypass authentication and deploy ransomware. These impacted high-profile organizations and are currently targeting Spanish-speaking countriesBleeping Computer
June 7, 2025 – Vulnerabilities
Critical RCE Flaw Found in HPE Insight Remote Support Tool Full Text
Abstract
Hewlett-Packard Enterprise (HPE) has released a critical security update addressing three high-severity vulnerabilities in its Insight Remote Support (IRS) software, versions prior to 7.15.0.646.GBHackers
June 7, 2025 – Vulnerabilities
Critical FreeRTOS-Plus-TCP Flaw Allows Code Execution or System Crash Full Text
Abstract
A critical memory corruption vulnerability, tracked as CVE-2025-5688 and rated 8.4 (High) on the CVSS scale, has been identified in FreeRTOS-Plus-TCP, Amazon’s open-source TCP/IP stack used in embedded and IoT devices.GBHackers
June 7, 2025 – Vulnerabilities
Critical RCE Vulnerability in AWS Amplify Studio – PoC Now Public Full Text
Abstract
A critical remote code execution (RCE) vulnerability, tracked as CVE-2025-4318 and rated 9.5 on the CVSS scale, has been disclosed in the @aws-amplify/codegen-ui package used by AWS Amplify Studio.GBHackers
June 7, 2025 – Vulnerabilities
PoC Exploit Released for Apache Tomcat HTTP/2 DoS Vulnerability CVE-2025-31650 Full Text
Abstract
A critical memory leak vulnerability in Apache Tomcat’s HTTP/2 implementation (CVE-2025-31650) has been weaponized, enabling unauthenticated denial-of-service (DoS) attacks via malformed priority headers.NIST
June 7, 2025 – Criminals
Paste.ee Abuse Uncovered: XWorm & AsyncRAT Infrastructure Full Text
Abstract
Cybercriminals are exploiting the trusted text-sharing platform Paste.ee to deliver sophisticated malware strains, including XWorm and AsyncRAT. These campaigns leverage phishing emails and social engineering to distribute malicious payloads.Hunt
June 5, 2025 – Vulnerabilities
Critical Vulnerabilities in Dell PowerScale OneFS Allow Unauthorized Remote and Local Access Full Text
Abstract
Dell Technologies has released a critical security advisory (DSA-2025-208) addressing multiple flaws in its PowerScale OneFS. The most severe, CVE-2024-53298, allows unauthenticated remote attackers to access and manipulate the file system.GBHackers
June 5, 2025 – Phishing
Rhadamanthys Infostealer Delivered via Copyright-Themed Phishing Campaign Targeting Europe Full Text
Abstract
Since April 2025, the campaign has been opportunistically targeting entities in Albania, Austria, Bulgaria, Germany, Greece, Hungary, Ireland, Israel, Italy, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, and the United Kingdom.KnowBe4
June 5, 2025 – Malware
Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine Full Text
Abstract
Researchers observed the deployment of PathWiper via a legitimate endpoint administration framework. The attackers likely had access to the admin console, which was used to push both the VBScript and the PathWiper executable to the endpoints.Talos Intelligence
June 5, 2025 – Vulnerabilities
Cisco warns of ISE and CCP flaws with public exploit code Full Text
Abstract
Cisco has released patches for three vulnerabilities in its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP), all of which have public proof-of-concept exploit code.Bleeping Computer
June 5, 2025 – Attack
Ukraine’s military intelligence claims cyberattack on Russian strategic bomber maker Full Text
Abstract
Ukraine’s military intelligence agency (HUR) has claimed responsibility for a cyberattack on Russia’s state-owned aircraft manufacturer Tupolev. The operation reportedly resulted in the exfiltration of over 4.4 GB of sensitive data.The Record
June 5, 2025 – Phishing
Hive0131 Targets Colombian Users with DCRat Banking Trojan via Phishing Campaigns Full Text
Abstract
A financially motivated threat group, Hive0131, has launched a targeted phishing campaign in Colombia, impersonating the Judiciary of Colombia to distribute the DCRat banking trojan.GBHackers
June 5, 2025 – Malware
Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloads Full Text
Abstract
A new variant of the Chaos RAT, an open-source remote access trojan written in Golang and inspired by frameworks like Cobalt Strike and Sliver, is actively targeting both Windows and Linux systems.The Hacker News
June 5, 2025 – Vulnerabilities
Thousands of Internet-Exposed Solar Power Devices Pose Critical Infrastructure Risk Full Text
Abstract
These devices, manufactured by 42 different vendors, include essential components for solar energy operations and are often exposed due to poor asset visibility and management.Cybersecurity Dive
June 5, 2025 – Malware
What 17,845 GitHub Repos Taught Us About Malicious MCP Servers Full Text
Abstract
A recent audit of nearly 18,000 Model Context Protocol (MCP) servers on GitHub revealed that 1,408 repositories may have been intentionally designed for malicious purposes.Virus Total
June 5, 2025 – Phishing
Malicious GitHub Repositories Impersonate Malware Tools and Game Cheats to Distribute Backdoors Full Text
Abstract
Cybersecurity researchers have uncovered a widespread campaign involving over 130 malicious GitHub repositories created by a threat actor using the alias "ischhfd83." These repositories impersonated malware tools and game cheats to lure users.Infosecurity Magazine
June 3, 2025 – Vulnerabilities
Critical Vulnerabilities in ABB Welcome IP-Gateway Products (AV25-311) Full Text
Abstract
On June 2, a security advisory was issued addressing critical vulnerabilities in ABB Welcome IP-Gateway product line. The vulnerabilities could potentially allow unauthorized access or other malicious activity within industrial control systems.Government of Canada
June 3, 2025 – Breach
North Carolina clinics notify 23K people of data breach; SSNs, financial and medical info leaked Full Text
Abstract
Compassion Health Care (CHC), a healthcare provider in North Carolina, has disclosed a ransomware attack that compromised the personal and medical data of 23,282 individuals.CompariTech
June 3, 2025 – Phishing
Fake Docusign Pages Deliver Multi-Stage NetSupport RAT Malware Full Text
Abstract
A sophisticated malware campaign has been uncovered that leverages spoofed DocuSign CAPTCHA verification pages to deliver the NetSupport RAT. It employs clipboard poisoning to trick users into executing malicious PowerShell scripts.Infosecurity Magazine
June 3, 2025 – Vulnerabilities
Multiple Vulnerabilities in SAP GuiXT Scripting Full Text
Abstract
Multiple critical vulnerabilities have been identified in SAP GuiXT scripting, enabling attackers to execute remote code, steal NTLM hashes, perform Client-Side Request Forgery (CSRF), and cause Denial-of-Service (DoS).SecLists
June 3, 2025 – Vulnerabilities
Safari XSS Vulnerability Exploits JavaScript TypeError Handling for Arbitrary Code Execution Full Text
Abstract
A novel cross-site scripting (XSS) technique has been identified in Safari that leverages JavaScript TypeError messages to execute arbitrary code. This method exploits Safari’s failure to escape embedded quotes in error messages.The Spanner
June 3, 2025 – Vulnerabilities
Lost in Resolution: Azure OpenAI’s DNS Resolution Issue Full Text
Abstract
A DNS misconfiguration in Azure OpenAI's domain resolution logic exposed a critical vulnerability that could have enabled cross-tenant data leaks and meddler-in-the-middle (MitM) attacks.Palo Alto Networks
June 3, 2025 – Malware
Android malware Crocodilus adds fake contacts to spoof trusted callers Full Text
Abstract
Crocodilus, a sophisticated Android malware, has evolved with new social engineering and evasion techniques. Initially observed in Turkey, it has now expanded globally, targeting users across all continents.Bleeping Computer
June 3, 2025 – Malware
Malicious NPM Packages Exploit Ethereum Wallets with Obfuscated JavaScript Full Text
Abstract
A new malware campaign is exploiting the NPM ecosystem to target Ethereum wallet users by distributing malicious packages with advanced JavaScript obfuscation techniques.GBHackers
June 3, 2025 – Ransomware
Lyrix Ransomware Targets Windows Users with Advanced Evasion Techniques Full Text
Abstract
A new ransomware variant named Lyrix is targeting Windows systems with advanced evasion and encryption techniques. It poses a significant threat to both individuals and enterprises by encrypting critical files and demanding cryptocurrency ransoms.GBHackers
June 3, 2025 – Vulnerabilities
New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch Full Text
Abstract
Google has released an emergency out-of-band update to patch a high-severity zero-day vulnerability (CVE-2025-5419) in its Chrome browser. The flaw, which affects the V8 JavaScript and WebAssembly engine, has been actively exploited in the wild.THe Hacker News
June 2, 2025 – Hacker
Pro-Ukraine hacker group Black Owl poses ‘major threat’ to Russia, Kaspersky says Full Text
Abstract
BO Team (Black Owl) is a pro-Ukraine hacktivist group that has emerged as a significant cyber threat to Russian state institutions and critical industries. BO Team employs a sophisticated and patient approach to cyberattacks.The Record
June 2, 2025 – Breach
Next Step Healthcare data breach leaks patients’ SSNs, medical records, and credit cards Full Text
Abstract
Next Step Healthcare, a provider of nursing and rehabilitation services in Massachusetts, experienced a ransomware attack in June 2024 that compromised sensitive patient data.CompariTech
June 2, 2025 – Malware
Acreed Emerges as Dominant Infostealer Threat Following Lumma Takedown Full Text
Abstract
Acreed, a new infostealer malware strain, has rapidly risen to prominence in the cybercriminal ecosystem following the global takedown of Lumma Stealer (LummaC2) in May 2025.Infosecurity Magazine
June 2, 2025 – Vulnerabilities
50,000+ Azure AD Users Exposed via Unsecured API: BeVigil Uncovers Critical Flaw Full Text
Abstract
A critical security vulnerability was discovered in an aviation company’s infrastructure. The flaw involved an unauthenticated API endpoint embedded in a JavaScript file, which issued Microsoft Graph tokens with elevated privileges.CloudSek
June 2, 2025 – Malware
Hackers Weaponize Free SSH Client PuTTY to Deliver Malware on Windows Full Text
Abstract
A new malware campaign exploits OpenSSH, which has been a default component in Windows since version 1803, to establish stealthy and persistent access on compromised systems.GBHackers
June 2, 2025 – Vulnerabilities
Qualcomm fixes three Adreno GPU zero-days exploited in attacks Full Text
Abstract
Qualcomm has released security patches addressing three zero-day vulnerabilities in its Adreno GPU drivers—CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038—that are currently under active exploitation in targeted attacks.Bleeping Computer
June 2, 2025 – Criminals
Police takes down AVCheck site used by cybercriminals to scan malware Full Text
Abstract
An international law enforcement operation has dismantled AVCheck, a major Counter Antivirus (CAV) service used by cybercriminals to test malware against commercial antivirus solutions.Bleeping Computer
June 2, 2025 – Denial Of Service
DDoS incident disrupts internet for thousands in Moscow Full Text
Abstract
A significant Distributed Denial-of-Service (DDoS) attack targeted Russian internet service provider ASVT, disrupting internet access for tens of thousands of residents in Moscow and surrounding areas.The Record
June 2, 2025 – Vulnerabilities
Severe Vulnerabilities in Consilium CS5000 Fire Panels Allow Remote System Takeover Full Text
Abstract
On May 29, 2025, CISA issued alert ICSA-25-148-03 disclosing two critical vulnerabilities in the Consilium Safety CS5000 Fire Panel, a widely used industrial control system in safety-critical environments.GBHackers
June 2, 2025 – Criminals
U.S. DoJ Seizes 4 Domains Supporting Cybercrime Crypting Services in Global Operation Full Text
Abstract
On May 27, 2025, a coordinated international law enforcement operation led by the DoJ, in collaboration with Dutch and Finnish authorities, resulted in the seizure of three publicly disclosed domains—AvCheck[.]net, Cryptor[.]biz, and Crypt[.]guru.The Hacker News