Monthly Archives: June 2025

New Malware Campaign Uses Cloudflare Tunnels to Deliver RATs via Phishing Chains

A new campaign is making use of Cloudflare Tunnel subdomains to host malicious payloads and...

18
Jun
1,500+ Minecraft Players Infected by Java Malware Masquerading as Game Mods on GitHub

A new multi-stage malware campaign is targeting Minecraft users with a Java-based malware that employs...

18
Jun
Now Available: NIST NCCoE Chatbot Internal Report
June 18, 2025

The NIST National Cybersecurity Center of Excellence (NCCoE) has published NIST Internal Report (IR) 8579,...

FedRAMP at Startup Speed: Lessons Learned

For organizations eyeing the federal market, FedRAMP can feel like a gated fortress. With strict...

18
Jun
Water Curse Hijacks 76 GitHub Accounts to Deliver Multi-Stage Malware Campaign

Cybersecurity researchers have exposed a previously unknown threat actor known as Water Curse that relies...

18
Jun
Ex-CIA Analyst Sentenced to 37 Months for Leaking Top Secret National Defense Documents

A former U.S. Central Intelligence Agency (CIA) analyst has been sentenced to little more than...

18
Jun
CISA Warns of Active Exploitation of Linux Kernel Privilege Escalation Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed a security flaw impacting...

18
Jun
Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication

Veeam has rolled out patches to contain a critical security flaw impacting its Backup &...

18
Jun
Iran Slows Internet to Prevent Cyber Attacks Amid Escalating Regional Conflict

Iran has throttled internet access in the country in a purported attempt to hamper Israel’s...

18
Jun
Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor

A now-patched security flaw in Google Chrome was exploited as a zero-day by a threat...

17
Jun
LangSmith Bug Could Expose OpenAI Keys and User Data via Malicious Agents

Cybersecurity researchers have disclosed a now-patched security flaw in LangChain’s LangSmith platform that could be...

17
Jun
Silver Fox APT Targets Taiwan with Complex Gh0stCringe and HoldingHands RAT Malware

Cybersecurity researchers are warning of a new phishing campaign that’s targeting users in Taiwan with...

17
Jun
Google Warns of Scattered Spider Attacks Targeting IT Support Teams at U.S. Insurance Firms

The notorious cybercrime group known as Scattered Spider (aka UNC3944) that recently targeted various U.K....

17
Jun
New NIST 5G Cybersecurity White Paper – Network Security Design Principles
June 17, 2025

The National Cybersecurity Center of Excellence (NCCoE) has published the sixth white paper in its...

Are Forgotten AD Service Accounts Leaving You at Risk?

For many organizations, Active Directory (AD) service accounts are quiet afterthoughts, persisting in the background...

17
Jun
Hard-Coded ‘b’ Password in Sitecore XP Sparks Major RCE Risk in Enterprise Deployments

Cybersecurity researchers have disclosed three security flaws in the popular Sitecore Experience Platform (XP) that...

17
Jun
Backups Are Under Attack: How to Protect Your Backups

Ransomware has become a highly coordinated and pervasive threat, and traditional defenses are increasingly struggling...

17
Jun
New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks

Cybersecurity researchers have called attention to a new campaign that’s actively exploiting a recently disclosed...

17
Jun
TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw...

17
Jun
Meta Starts Showing Ads on WhatsApp After 6-Year Delay From 2018 Announcement

Meta Platforms on Monday announced that it’s bringing advertising to WhatsApp, but emphasized that the...

17
Jun
U.S. Seizes $7.74M in Crypto Tied to North Korea’s Global Fake IT Worker Network

The U.S. Department of Justice (DoJ) said it has filed a civil forfeiture complaint in...

16
Jun
Anubis Ransomware Encrypts and Wipes Files, Making Recovery Impossible Even After Payment

An emerging ransomware strain has been discovered incorporating capabilities to encrypt files as well as...

16
Jun
âš¡ Weekly Recap: iPhone Spyware, Microsoft 0-Day, TokenBreak Hack, AI Data Leaks and More

Some of the biggest security problems start quietly. No alerts. No warnings. Just small actions...

16
Jun
Playbook: Transforming Your Cybersecurity Practice Into An MRR Machine

Introduction The cybersecurity landscape is evolving rapidly, and so are the cyber needs of organizations...

16
Jun
Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that’s...

16
Jun
Discord Invite Link Hijacking Delivers AsyncRAT and Skuld Stealer Targeting Crypto Wallets

A new malware campaign is exploiting a weakness in Discord’s invitation system to deliver an...

14
Jun
Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month

Cybersecurity researchers are calling attention to a “large-scale campaign” that has been observed compromising legitimate...

13
Jun
Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday disclosed that ransomware actors are...

13
Jun
CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk

Introduction: Security at a Tipping Point Security Operations Centers (SOCs) were built for a different...

13
Jun
Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware

Apple has disclosed that a now-patched security flaw present in its Messages app was actively...

13
Jun