The Hacker News
JUNE 12, 2025
A novel attack technique named EchoLeak has been characterized as a "zero-click" artificial intelligence (AI) vulnerability that allows bad actors to exfiltrate sensitive data from Microsoft 365 Copilot's context sans any user interaction. The critical-rated vulnerability has been assigned the CVE identifier CVE-2025-32711 (CVSS score: 9.3).
WIRED Threat Level
JUNE 12, 2025
Law enforcement has more tools than ever to track your movements and access your communications. Here’s how to protect your privacy if you plan to protest.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
JUNE 12, 2025
This is news : A data broker owned by the country’s major airlines, including Delta, American Airlines, and United, collected U.S. travellers’ domestic flight records, sold access to them to Customs and Border Protection (CBP), and then as part of the contract told CBP to not reveal where the data came from, according to internal CBP documents obtained by 404 Media.
The Hacker News
JUNE 12, 2025
Cybersecurity researchers have discovered a novel attack technique called TokenBreak that can be used to bypass a large language model's (LLM) safety and content moderation guardrails with just a single character change.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Kali Linux
JUNE 12, 2025
We’re almost half way through 2025 already, and we’ve got a lot to share with you in this release, Kali 2025.2. The summary of the changelog since the 2025.1 release from March is: Desktop Updates - Kali-Menu refresh, GNOME 48 & KDE 6.3 updates BloodHound Community Edition - Major upgrade with full set of ingestors Kali NetHunter Smartwatch Wi-Fi Injection - TicWatch Pro 3 now able to de-authenticate and capture WPA2 handshakes Kali NetHunter CARsenal - Car hacking tool set!
The Last Watchdog
JUNE 12, 2025
In today’s digital enterprise, API-driven infrastructure is the connective tissue holding everything together. Related: The DocuSign API-abuse hack From mobile apps to backend workflows, APIs are what keep digital services talking—and scaling. But this essential layer of connectivity is also where attackers are gaining traction, often quietly and with alarming precision.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
The Hacker News
JUNE 12, 2025
ConnectWise has disclosed that it's planning to rotate the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise remote monitoring and management (RMM) executables due to security concerns. The company said it's doing so "due to concerns raised by a third-party researcher about how ScreenConnect handled certain configuration data in earlier versions.
Troy Hunt
JUNE 12, 2025
It's time to fly! It's two months to the day since we came back from the last European trip, again spending the time with some of the agencies and partners we've fostered at HIBP over the years. This time, it's the driving tour I talked about earlier last month , and we have absolutely jam-packed it! But hey, it's a part of the world I love driving in, it's summer over there (I know, it's a bit upside-down in that half of the world), and there are lots of cool
Graham Cluley
JUNE 12, 2025
The spate of cyber attacks impacting the retail industry continues, with the latest victim being United Natural Foods (UNFI), which supplies organic produce to Whole Foods, Amazon, Target, and Walmart, amongst many others. Read more in my article on the Hot for Security blog.
NSTIC
JUNE 12, 2025
The NICE Workforce Framework for Cybersecurity ( NICE Framework) was revised in November 2020 as NIST Special Publication 800-181 rev.1 to enable more effective and rapid updates to the NICE Framework Components, including how the advent of emerging technologies would impact cybersecurity work. NICE has been actively engaging in conversations with: federal departments and agencies; industry; education, training, and certification providers; and international representatives to understand how Art
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Penetration Testing
JUNE 12, 2025
Mozilla has issued an urgent update for Firefox, patching two critical memory corruption flaws (CVSS 9.8) that could allow remote code execution. Update now!
Security Affairs
JUNE 12, 2025
Security researchers at Citizen Lab revealed that Paragon’s Graphite spyware can hack fully updated iPhones via zero-click attacks. Citizen Lab has confirmed that Paragon’s Graphite spyware was used to hack fully updated iPhones, targeting at least two journalists in Europe. The group found forensic evidence showing the phones had communicated with the same spyware server.
Penetration Testing
JUNE 12, 2025
A high-severity flaw (CVE-2025-4922) in HashiCorp Nomad allows privilege escalation via ACL policy lookup. Upgrade to Nomad 1.10.2 (or later) immediately.
The Hacker News
JUNE 12, 2025
AI is changing everything — from how we code, to how we sell, to how we secure. But while most conversations focus on what AI can do, this one focuses on what AI can break — if you’re not paying attention. Behind every AI agent, chatbot, or automation script lies a growing number of non-human identities — API keys, service accounts, OAuth tokens — silently operating in the background.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Boulevard
JUNE 12, 2025
The post 7 Steps to Developing a Cybersecurity Strategy appeared first on AI Security Automation. The post 7 Steps to Developing a Cybersecurity Strategy appeared first on Security Boulevard.
Penetration Testing
JUNE 12, 2025
BrowserVenom malware is spreading via fake DeepSeek-R1 Google Ads, installing a proxy implant that hijacks all browser traffic. Beware of fake LLM installers.
Security Boulevard
JUNE 12, 2025
As your business grows, so do the risks. Regulatory requirements pile up, and new attack methods evolve. At some point or other, you’re left wondering: Is it time to invest in Continuous Security Monitoring (CSM) tools? This is where the decision-making process starts to get tricky. On one hand, the cost of a good CSM […] The post Top 12 Continuous Security Monitoring (CSM) Tools for Proactive Defense appeared first on Centraleyes.
Penetration Testing
JUNE 12, 2025
Moxa warns of a high-severity DoS flaw (CVE-2024-9404) in PT-G7728/7828 industrial switches, allowing remote crashes. Update firmware or disable affected services.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Security Boulevard
JUNE 12, 2025
AttackIQ has released an updated attack graph in response to the recently revised CISA Advisory (AA23-352A) which disseminates Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) associated with the Play Ransomware group, identified through FBI investigations as recently as May 2025. The post Updated Response to CISA Advisory (AA23-352A): #StopRansomware: Play Ransomware appeared first on AttackIQ.
Penetration Testing
JUNE 12, 2025
CISA warns of active exploitation of a SimpleHelp RMM flaw (CVE-2024-57727) by ransomware actors, impacting utility billing software providers and their customers.
Security Affairs
JUNE 12, 2025
Over 40,000 internet-exposed security cameras worldwide are vulnerable to remote hacking, posing serious privacy and security risks. Bitsight warns that over 40,000 security cameras worldwide are exposed to remote hacking due to unsecured HTTP or RTSP (Real-Time Streaming Protocol) access. These cameras stream live feeds openly via IP addresses, making them easy targets for spying, cyberattacks, extortion, and stalking, posing major privacy and security threats.
The Hacker News
JUNE 12, 2025
Human identities management and control is pretty well done with its set of dedicated tools, frameworks, and best practices. This is a very different world when it comes to Non-human identities also referred to as machine identities. GitGuardian’s end-to-end NHI security platform is here to close the gap.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
JUNE 12, 2025
Two vulnerabilities in SinoTrack GPS devices can allow remote vehicle control and location tracking by attackers, US CISA warns. U.S. CISA warns of two vulnerabilities in SinoTrack GPS devices that remote attackers can exploit to access a vehicle’s device profile without permission. The researchers warn that potential exploitation could allow attackers to track its location or even cut power to the fuel pump, depending on the model. “Successful exploitation of these vulnerabilities could a
Penetration Testing
JUNE 12, 2025
The post Critical Path Traversal Vulnerability (CVSS 9.8) Exposes Mitel MiCollab Servers to Unauthorized Access appeared first on Daily CyberSecurity.
Graham Cluley
JUNE 12, 2025
Swedish Prime Minister Ulf Kristersson says his country is under attack, after days of hard-hitting DDoS attacks against SVT Sweden's public TV broadcaster, government websites, and other key organisations.
Penetration Testing
JUNE 12, 2025
Bosch warns of a critical RCE flaw (CVSS 10.0, CVE-2025-29902) in Telex RDC Server and RTS VLink, allowing unauthenticated remote code execution. Patch immediately!
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
JUNE 12, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Wazuh, and WebDAV flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added ASUS RT-AX55 devices, Craft CMS, and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: CVE-2025-24016 (CVSS score 9.9) Wazuh Server Deserialization of Untrusted Data Vulnerability CVE-2025-33053 (CVSS score 8
Penetration Testing
JUNE 12, 2025
A medium-severity flaw (CVE-2025-41234) in Spring Framework allows Reflected File Download (RFD) attacks. Update to 6.2.8, 6.1.21, or 6.0.
Security Boulevard
JUNE 12, 2025
Your weakest link doesn’t have to stay weak. Rethink file data management strategy today to secure your organization’s data—and trust. The post File Data: The Hidden Ransomware Threat Costing Enterprises Millions appeared first on Security Boulevard.
Penetration Testing
JUNE 12, 2025
A flaw (CVE-2025-49146) in PostgreSQL JDBC Driver allows MITM attacks even with channel binding enabled. Upgrade to v42.7.7 or use sslMode=verify-full.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
138 
Let's personalize your content