Schneier on Security
JUNE 13, 2025
Paragon is a Israeli spyware company, increasingly in the news (now that NSO Group seems to be waning). “Graphite” is the name of their product. Citizen Lab caught them spying on multiple European journalists with a zero-click iOS exploit: On April 29, 2025, a select group of iOS users were notified by Apple that they were targeted with advanced spyware.
The Hacker News
JUNE 13, 2025
Apple has disclosed that a now-patched security flaw present in its Messages app was actively exploited in the wild to target civil society members in sophisticated cyber attacks. The vulnerability, tracked as CVE-2025-43200, was addressed on February 10, 2025, as part of iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, watchOS 11.3.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
WIRED Threat Level
JUNE 13, 2025
Army intelligence analysts are monitoring civilian-made ICE tracking tools, treating them as potential threats, as immigration protests spread nationwide.
Adam Shostack
JUNE 13, 2025
But what about the essence and beauty? Recently, friends at IriusRisk told me about someone who was really focused on the “beauty and essence of threat modeling” when done by smart people at a whiteboard. That person was skeptical about automation, because it threatens that beauty. And the first thing I want to say is: my friend, I feel you. When a threat modeling session really comes together, there’s a magic to the chance to connect, teach, learn, and influence.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
WIRED Threat Level
JUNE 13, 2025
Customs and Border Protection flying powerful Predator B drones over Los Angeles further breaks the seal on federal involvement in civilian matters typically handled by state or local authorities.
Security Affairs
JUNE 13, 2025
Fog ransomware operators used in a May 2025 attack unusual pentesting and monitoring tools, Symantec researchers warn. In May 2025, attackers hit an Asian financial firm with Fog ransomware , using rare tools like Syteca monitoring software and pentesting tools GC2, Adaptix, and Stowaway. Symantec researchers pointed out that the use of these tools is unusual for ransomware campaigns.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
The Last Watchdog
JUNE 13, 2025
Paris, Jun. 3, 2025, CyberNewswire– Arsen , the cybersecurity startup known for defending organizations against social engineering threats, has announced the release of its new Vishing Simulation module, a cutting-edge tool designed to train employees against one of the fastest-growing attack vectors: voice phishing (vishing). This new module uses AI-generated voices and adaptive dialogue systems to simulate live phone-based social engineering attacks — such as those impersonating IT suppo
The Hacker News
JUNE 13, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday disclosed that ransomware actors are targeting unpatched SimpleHelp Remote Monitoring and Management (RMM) instances to compromise customers of an unnamed utility billing software provider.
Zero Day
JUNE 13, 2025
X Trending Miss out on Nintendo Switch 2 preorders? Here's how to buy one Nintendo Switch 2 revealed: Specs, pricing, release date (out now), and more official details The $700 Android phone that made me forget about my Pixel 9 Pro Best small business web hosting services of 2025 Memorial Day headphone sales 2025 Best Linux VPNs of 2025 Best online video editors of 2025 Best CRM software of 2025 Best small business CRM software of 2025 Best free website builders of 2025 Best website builder
Google Security
JUNE 13, 2025
Posted by Google GenAI Security Team With the rapid adoption of generative AI, a new wave of threats is emerging across the industry with the aim of manipulating the AI systems themselves. One such emerging attack vector is indirect prompt injections. Unlike direct prompt injections, where an attacker directly inputs malicious commands into a prompt, indirect prompt injections involve hidden malicious instructions within external data sources.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Tech Republic Security
JUNE 13, 2025
Security researchers uncovered “EchoLeak,” a zero-click flaw in Microsoft 365 Copilot, exposing sensitive data without user action. Microsoft has mitigated the vulnerability.
The Hacker News
JUNE 13, 2025
Introduction: Security at a Tipping Point Security Operations Centers (SOCs) were built for a different era, one defined by perimeter-based thinking, known threats, and manageable alert volumes. But today’s threat landscape doesn’t play by those rules. The sheer volume of telemetry, overlapping tools, and automated alerts has pushed traditional SOCs to the edge.
Graham Cluley
JUNE 13, 2025
Bert is a recently-discovered strain of ransomware that encrypts victims' files and demands a payment for the decryption key. Read more in my article on the Fortra blog.
Tech Republic Security
JUNE 13, 2025
INTERPOL partnered with Group-IB, Kaspersky, and Trend Micro to take down a cybercrime network. They alerted more than 216,000 individuals and organizations that were possible victims.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
NetSpi Executives
JUNE 13, 2025
TL;DR Indirect prompt injection is a security threat where attackers hide malicious instructions in content that AI systems will later read such as email footers, PDFs, or web pages. Unlike direct attacks, these require no user interaction and are hard to detect. When AI tools like Microsoft 365 Copilot process this poisoned content, they treat the hidden commands as legitimate instructions, potentially leaking sensitive data or performing unauthorized actions.
Security Affairs
JUNE 13, 2025
Trend Micro fixed multiple vulnerabilities that impact its Apex Central and Endpoint Encryption (TMEE) PolicyServer products. Trend Micro address remote code execution and authentication bypass vulnerabilities impacting its Endpoint Encryption (TMEE) PolicyServer and Apex Central solutions. Trend Micro Endpoint Encryption PolicyServer is a centralized management server used in Trend Micro’s Endpoint Encryption solution.
Penetration Testing
JUNE 13, 2025
Ricoh warns of critical flaws in Streamline NX V3, including a CVSS 9.8 path traversal (CVE-2025-46783) allowing remote SYSTEM-level code execution.
Security Affairs
JUNE 13, 2025
Apple confirmed that a security flaw in its Messages app was actively exploited in the wild to target journalists with Paragon’s Graphite spyware. Apple confirmed that a now-patched vulnerability, tracked as CVE-2025-43200, in its Messages app was actively exploited in the wild to target journalists with Paragon’s Graphite spyware. The IT giant addressed the flaw CVE-2025-43200 on February 10, 2025, with the release of iOS 18.3.1, iPadOS 18.3.1 , iPadOS 17.7.5 , macOS Sequoia 15.3.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Tech Republic Security
JUNE 13, 2025
Cybersecurity professional organization ISC2 found hiring managers prize teamwork, problem-solving, and analytical thinking in early-career employees.
Security Boulevard
JUNE 13, 2025
Aim Security researchers found a zero-click vulnerability in Microsoft 365 Copilot that could have been exploited to have AI tools like RAG and AI agents hand over sensitive corporate data to attackers simply by issuing a request for the information in a specially worded email. Microsoft fixed the security flaw. The post Zero-Click Flaw in Microsoft Copilot Illustrates AI Agent, RAG Risks appeared first on Security Boulevard.
Zero Day
JUNE 13, 2025
X Trending Miss out on Nintendo Switch 2 preorders? Here's how to buy one Nintendo Switch 2 revealed: Specs, pricing, release date (out now), and more official details The $700 Android phone that made me forget about my Pixel 9 Pro Best small business web hosting services of 2025 Memorial Day headphone sales 2025 Best Linux VPNs of 2025 Best online video editors of 2025 Best CRM software of 2025 Best small business CRM software of 2025 Best free website builders of 2025 Best website builder
Graham Cluley
JUNE 13, 2025
Lucky Erasmus and a company insider installed software without authorisation on Ecentric's systems which granted them remote access, enabling them to steal sensitive data and make unauthorised changes to senior managers' passwords. Read more in my article on the Hot for Security blog.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Boulevard
JUNE 13, 2025
Insight No. 1 — The great CISO exodus: Why your top defenders are planning a silent escape What happens when your most critical security minds are quietly planning their exit? With 53% of cyber leaders exploring new roles , the cybersecurity industry faces a silent attrition problem rooted in the very nature of the job. The struggle to quantify success when risk is mitigated, coupled with persistent burnout and role uncertainty, leaves many feeling undervalued and unheard.
Security Affairs
JUNE 13, 2025
Cyberattack on United Natural Foods Inc. (UNFI) disrupts deliveries, causing Whole Foods shortages nationwide after systems were taken offline on June 5. United Natural Foods, Inc. ( UNFI ) is a Providence, Rhode Island–based natural and organic food company. The largest publicly traded wholesale distributor of health and specialty food in the United States and Canada, it is Whole Foods Market ‘s main supplier, with their traffic making up over a third of its revenue in 2018.
Security Boulevard
JUNE 13, 2025
Discover the capabilities of Microsoft 365 Data Loss Prevention (DLP) and understand its limitations. Learn how to prevent unauthorized data access and sharing. The post Microsoft Data Loss Prevention (DLP): Tips to Protect Your Business Following the Latest Outage appeared first on Security Boulevard.
Penetration Testing
JUNE 13, 2025
"EchoLeak," a new AI zero-click vulnerability, allowed data exfiltration from Microsoft 365 Copilot via sophisticated prompt injection. Microsoft has patched the flaw.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Boulevard
JUNE 13, 2025
Uncover the hidden risks of Shadow AI and learn 8 key strategies to address it. The post Shadow AI: Examples, Risks, and 8 Ways to Mitigate Them appeared first on Security Boulevard.
Zero Day
JUNE 13, 2025
X Trending Miss out on Nintendo Switch 2 preorders? Here's how to buy one Nintendo Switch 2 revealed: Specs, pricing, release date (out now), and more official details The $700 Android phone that made me forget about my Pixel 9 Pro Best small business web hosting services of 2025 Memorial Day headphone sales 2025 Best Linux VPNs of 2025 Best online video editors of 2025 Best CRM software of 2025 Best small business CRM software of 2025 Best free website builders of 2025 Best website builder
Security Boulevard
JUNE 13, 2025
While we talk a lot on this site about the US Government’s various cybersecurity frameworks, like FedRAMP and CMMC, there’s one significant framework that deserves just as much attention: ISO 27001. ISO 27001, being an ISO standard, is an international framework for cybersecurity divorced from any one country’s government. It’s a way for businesses operating […] The post ISO 27001 Risk Register Setup: Step-by-Step Guide appeared first on Security Boulevard.
Zero Day
JUNE 13, 2025
X Trending Miss out on Nintendo Switch 2 preorders? Here's how to buy one Nintendo Switch 2 revealed: Specs, pricing, release date (out now), and more official details The $700 Android phone that made me forget about my Pixel 9 Pro Best small business web hosting services of 2025 Memorial Day headphone sales 2025 Best Linux VPNs of 2025 Best online video editors of 2025 Best CRM software of 2025 Best small business CRM software of 2025 Best free website builders of 2025 Best website builder
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
279 
Let's personalize your content