IT Security News Daily Summary 2025-06-12

162 posts were published in the last hour

21:5 : Paragon Graphite Spyware used a zero-day exploit to hack at least two journalists’ iPhones
21:4 : WiredBucks – 918,529 breached accounts
20:32 : Datadog AI agent observability, security seek to boost trust
20:32 : OffensiveCon25 – Keynote: Automating Your Job? The Future Of AI and Exploit Development
20:32 : Randall Munroe’s XKCD ‘Neighbor-Source Heat Pump’
20:32 : LinuxFest Northwest: LFNW 2025: In The Beginning…
20:7 : Secure Your Enterprise with Robust DNS: A Guide to NIST SP 800-81r3
20:7 : Cybercriminals Exploiting Expired Discord Invite Links to Deploy Multi-Stage Malware
20:7 : How to Protest Safely in the Age of Surveillance
20:5 : IT Security News Hourly Summary 2025-06-12 21h : 8 posts
19:37 : Micron Increases US Investment Amid Trump Onshoring Drive
19:37 : Threat Actors Exploit DeepSeek-R1 Popularity to Target Windows Device Users
19:4 : OpenPGP.js Vulnerability Allows Attackers to Bypass Message Signature Verification
19:4 : WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
18:34 : Know thyself, know thy environment
18:34 : Paragon Spyware Used To Target European Journalists, Warns Citizen Labs
18:34 : Windows Defender Bypass Using PowerShell and Registry Edits in CyberEYE RAT
18:34 : See How We’re Fortifying Cloud and AI at AWS re:Inforce 2025
18:7 : Social Media Is Now a DIY Alert System for ICE Raids
18:7 : Beware of Pig Butchering Scams That Steal Your Money
17:35 : AitM Phishing Attacks on Microsoft 365 and Google Aimed at Stealing Login Credentials
17:35 : How to delete your 23andMe data ASAP – and why you should
17:35 : How to craft an effective AI security policy for enterprises
17:35 : Apple fixes new iPhone zero-day bug used in Paragon spyware hacks
17:35 : Introducing the AWS Security Champion Knowledge Path and digital badge
17:5 : OneLogin AD Connector Vulnerabilities Expose Authentication Credentials
17:5 : Securing AI Agent Innovation with Prisma AIRS MCP Server
17:5 : CVE‑2025‑49113 – Post‑Auth Remote Code Execution in Roundcube via PHP Object Deserialization
17:5 : CVE-2024-21683 – Authenticated RCE via “Add a New Language” in Atlassian Confluence
17:5 : Researchers warn of ongoing Entra ID account takeover campaign
17:5 : IT Security News Hourly Summary 2025-06-12 18h : 10 posts
16:36 : Threat Actors Using Bat Files to Deploy Quasar RAT
16:36 : Will New AI Browser Dia Redefine How We Use the Web?
16:36 : Siemens SIMATIC S7-1500 CPU Family
16:36 : Siemens RUGGEDCOM APE1808
16:35 : CISA Releases Ten Industrial Control Systems Advisories
16:35 : Siemens Tecnomatix Plant Simulation
16:35 : AVEVA PI Web API
16:35 : DragonForce Ransomware Group – The Rise of a Relentless Cyber Threat in 2025
16:35 : Cloudflare Warns of DDoS Attacks Targeting Journalists and News Organizations
16:35 : Threat Actors Exploiting Expired Discord Invite Links to Deliver Multi-Stage Malware
16:35 : Cyber resilience begins before the crisis
16:19 : What’s New in Tripwire Enterprise 9.3?
16:19 : New Way to Track Covertly Android Users
16:19 : Airlines Secretly Selling Passenger Data to the Government
16:18 : Reimagining Integrity: Why the CIA Triad Falls Short
16:18 : Here’s How ‘Alert Fatigue’ Can Be Combated Using Neuroscience
16:18 : Kettering Health Ransomware Attack Linked to Interlock Group
15:35 : WhatsApp Supports Apple In Legal Battle With UK Government
15:35 : How Security Engineers Can Help Build a Strong Security Culture
15:35 : Scientists just took a big step toward the quantum internet
15:35 : Palo Alto Networks PAN-OS Vulnerability Enables Admin to Execute Root User Actions
15:35 : OpenPGP.js Vulnerability Let Attackers Spoof Message Signature Verification
15:35 : Threat Actors Leverages DeepSeek-R1 Popularity to Attack Users Running Windows Devices
15:35 : Microsoft Outlook’s New Two-Click View for Encrypted Emails Protects You From Accidental Exposure
15:34 : A New Digital Dawn for Syrian Tech Users
15:34 : Paragon ‘Graphite’ Spyware Linked to Zero-Click Hacks on Newest iPhones
15:34 : Turning Up the Heat on ATT&CK Heatmaps to Address Residual Risk
15:3 : Wordfence Intelligence Weekly WordPress Vulnerability Report (June 2, 2025 to June 8, 2025)
15:3 : 137,000 SoftBank Customers Affected by Data Leak from Third-Party Vendor
14:39 : Germany, Nvidia To Build AI Factories For Industrial Use
14:39 : Multiple GitLab Vulnerabilities Expose Users to Complete Account Takeover Risks
14:39 : SoftBank DataBreach – 137,000 Users Personal Data Exposed From Third-party Service Provider
14:39 : CyberEYE RAT Disable Windows Defender Using PowerShell and Registry Manipulations
14:39 : Microsoft Patched Windows Server 2025 Restart Bug that Disconnects AD Domain Controller
14:39 : Don’t Click ‘Unsubscribe’ Links Blindly It May Leads to Loss of Credentials
14:39 : Multiple GitLab Vulnerabilities Allow Attackers to Achieve Complete Account Takeover
14:39 : The AI Arms Race: Deepfake Generation vs. Detection
14:39 : LockBit panel data leak shows Chinese orgs among the most targeted
14:38 : New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
14:5 : IT Security News Hourly Summary 2025-06-12 15h : 8 posts
14:3 : Microsoft Resolves Windows Server 2025 Restart Bug Disrupting Active Directory Connectivity
14:3 : Hijacked Trust: How Malicious Actors Exploited Discord’s Invite System to Launch Global Multi-Stage Attacks
14:3 : Heimdal for schools: Why IT teams are making the switch
14:3 : On Constant Community Improvements
14:3 : Tamnoon helps organizations reduce cloud security exposures
13:34 : OneLogin AD Connector Vulnerabilities Exposes Authentication Credentials
13:34 : Hirundo Raises $8 Million to Eliminate AI’s Bad Behavior
13:34 : LLM vector and embedding risks and how to defend against them
13:34 : Identifying high-risk APIs across thousands of code repositories
13:34 : AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
13:34 : Palo Alto Networks Patches Series of Vulnerabilities
13:3 : EchoLeak Zero-Click AI Attack in Microsoft Copilot Exposes Company Data
13:2 : Privilege Escalation in PAN-OS Web Interface Allows Admin Users to Perform Root Actions
13:2 : New ‘SmartAttack’ Steals Air-Gapped Data Using Smartwatches
12:34 : Automated Tools to Assist with DShield Honeypot Investigations [Guest Diary], (Wed, Jun 11th)
12:34 : Trend Micro Apex One Zero-Day Vulnerability Enables Attackers to Inject Malicious Code
12:34 : Command Injection Flaw in Palo Alto PAN-OS Allows Root-Level Code Execution
12:34 : Is your Roku TV spying on you? Probably, but here’s how to put an end to it
12:34 : Webcast Video: Rethinking Endpoint Hardening for Today’s Attack Landscape
12:3 : Is Google Password Manager Safe to Use in 2025?
12:3 : Researchers confirm two journalists were hacked with Paragon spyware
12:3 : SinoTrack GPS device flaws allow remote vehicle control and location tracking
12:3 : Palo Alto Networks PAN-OS Vulnerability Let Attacker Run Arbitrary Commands as Root User
12:2 : Threat Actors Allegedly Selling MaaS Botnet on Hackers Forums
12:2 : Trend Micro Apex One Vulnerability Allow Attackers to Inject Malicious Code
12:2 : Non-Human Identities: How to Address the Expanding Security Risk
12:2 : Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
11:36 : ‘EchoLeak’ AI Attack Enabled Theft of Sensitive Data via Microsoft 365 Copilot
11:7 : Amazon Signs Data Centre Nuclear Power Deal
11:7 : US Tops List of Unsecured Cameras Exposing Homes and Offices
11:7 : Cybercriminals Advertise Advanced MaaS Botnet with Blockchain C2 on Hacking Forums
11:7 : New Account Takeover Campaign Leverages Pentesting Tool to Attack Entra ID User Accounts
11:7 : Threat Actors Weaponizing Bat Files to Deliver Quasar RAT
11:7 : Windows SMB Client Zero-Day Vulnerability Exploited Using Reflective Kerberos Relay Attack
11:7 : Hackers Attacking Apache Tomcat Manager From 400 Unique IPs
11:7 : Surge in Cyberattacks Targeting Journalists: Cloudflare
11:7 : The ZTNA Blind Spot: Why Unmanaged Devices Threaten Your Hybrid Workforce
11:6 : NIST Publishes New Zero Trust Implementation Guidance
11:5 : IT Security News Hourly Summary 2025-06-12 12h : 10 posts
10:34 : JSFireTruck: Exploring Malicious JavaScript Using JSF*ck as an Obfuscation Technique
10:34 : ‘Major compromise’ at NHS temping arm exposed gaping security holes
10:2 : Hackers Launch Coordinated Attack on Apache Tomcat Manager from 400 Unique IPs
10:2 : U.S. CISA adds Wazuh, and WebDAV flaws to its Known Exploited Vulnerabilities catalog
9:35 : New Campaign Targets Entra ID User Accounts Using Pentesting Tool for Account Takeover
9:34 : Securing the SaaS Browser Experience Through Proactive Measures
9:34 : Europol Says Criminal Demand for Data is “Skyrocketing”
9:5 : European Social Media Ban For Under-15s Urged By France’s Macron
9:5 : Windows SMB Client Zero-Day Vulnerability Exploited via Reflective Kerberos Relay Attack
9:5 : Hackers Advertising New Blackhat Tool Nytheon AI on Popular Hacking Forums
9:5 : CISA Releases Guide to Protect Network Edge Devices From Hackers
9:5 : Phishing Alert as Erie Insurance Reveals Cyber “Event”
8:33 : Interpol Targets Infostealers: 20,000 IPs Taken Down, 32 Arrested, 216,000 Victims Notified
8:33 : Palo Alto Networks Patches Privilege Escalation Vulnerabilities
8:33 : Why Open-Source Encryption and Automated Key Rotation Aren’t Enough Without Certificate Management
8:33 : File Data: The Hidden Ransomware Threat Costing Enterprises Millions
8:33 : ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks
8:5 : IT Security News Hourly Summary 2025-06-12 09h : 3 posts
8:3 : 0-Click Vulnerability in Microsoft 365 Copilot Exposes Sensitive Data via Teams
8:3 : Exposed eyes: 40,000 security cameras vulnerable to remote hacking
8:2 : Top 12 Continuous Security Monitoring (CSM) Tools for Proactive Defense
7:37 : Lemony mitigates privacy and compliance risks associated with cloud-based AI
7:37 : CoPilot zero-click, Operation Secure, FIN6 targets recruiters
7:7 : Nytheon AI Tool Gaining Traction on Hacking Forums for Malicious Activities
6:32 : CISA Issues Comprehensive Guide to Safeguard Network Edge Devices
6:32 : Cybercriminals are turning stolen data into a thriving black market
6:32 : Nudge Security’s browser extension monitors real-time SaaS and GenAI activity
6:2 : Want fewer security fires to fight? Start with threat modeling
6:2 : Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool
5:31 : Build a mobile hacking rig with a Pixel and Kali NetHunter
5:6 : CISOs call for operational threat intelligence integration
5:5 : IT Security News Hourly Summary 2025-06-12 06h : 1 posts
4:34 : President Trump Ramps Up Cyber Defenses, Protecting America’s Digital Future
4:34 : 0-Click Microsoft 365 Copilot Vulnerability Let Attackers Exfiltrates Sensitive Data Abusing Teams
4:34 : 44% of mobile users encounter scams every day
4:34 : Email security risks healthcare IT can’t afford to ignore
4:4 : 2025-06-10: Ten days of scans and probes and web traffic hitting my web server
2:5 : IT Security News Hourly Summary 2025-06-12 03h : 1 posts
2:2 : ISC Stormcast For Thursday, June 12th, 2025 https://isc.sans.edu/podcastdetail/9490, (Thu, Jun 12th)
2:2 : With Retail Cyberattacks on the Rise, Customers Find Orders Blocked and Shelves Empty
0:36 : EFFecting Change: Pride in Digital Freedom
0:4 : DeepSeek installer or just malware in disguise? Click around and find out
23:7 : Congress Can Act Now to Protect Reproductive Health Data
23:5 : IT Security News Hourly Summary 2025-06-12 00h : 12 posts
22:55 : IT Security News Daily Summary 2025-06-11
22:3 : Operation Secure: INTERPOL dismantles 20,000+ malicious IPs in major cybercrime crackdown
22:3 : US airline industry quietly selling flight data to DHS
22:3 : Arrêt de Skybox. Le risque d’attendre existe
22:3 : Die Gefahren von DIY Network Security Policy Management
22:3 : Skybox ist verschwunden. Das Risiko des Wartens nicht.
22:2 : I pericoli della gestione fai-da-te dei criteri di sicurezza di rete
22:2 : Skybox non c’è più. Il rischio di aspettare non c’è.

Related

Post navigation