Rare Werewolf, an APT group, hijacks legitimate software to mine crypto & steal data from hundreds of Russian firms—using stealthy scripts and remote access.

👀 They wake infected PCs at 1 a.m. for covert control, then shut them down by 5 a.m.

Read ↓ https://thehackernews.com/2025/06/rare-werewolf-apt-uses-legitimate.html

Google just fixed a flaw that let attackers brute-force recovery phone numbers in seconds—putting millions at risk of SIM swaps and account takeovers.

The catch? It abused an old, disabled-JS recovery form and cleverly leaked user names via Looker Studio.

Details here → https://thehackernews.com/2025/06/researcher-found-flaw-to-discover-phone.html

AI agents use hidden Non-Human Identities that attackers are targeting. Most orgs don’t even know they exist.

Join our webinar with Astrix Security to learn how to secure these invisible risks before they become your biggest threat.

Save your spot ↓ https://thehacker.news/ai-agents-identities

🔐 Webinar: The 2025 Identity Governance Playbook

Incomplete app coverage. Compliance gaps. Manual workarounds. It’s no wonder so many IGA programs stall out.

On June 26 at 10 AM PT / 1 PM ET, join industry analyst Francis Odum and Cerby CEO Belsasar Lepe for a conversation on how leading teams are rethinking identity governance—without ripping out their stack.

You’ll learn:
🔹 Why most IGA programs stall
🔹 Where automation and AI are closing critical gaps
🔹 How to get full app coverage—without a rip-and-replace of your existing tools

If IGA is on your roadmap, this is one you don’t want to miss!

Grab your spot today 👉 https://thn.news/2025-iga-playbook

🚨 Myth Stealer, a new Rust-based info stealer, is hitting gamers via fake sites and cracked cheats—stealing passwords from all major browsers while fooling users with fake windows.

Here’s what you need to know ↓ https://thehackernews.com/2025/06/rust-based-myth-stealer-malware-spread.html

Non-human identities now outnumber human ones by up to 50-to-1—and 46% of orgs faced breaches from them last year.

These overlooked credentials are prime targets with weak security and broad access.

Securing NHIs isn’t optional—it’s urgent.

Learn how CISOs are tackling this rising risk ↓ https://thehackernews.com/2025/06/the-hidden-threat-in-your-stack-why-non.html

🕵️‍♂️ FIN6 just turned job hunting into a malware trap — fake resumes on AWS fool recruiters into downloading More_eggs backdoor.

With CAPTCHA walls and clever filters, only real targets get infected, bypassing scanners and VPNs. Credential theft and ransomware follow.

Don’t fall for the bait.

Full story ↓ https://thehackernews.com/2025/06/fin6-uses-aws-hosted-fake-resumes-on.html

🚨 Nearly 3 in 4 companies could FAIL their IAM compliance audits — risking fines, breaches, and shattered trust.

Why? Complex rules, manual chaos, and disconnected tools create a perfect storm.

But a smart, layered IAM strategy combining Access Management, PAM, and IGA can turn chaos into control — making audits faster, easier, and safer.

Discover how to protect your business and ace your next audit ↓ https://thehackernews.com/expert-insights/2025/06/iam-compliance-audits-how-to-improve.html

🛑 Over 20 critical Salesforce Industry Cloud misconfigurations expose encrypted data, credentials, and customer info to hackers.

Salesforce patched 3 flaws and issued guidance for 2 more—customers must fix the remaining 16 or risk massive breaches and compliance violations.

Details ↓
https://thehackernews.com/2025/06/researchers-uncover-20-configuration.html

Adobe just fixed 254 security flaws—225 in Experience Manager alone—that could let attackers run code or bypass security.

The worst? A critical Magento bug scoring 9.1 CVSS. No exploits seen yet, but this is urgent. Update now to stay safe.

Details here → https://thehackernews.com/2025/06/adobe-releases-patch-fixing-254.html

🔴 Microsoft just patched 67 vulnerabilities—including a zero-day WEBDAV flaw actively exploited by the Stealth Falcon group to deploy stealthy malware via phishing URLs.

This bug CVE-2025-33053 lets attackers run code remotely with ease.

Details here → https://thehackernews.com/2025/06/microsoft-patches-67-vulnerabilities.html

Don’t wait—patch immediately.

Two critical flaws in SinoTrack GPS devices let attackers remotely track vehicles—and even cut off fuel remotely. No patch yet.

Default passwords and visible device IDs make hijacking shockingly easy

Details ↓ https://thehackernews.com/2025/06/sinotrack-gps-devices-vulnerable-to.html

If you use these, change passwords now and hide device info.

River Island’s tiny InfoSec team secures 200+ stores and e-commerce with zero headcount growth — by automating attack surface visibility and threat detection.

Their secret? Empowering others to fix issues fast, not doing it all themselves.

See how lean can win → https://thehackernews.com/2025/06/how-to-build-lean-security-model-5.html

🚨 INTERPOL dismantled over 20,000 malicious IPs tied to 69 info-stealing malware strains in a global crackdown involving 26 countries.

Disrupted cybercrime, arrested 32, seized 41 servers used for phishing, fraud, scams.

Read ↓ https://thehackernews.com/2025/06/interpol-dismantles-20000-malicious-ips.html

DNS is the internet’s weakest link — and attackers know it. Unsecured DNS can let hackers reroute traffic, steal data, or take your business offline in minutes.

The good news? Securing DNS with tools like DNSSEC and encrypted queries stops attacks before they start.

Learn more ↓ https://thehackernews.com/2025/06/why-dns-security-is-your-first-defense.html

A massive brute-force attack hit Apache Tomcat Manager on June 5, 2025—295 malicious IPs trying to break in, mostly from US, UK, Germany, and Singapore.

Exposed Tomcat services are a ticking time bomb—this could lead to serious breaches if left unchecked.

Also, 40,000+ security cameras worldwide are openly streaming, risking privacy and corporate espionage.

Full details here → https://thehackernews.com/2025/06/295-malicious-ips-launch-coordinated.html

Black Basta’s old affiliates are back—now using Teams phishing plus Python scripts to silently hijack networks.

Half their attacks come from legit-looking Microsoft domains, fooling security teams.

Here’s what to watch for ↓ https://thehackernews.com/2025/06/former-black-basta-members-use.html

Over 80,000 Microsoft Entra ID accounts targeted by a stealthy takeover campaign using the open-source tool TeamFiltration.

Attackers exploit Microsoft Teams API & AWS servers worldwide to spray passwords, exfiltrate data, and plant persistent access.

Find details here ↓ https://thehackernews.com/2025/06/over-80000-microsoft-entra-id-accounts.html

ConnectWise is urgently rotating code-signing certificates for ScreenConnect and RMM tools by June 13 due to a risky config data handling flaw — no breach, but on-prem users must update to avoid downtime.

Learn more ↓ https://thehackernews.com/2025/06/connectwise-to-rotate-screenconnect.html

🚨 Machine identities now outnumber humans 100:1. GitGuardian found 70% of leaked secrets from 2022 remain active in 2025, fueling major breaches like US Treasury & Toyota.

Secrets spread across repos, pipelines, clouds—beyond traditional vaults’ reach.

Non-human identity risk is a top OWASP threat in 2025.

Full story ↓ https://thehackernews.com/2025/06/non-human-identities-how-to-address.html

🚨 Zero-click AI exploit in Microsoft 365 Copilot (CVE-2025-32711, CVSS 9.3) lets attackers steal sensitive data silently via email—no user interaction needed.

Details ↓ https://thehackernews.com/2025/06/zero-click-ai-vulnerability-exposes.html

Already patched, but shows serious AI security risks ahead.