Tacking on compliance late? You risk more than fines—think failed audits, stalled deals, and fragile systems.

Build it in from day one.

Here's why ↓ https://thehackernews.com/expert-insights/2025/06/the-hidden-cost-of-treating-compliance.html

🧪⚠️ Water Curse hijacked 76 GitHub repos to spread stealthy, multi-stage malware.

Posing as dev tools, it steals credentials, hijacks sessions, and persists undetected—active since March 2023.

Details → https://thehackernews.com/2025/06/water-curse-hijacks-76-github-accounts.html

Webinar: Shadow IT Monitoring Across OAuth & Chrome + Gmail Security — Without Scripts or Rigid Tools

If you’re a Google Workspace Admin, you’ve seen it all:
📤 Emails forwarded to personal accounts
🔗 OAuth apps with risky Drive or Gmail access
🧩 Unapproved Chrome extensions sneaking through
📩 ...and endless back-and-forth approval emails

You don’t need another alert—you need enforcement.

Join us for a fast-paced session where we’ll show how Admins are automating:
✅ Gmail forwarding rule detection & response
✅ Passive shadow IT monitoring across OAuth & Chrome
✅ Extension & app approval requests with AI-powered policy logic

Featuring:
Mike Klambro – Ex-Google, now helping orgs scale security workflows
Fernanda Lopez – Customer Success Engineer at Zenphi.

When: June 26, in 3 time zones

👉 Register here: https://thn.news/google-workspace-security

🚨 Over 1,500 Minecraft players infected by fake mod downloads on GitHub

A Russian-speaking group used the “Stargazers Ghost Network” to drop Java + .NET stealers via undetected cheats. Victims lost browser passwords, wallet data, Discord tokens, and more.

Details here → https://thehackernews.com/2025/06/1500-minecraft-players-infected-by-java.html

🚨 Hackers are hijacking Cloudflare Tunnel subdomains to launch memory-injected RATs—right through fake PDFs.

The trick? Shortcut files + stealth loaders + Python payloads, all hosted on legit URLs.

Here’s how they’re getting past detection → https://thehackernews.com/2025/06/new-malware-campaign-uses-cloudflare.html

🛡️ FedRAMP isn’t just for big enterprises anymore.

A cybersecurity startup breaks down how it cleared FedRAMP Moderate—on startup speed.

💰 Cost: $1M+
⏱️ Time: 12+ months
📚 Lessons: Align early, integrate security, avoid federal-only forks.

Here’s how they did it ↓ https://thehackernews.com/2025/06/fedramp-at-startup-speed-lessons-learned.html

🚨 New Linux Root Exploits Discovered!

2 chained flaws (CVE-2025-6018 & 6019) let any local user become root in seconds—no zero-day needed.

The worst part? Most distros are vulnerable by default.

Details here → https://thehackernews.com/2025/06/new-linux-flaws-enable-full-root-access.html

Meta is rolling out passkeys across Facebook, Messenger, and Meta Pay—biometrics instead of passwords or SMS codes.

The goal? No more phishing, leaks, or login scams.

Full details on what’s changing → https://thehackernews.com/2025/06/meta-adds-passkey-login-support-to.html

🚨 Russian APT29 hackers hijacked Gmail accounts using app passwords—bypassing 2FA with social engineering.

They posed as the U.S. State Dept to steal access from academics and critics.

Full story → https://thehackernews.com/2025/06/russian-apt29-exploits-gmail-app.html

⚠️ Most cyberattacks today don’t crash doors—they slip through unnoticed, hiding in trusted tools.

No malware alerts. No strange IPs. Just routine traffic—until it’s too late.

Watch this free WEBINAR to see how top experts spot and stop these hidden attacks: https://thehackernews.com/2025/06/uncover-lots-attacks-hiding-in-trusted.html

🚨 AI can now write code—but it won’t secure it unless you explicitly ask.

A new guide reveals how vibe coding is causing “silent killer” bugs—perfectly working code hiding exploitable flaws.

Here’s how to build safely with AI → https://thehackernews.com/2025/06/secure-vibe-coding-complete-new-guide.html

🚨 North Korean hackers used deepfake Zoom calls to trick a Web3 employee into installing macOS malware.

The attackers faked company execs, spoofed Zoom links, and dropped 8 malware strains — including keyloggers and crypto stealers.

Learn more → https://thehackernews.com/2025/06/bluenoroff-deepfake-zoom-scam-hits.html

🚨 DSARs are piling up, and manual responses can’t keep up.

With data spread across SaaS, cloud, and on-premises environments, it’s a compliance risk waiting to happen.

Sentra’s new guide shows how to automate it.

Read more 👇 https://thn.news/dsar-software-x

🚨 Android malware is getting brutal:

🔸AntiDot hijacks 3,775+ phones via fake Google updates
🔸 GodFather runs real banking apps in a fake sandbox
🔸 SuperCard X clones bank cards via NFC
🔸 150K+ spyware app installs from official stores

Your phone isn’t safe.

Details → https://thehackernews.com/2025/06/new-android-malware-surge-hits-devices.html

🚨 133 backdoored GitHub repos uncovered—67 from “Banana Squad” alone—masquerading as Python tools, game cheats & crypto apps.

Payloads include AsyncRAT, Lumma, and Remcos—spread via GitHub, YouTube, and Discord.

Dev tools are the new delivery vector.

Full story → https://thehackernews.com/2025/06/67-trojanized-github-repositories-found.html

🚨 A record-breaking DDoS attack just slammed a hosting provider with 7.3 Tbps of traffic.

It lasted 45 seconds—and bombarded 34,000+ ports per second.

Cloudflare blocked it. But RapperBot is just getting started.

Full story → https://thehackernews.com/2025/06/massive-73-tbps-ddos-attack-delivers.html

🚨 Iran’s state TV hacked, $90M stolen from crypto exchange Nobitex in coordinated cyber strikes.

The digital war with Israel just escalated — and it's hitting banks, broadcasts, and borders.

Full story → https://thehackernews.com/2025/06/irans-state-tv-hijacked-mid-broadcast.html

🚨 Cyberattack during holiday downtime shut down online sales — 1/3 of revenue gone in hours.

Attackers strike when teams are offline. Is your SOC ready 24/7?

Here’s how to fix that ↓ https://thehackernews.com/2025/06/6-steps-to-247-in-house-soc-success.html

🚨 Qilin ransomware just added legal support for affiliates — yes, actual lawyers.

Victims now face not just hackers, but fake lawsuits pressuring them to pay.

The cybercrime-as-a-service model is evolving fast.

Details here → https://thehackernews.com/2025/06/qilin-ransomware-adds-call-lawyer.html

🚨 UK retail giants M&S and Co-op hit in a single cyber attack costing up to $592M.

Hackers used fake IT help desk calls—suspected Scattered Spider behind it.

Details here → https://thehackernews.com/2025/06/scattered-spider-behind-cyberattacks-on.html

🚨 Cloudflare just stopped the largest DDoS attack ever — 7.3 Tbps in 45 seconds.

It wasn’t the only threat this week. From Chrome 0-days to deepfake Zoom malware and MFA bypasses, attackers are evolving fast.

Full recap → https://thehackernews.com/2025/06/weekly-recap-chrome-0-day-73-tbps-ddos.html