🚨 Over 1,500 Minecraft players infected by fake mod downloads on GitHub

A Russian-speaking group used the “Stargazers Ghost Network” to drop Java + .NET stealers via undetected cheats. Victims lost browser passwords, wallet data, Discord tokens, and more.

Details here → https://thehackernews.com/2025/06/1500-minecraft-players-infected-by-java.html

🚨 Hackers are hijacking Cloudflare Tunnel subdomains to launch memory-injected RATs—right through fake PDFs.

The trick? Shortcut files + stealth loaders + Python payloads, all hosted on legit URLs.

Here’s how they’re getting past detection → https://thehackernews.com/2025/06/new-malware-campaign-uses-cloudflare.html

🛡️ FedRAMP isn’t just for big enterprises anymore.

A cybersecurity startup breaks down how it cleared FedRAMP Moderate—on startup speed.

💰 Cost: $1M+
⏱️ Time: 12+ months
📚 Lessons: Align early, integrate security, avoid federal-only forks.

Here’s how they did it ↓ https://thehackernews.com/2025/06/fedramp-at-startup-speed-lessons-learned.html

🚨 New Linux Root Exploits Discovered!

2 chained flaws (CVE-2025-6018 & 6019) let any local user become root in seconds—no zero-day needed.

The worst part? Most distros are vulnerable by default.

Details here → https://thehackernews.com/2025/06/new-linux-flaws-enable-full-root-access.html

Meta is rolling out passkeys across Facebook, Messenger, and Meta Pay—biometrics instead of passwords or SMS codes.

The goal? No more phishing, leaks, or login scams.

Full details on what’s changing → https://thehackernews.com/2025/06/meta-adds-passkey-login-support-to.html

🚨 Russian APT29 hackers hijacked Gmail accounts using app passwords—bypassing 2FA with social engineering.

They posed as the U.S. State Dept to steal access from academics and critics.

Full story → https://thehackernews.com/2025/06/russian-apt29-exploits-gmail-app.html

⚠️ Most cyberattacks today don’t crash doors—they slip through unnoticed, hiding in trusted tools.

No malware alerts. No strange IPs. Just routine traffic—until it’s too late.

Watch this free WEBINAR to see how top experts spot and stop these hidden attacks: https://thehackernews.com/2025/06/uncover-lots-attacks-hiding-in-trusted.html

🚨 AI can now write code—but it won’t secure it unless you explicitly ask.

A new guide reveals how vibe coding is causing “silent killer” bugs—perfectly working code hiding exploitable flaws.

Here’s how to build safely with AI → https://thehackernews.com/2025/06/secure-vibe-coding-complete-new-guide.html

🚨 North Korean hackers used deepfake Zoom calls to trick a Web3 employee into installing macOS malware.

The attackers faked company execs, spoofed Zoom links, and dropped 8 malware strains — including keyloggers and crypto stealers.

Learn more → https://thehackernews.com/2025/06/bluenoroff-deepfake-zoom-scam-hits.html

🚨 DSARs are piling up, and manual responses can’t keep up.

With data spread across SaaS, cloud, and on-premises environments, it’s a compliance risk waiting to happen.

Sentra’s new guide shows how to automate it.

Read more 👇 https://thn.news/dsar-software-x

🚨 Android malware is getting brutal:

🔸AntiDot hijacks 3,775+ phones via fake Google updates
🔸 GodFather runs real banking apps in a fake sandbox
🔸 SuperCard X clones bank cards via NFC
🔸 150K+ spyware app installs from official stores

Your phone isn’t safe.

Details → https://thehackernews.com/2025/06/new-android-malware-surge-hits-devices.html

🚨 133 backdoored GitHub repos uncovered—67 from “Banana Squad” alone—masquerading as Python tools, game cheats & crypto apps.

Payloads include AsyncRAT, Lumma, and Remcos—spread via GitHub, YouTube, and Discord.

Dev tools are the new delivery vector.

Full story → https://thehackernews.com/2025/06/67-trojanized-github-repositories-found.html

🚨 A record-breaking DDoS attack just slammed a hosting provider with 7.3 Tbps of traffic.

It lasted 45 seconds—and bombarded 34,000+ ports per second.

Cloudflare blocked it. But RapperBot is just getting started.

Full story → https://thehackernews.com/2025/06/massive-73-tbps-ddos-attack-delivers.html

🚨 Iran’s state TV hacked, $90M stolen from crypto exchange Nobitex in coordinated cyber strikes.

The digital war with Israel just escalated — and it's hitting banks, broadcasts, and borders.

Full story → https://thehackernews.com/2025/06/irans-state-tv-hijacked-mid-broadcast.html

🚨 Cyberattack during holiday downtime shut down online sales — 1/3 of revenue gone in hours.

Attackers strike when teams are offline. Is your SOC ready 24/7?

Here’s how to fix that ↓ https://thehackernews.com/2025/06/6-steps-to-247-in-house-soc-success.html

🚨 Qilin ransomware just added legal support for affiliates — yes, actual lawyers.

Victims now face not just hackers, but fake lawsuits pressuring them to pay.

The cybercrime-as-a-service model is evolving fast.

Details here → https://thehackernews.com/2025/06/qilin-ransomware-adds-call-lawyer.html

🚨 UK retail giants M&S and Co-op hit in a single cyber attack costing up to $592M.

Hackers used fake IT help desk calls—suspected Scattered Spider behind it.

Details here → https://thehackernews.com/2025/06/scattered-spider-behind-cyberattacks-on.html

🚨 Cloudflare just stopped the largest DDoS attack ever — 7.3 Tbps in 45 seconds.

It wasn’t the only threat this week. From Chrome 0-days to deepfake Zoom malware and MFA bypasses, attackers are evolving fast.

Full recap → https://thehackernews.com/2025/06/weekly-recap-chrome-0-day-73-tbps-ddos.html

🚨 Hackers are now tricking AI using invisible commands hidden in emails, docs, even calendar invites.

Google’s response? New defenses in Gemini to block these stealth attacks before AI leaks data or follows harmful orders.

Full story → https://thehackernews.com/2025/06/google-adds-multi-layered-defenses-to.html

🚨 A new malware called XDigo is hitting Eastern Europe—via booby-trapped Windows shortcut files.

The twist? The LNK files look harmless… but secretly run hidden commands Windows doesn’t even show.

Here’s how XDSpy pulled it off + who’s targeted ↓ https://thehackernews.com/2025/06/xdigo-malware-exploits-windows-lnk-flaw.html

🚨 After U.S. airstrikes on Iranian nuclear sites, pro-Iran hackers hit back—taking down Trump’s Truth Social.

Now DHS warns more attacks are likely, targeting weak U.S. networks.

Here’s what’s happening → https://thehackernews.com/2025/06/dhs-warns-pro-iranian-hackers-likely-to.html