🚨 Attackers are hijacking Microsoft Exchange login pages to steal passwords in plain text.

No malware download. No outbound traffic. Just invisible JavaScript keyloggers hiding in plain sight.

65 victims across 26 countries—and counting.

Details → https://thehackernews.com/2025/06/hackers-target-65-microsoft-exchange.html

⚡ You patch CVEs. Hackers exploit what’s exposed—over-permissioned accounts, forgotten assets, weak logins.

Top CISOs explain why CTEM > vuln management—and how to make it work in the real world.

Here’s how they’re doing it → https://thehackernews.com/2025/06/between-buzz-and-reality-ctem.html

💥 Researchers just shut down a cryptominer making $26K/year, dropping its hashrate from 3.3M to zero in seconds using XMRogue and bad shares!

This method forced the attacker to lose 76% of revenue and disrupt their operation.

Details here → https://thehackernews.com/2025/06/researchers-find-way-to-shut-down.html

🚨 New U.S. visa rule: F, M, and J applicants must set social media privacy settings to public—or risk rejection.

Embassy says full visibility is needed to verify identities and screen for security risks.

Here’s what’s changing and why it matters → https://thehackernews.com/2025/06/new-us-visa-rule-requires-applicants-to.html

🚨 Windows 10 isn’t dead yet.

Microsoft is offering 1 more year of critical security updates—if you:
• Sync to the cloud
• Redeem points
• Or pay $30

But there's a catch: You must sign in with a Microsoft account.

Here’s what’s changing → https://thehackernews.com/2025/06/microsoft-extends-windows-10-security.html

🚨 35 malicious npm packages linked to North Korea's “Contagious Interview” op exposed.

Hackers posed as recruiters, tricking devs into running spyware-laced job assignments. Some malware still live on npm.

The goal? Crypto theft & full device takeover.

Read now → https://thehackernews.com/2025/06/north-korea-linked-supply-chain-attack.html

🚨 Hackers are abusing trusted tools to fly under the radar.

Fake SonicWall VPN apps are stealing credentials, while ConnectWise installers signed with valid certificates are dropping malware masked as AI tools or Windows updates.

How both attacks work → https://thehackernews.com/2025/06/sonicwall-netextender-trojan-and.html

🚨 Thousands of passports, IDs & bank statements from Saudi Games 2024 leaked online by pro-Iranian hackers.

They broke into phpMyAdmin, dumped it all on a dark forum—and that’s just the start.

Here’s how this cyberwar is spiraling across borders ↓ https://thehackernews.com/2025/06/pro-iranian-hacktivist-group-leaks.html

🚨 Citrix Bleed 2 is here — CVE-2025-5777 lets attackers hijack sessions without logging in. Just like the 2023 CitrixBleed mess… but worse.

SAP users aren't safe either — input histories stored with weak/no encryption can leak SSNs, bank data.

Read → https://thehackernews.com/2025/06/citrix-bleed-2-flaw-enables-token-theft.html

🚨 Critical Citrix flaw is under active attack.

CVE-2025-6543 (CVSS 9.2) is being exploited in the wild—affecting NetScaler ADC VPN setups.

The catch? Many are still unpatched. And this follows another 9.3-rated bug just weeks ago.

Details + fixes you can’t ignore → https://thehackernews.com/2025/06/citrix-releases-emergency-patches-for.html

🚨 New research: 9% of Microsoft Entra SaaS apps vulnerable to stealth account takeover via nOAuth.

Just an email + tenant access—no password, no MFA.

No alerts. No fix unless vendors update their apps.

Details on nOAuth abuse → https://thehackernews.com/2025/06/noauth-vulnerability-still-affects-9-of.html

🔍 UPDATE: The Havoc backdoor used by Iranian hackers is far more advanced than we thought.

Injected via conhost.dll, it supports BOFs, token theft, lateral movement, and runs fully in memory.

Find details here → https://thehackernews.com/2025/05/iranian-hackers-maintain-2-year-access.html

WhatsApp launches AI-generated message summaries using Meta AI—starting in the U.S.

It says messages stay private via encrypted “Private Processing,” but scrutiny is growing.

Details here → https://thehackernews.com/2025/06/whatsapp-adds-ai-powered-message.html

🚨 A critical AMI firmware flaw (CVSS 10.0) is now under active attack.

CISA just added it—alongside unpatched D-Link and old Fortinet bugs—to its KEV list.

One enables full remote takeover. Another is tied to Akira ransomware.

Here’s what’s at risk → https://thehackernews.com/2025/06/cisa-adds-3-flaws-to-kev-catalog.html

🚨Most orgs wrongly assume Salesforce backs up their data. It doesn’t.

Accidental deletions, failed automations, or ransomware? The Recycle Bin won’t help.

No metadata recovery. No rollback. No compliance support.

Here’s what that means — and what to do about it ↓ https://thehackernews.com/expert-insights/2025/06/your-salesforce-data-isnt-as-safe-as.html

🚨 Hackers are selling access to African banks—and they’re hiding in plain sight.

They spoof Microsoft Teams & Palo Alto icons to drop spyware and backdoors like PoshC2 and Chisel.

Here’s how it works → https://thehackernews.com/2025/06/cyber-criminals-exploit-open-source.html

🚨 Iranian hackers are spear-phishing Israeli experts with AI-crafted fake Google Meet invites—stealing credentials and 2FA codes.

They’re posing as tech execs, using WhatsApp, and bypassing trust with custom phishing kits.

Here’s how they’re pulling it off ↓ https://thehackernews.com/2025/06/iranian-apt35-hackers-targeting-israeli.html

🚨 ClickFix attacks jumped 517% — now researchers warn of FileFix, a dangerous new PoC.

It tricks users into pasting a file path… that silently runs PowerShell.

Not active yet, but the method is worryingly simple — and ripe for abuse.

Details here → https://thehackernews.com/2025/06/new-filefix-method-emerges-as-threat.html

🚨 Cisco just patched two 10.0 CVSS flaws in ISE and ISE-PIC—unauthenticated RCE as root.

Attackers only need a crafted API call or file upload.

No workaround. If you're running 3.3+ or 3.4, patch now.

Details here → https://thehackernews.com/2025/06/critical-rce-flaws-in-cisco-ise-and-ise.html

🚨 SaaS is booming—but most companies are one wrong click away from disaster.

Native tools can’t protect against accidental deletions, insider threats, or ransomware.

The worst part? You won't know until it’s too late.

Learn more → https://thehackernews.com/2025/06/the-hidden-risks-of-saas-why-built-in.html

🚨 One flaw in Open VSX gave attackers full control over millions of developer machines.

They could've silently hijacked every VS Code extension.

The supply chain risk? Massive.

Here's how the breach almost happened — and why it matters now ↓ https://thehackernews.com/2025/06/critical-open-vsx-registry-flaw-exposes.html