🚨 Critical Citrix flaw is under active attack.

CVE-2025-6543 (CVSS 9.2) is being exploited in the wild—affecting NetScaler ADC VPN setups.

The catch? Many are still unpatched. And this follows another 9.3-rated bug just weeks ago.

Details + fixes you can’t ignore → https://thehackernews.com/2025/06/citrix-releases-emergency-patches-for.html

🚨 New research: 9% of Microsoft Entra SaaS apps vulnerable to stealth account takeover via nOAuth.

Just an email + tenant access—no password, no MFA.

No alerts. No fix unless vendors update their apps.

Details on nOAuth abuse → https://thehackernews.com/2025/06/noauth-vulnerability-still-affects-9-of.html

🔍 UPDATE: The Havoc backdoor used by Iranian hackers is far more advanced than we thought.

Injected via conhost.dll, it supports BOFs, token theft, lateral movement, and runs fully in memory.

Find details here → https://thehackernews.com/2025/05/iranian-hackers-maintain-2-year-access.html

WhatsApp launches AI-generated message summaries using Meta AI—starting in the U.S.

It says messages stay private via encrypted “Private Processing,” but scrutiny is growing.

Details here → https://thehackernews.com/2025/06/whatsapp-adds-ai-powered-message.html

🚨 A critical AMI firmware flaw (CVSS 10.0) is now under active attack.

CISA just added it—alongside unpatched D-Link and old Fortinet bugs—to its KEV list.

One enables full remote takeover. Another is tied to Akira ransomware.

Here’s what’s at risk → https://thehackernews.com/2025/06/cisa-adds-3-flaws-to-kev-catalog.html

🚨Most orgs wrongly assume Salesforce backs up their data. It doesn’t.

Accidental deletions, failed automations, or ransomware? The Recycle Bin won’t help.

No metadata recovery. No rollback. No compliance support.

Here’s what that means — and what to do about it ↓ https://thehackernews.com/expert-insights/2025/06/your-salesforce-data-isnt-as-safe-as.html

🚨 Hackers are selling access to African banks—and they’re hiding in plain sight.

They spoof Microsoft Teams & Palo Alto icons to drop spyware and backdoors like PoshC2 and Chisel.

Here’s how it works → https://thehackernews.com/2025/06/cyber-criminals-exploit-open-source.html

🚨 Iranian hackers are spear-phishing Israeli experts with AI-crafted fake Google Meet invites—stealing credentials and 2FA codes.

They’re posing as tech execs, using WhatsApp, and bypassing trust with custom phishing kits.

Here’s how they’re pulling it off ↓ https://thehackernews.com/2025/06/iranian-apt35-hackers-targeting-israeli.html

🚨 ClickFix attacks jumped 517% — now researchers warn of FileFix, a dangerous new PoC.

It tricks users into pasting a file path… that silently runs PowerShell.

Not active yet, but the method is worryingly simple — and ripe for abuse.

Details here → https://thehackernews.com/2025/06/new-filefix-method-emerges-as-threat.html

🚨 Cisco just patched two 10.0 CVSS flaws in ISE and ISE-PIC—unauthenticated RCE as root.

Attackers only need a crafted API call or file upload.

No workaround. If you're running 3.3+ or 3.4, patch now.

Details here → https://thehackernews.com/2025/06/critical-rce-flaws-in-cisco-ise-and-ise.html

🚨 SaaS is booming—but most companies are one wrong click away from disaster.

Native tools can’t protect against accidental deletions, insider threats, or ransomware.

The worst part? You won't know until it’s too late.

Learn more → https://thehackernews.com/2025/06/the-hidden-risks-of-saas-why-built-in.html

🚨 One flaw in Open VSX gave attackers full control over millions of developer machines.

They could've silently hijacked every VS Code extension.

The supply chain risk? Massive.

Here's how the breach almost happened — and why it matters now ↓ https://thehackernews.com/2025/06/critical-open-vsx-registry-flaw-exposes.html

🚨 Hackers are using Microsoft’s ClickOnce to deploy stealth malware—no admin rights, no alerts.

Targeting energy, oil & gas, the “OneClik” campaign hides Go-based backdoors via fake sites + AWS. It evades detection, hijacks trusted Windows processes, and mimics Cobalt Strike.

Learn more → https://thehackernews.com/2025/06/oneclik-malware-targets-energy-sector.html

🚨 Hackers are scanning MOVEit servers again—big spike started May 27.

Over 300 suspicious IPs hit in one day. Old ransomware bugs are being tested again.

If you use MOVEit, now’s the time to patch and lock it down.

Full story → https://thehackernews.com/2025/06/moveit-transfer-faces-increased-threats.html

🚨 Chinese users targeted with fake WPS Office & DeepSeek sites—delivering Sainbox RAT + Hidden rootkit.

It’s the same group behind past fake Chrome installers.

Stealthy, low-effort, and still active.

Details → https://thehackernews.com/2025/06/chinese-group-silver-fox-uses-fake.html

🚨 Up to 90% of SOC alerts are false positives.

Prophet AI filters noise, automates triage, and cuts response time from hours to minutes—boosting efficiency without adding headcount.

See how AI analysts transform your SOC → https://thehackernews.com/2025/06/business-case-for-agentic-ai-soc.html

🚨 China-linked hackers just targeted Tibetans with fake documents tied to the Dalai Lama & WPCT.

Behind it? Mustang Panda’s new malware chain: Claimloader → PUBLOAD → Pubshell (reverse shell access).

The twist? It spreads via Google Drive links & even USB worms.

Learn more → https://thehackernews.com/2025/06/pubload-and-pubshell-malware-used-in.html

🚨 1,000+ hacked home & office devices turned into a covert spying network for Chinese ops.

Worse? The malware mimics the LAPD—and it’s still growing quietly across the US + Asia.

Details on “LapDogs” & the backdoor behind it → https://thehackernews.com/2025/06/over-1000-soho-devices-hacked-in-china.html

🚨 Facebook now asks to upload your phone photos—even unposted ones—to generate AI recaps, collages, and story ideas.

Say yes, and Meta can scan faces, locations, and more.

Full story → https://thehackernews.com/2025/06/facebooks-new-ai-tool-requests-photo.html

🚨 A Ukrainian military phishing campaign just escalated.

GIFTEDCROOK malware now steals not just browser data—but sensitive documents, emails, and VPN configs.

It hides in fake Excel files, exfiltrates via Telegram, and wipes its tracks.

The goal? Targeted intelligence ops.

Full report → https://thehackernews.com/2025/06/giftedcrook-malware-evolves-from.html

🚨 Scattered Spider is now targeting airlines, FBI warns.

Their method? Impersonate staff, trick help desks, bypass MFA—no malware needed.

Why it matters: Even C-level accounts are being hijacked with just a phone call.

Details here → https://thehackernews.com/2025/06/fbi-warns-of-scattered-spiders.html