👀 “We never drop tools. We use yours.” — BlackBasta ransomware.

A new Bitdefender analysis of 700,000 incidents reveals this chilling truth: 84% of major cyberattacks use Living Off the Land tools like netsh.exe, powershell.exe, wmic.exe.

🔗 Read the report: https://thehackernews.com/expert-insights/2025/05/living-off-land-what-we-learned-from.html

“Healthcare loves to walk backwards into the future.” – Jason Elrod, CISO, MultiCare Health System.

Legacy IT nearly broke care delivery. But with identity-based microsegmentation, Elrod flipped the script:
✅ 30K staff
✅ 14 hospitals
✅ Zero downtime
✅ 238% ROI

Security shouldn't be a roadblock—it should be a bridge.

See how MultiCare did it → https://thehackernews.com/2025/05/from-department-of-no-to-culture-of-yes.html

🚨 “Prove you're not a robot” — turns into full system breach!

Hackers are using fake CAPTCHA checks to deploy a stealthy new Rust malware, EDDIESTEALER, via ClickFix—a social engineering trick abusing PowerShell on Windows.

🎯 Targets: Passwords, crypto wallets, cookies, and more.

🔗 Full report: https://thehackernews.com/2025/05/eddiestealer-malware-uses-clickfix.html

🚨 Global cybercrime tool taken down.

On May 27, 2025, U.S., Dutch, and Finnish authorities seized domains like AvCheck[.]net, used by hackers to hide malware from antivirus tools.

👀 The twist? These “security checkers” claimed to detect threats—but were secretly helping cybercriminals stay invisible.

🔗 Details: https://thehackernews.com/2025/05/us-doj-seizes-4-domains-supporting.html

🔐 Two Linux flaws let local attackers steal secrets from crash dumps — including password hashes.

Found in Ubuntu, RHEL & Fedora, the bugs (CVE-2025-5054 & CVE-2025-4598) exploit SUID crash handling.

A simple race—triggered at just the right time—can leak /etc/shadow data.

PoC is public. Mitigations exist.

Read: https://thehackernews.com/2025/05/new-linux-flaws-allow-password-hash.html

👀 “Strategic Opportunity” or Silent Backdoor?

CFOs across Europe, Africa, & Asia are being hunted in a stealth phishing op impersonating Rothschild recruiters. Victims solve a CAPTCHA—then unknowingly install NetBird & OpenSSH, giving attackers remote access.

It’s legit software. Weaponized.

Learn more: https://thehackernews.com/2025/06/fake-recruiter-emails-target-cfos-using.html

Cyberattacks are getting smarter—not louder.

APTs, AI malware, and browser hijacks are slipping in through trusted tools.

We’ve cut through the noise—here are the key exploits, CVEs, and tactics to know.

🔗 Read latest weekly recap: https://thehackernews.com/2025/06/weekly-recap-apt-intrusions-ai-malware.html

🚨 EDR alone won’t cut it anymore.

Today’s threats bypass traditional tools—using stealth, encryption, and insider tactics.

That’s why banks, energy firms, and governments are turning to Network Detection & Response (NDR) to catch what SIEM and EDR can’t.

From Volt Typhoon to hidden data theft—NDR sees what others miss.

Find out how → https://thehackernews.com/2025/06/the-secret-defense-strategy-of-four.html

🚨 Qualcomm just patched 3 zero-days actively exploited in the wild—two rated CVSS 8.6.

▶ CVE-2025-21479
▶ CVE-2025-21480
▶ CVE-2025-27038

👀 A twist? Similar bugs were used by spyware vendors like Variston and Cy4Gate.

More here: https://thehackernews.com/2025/06/qualcomm-fixes-3-zero-days-used-in.html

🚨 JINX-0132 is hijacking DevOps servers for cryptomining—no malware, no staging.

They’re exploiting Docker, Gitea, Consul & Nomad (first known wild exploit) using tools straight from GitHub.

🔍 First known exploit of Nomad misconfigs in the wild
💰 $10K+ in compute stolen/month
🌍 5,700+ exposed servers (US, China, EU...)

🔗 Full story: https://thehackernews.com/2025/06/cryptojacking-campaign-exploits-devops.html

🚨 WARNING: Another Chrome zero-day exploited in the wild.

Google just patched CVE-2025-5419 — a high-severity V8 engine flaw found by its own Threat Analysis Group.

Attackers are already using it via malicious HTML pages.

Update Chrome NOW | Read: https://thehackernews.com/2025/06/new-chrome-zero-day-actively-exploited.html

🕵️‍♂️ APT29? Cozy Bear? Midnight Blizzard?

Same hacker. Different names.

🔥 Microsoft and CrowdStrike are finally fixing the naming mess. Faster attribution. Better defense.

Check it out → https://thehackernews.com/2025/06/microsoft-and-crowdstrike-launch-shared.html

🚨 Chrome to Block TLS Certificates from Two Major Certificate Authorities.

Why? Repeated security failures. Broken promises. No real progress.

Read: https://thehackernews.com/2025/06/google-chrome-to-distrust-two.html

⚠️ Switch CAs now to avoid disruptions.

🚨 New Android malware 'Crocodilus' spreads worldwide.

First seen in Spain & Turkey, it now targets users in 🇵🇱 Poland, 🇧🇷 Brazil, 🇦🇷 Argentina, 🇮🇳 India & more.

It:
🔸 Steals crypto seed phrases
🔸 Poses as " Bank Support " to evade Google alerts
🔸 Spreads via Facebook ads

🔗 Details: https://thehackernews.com/2025/06/android-trojan-crocodilus-now-active-in.html

New GenAI Security Best Practices Bundle

3-in-1 AI security guides. Get access to 3 resources that will help secure your AI pipeline and mitigate critical risks.

Unlock the Bundle: https://thehackernews.uk/wiz-genai-sec-bundle

“Hey, I got a new phone—can you reset my MFA?”

That’s how $100M+ breaches begin.

Scattered Spider isn’t new — they’ve been hijacking accounts using help desk scams, deepfakes & AiTM phishing kits since 2022.

Learn how to fight back → https://thehackernews.com/2025/06/scattered-spider-understanding-help.html

XPOSURE is back! The National Exposure Management Virtual Summit returns for its fourth year, focused on what matters most: reducing cyber exposure and risk.

Join top cybersecurity leaders from Pentera, Forrester, AWS, Armis, Recorded Future, and SecurityScorecard to learn how leading security teams are taking a proactive approach to exposure across the enterprise.

Featuring Jen Easterly, former Director of the Cybersecurity and Infrastructure Security Agency (CISA), as the XPOSURE 2025 keynote.

If you’re building toward a more proactive security model, this is where you need to be.

📅 June 18 | 🕚 11 AM ET
🎓 Up to 3.5 CPE credits
🔗 https://thn.news/xposure2025

#XPOSURE2025 #CTEM #CyberSecurityLeadership #EnterpriseSecurity

🚨 A 10-year-old flaw (CVE-2025-49113 / CVSS 9.9) in Roundcube Webmail could let hackers take over your system.

Nation-state groups like APT28 have already exploited Roundcube before.

🔗 Read: https://thehackernews.com/2025/06/critical-10-year-old-roundcube-webmail.html

🔧 Patch to 1.6.11 or 1.5.10 LTS now.
📌 PoC coming soon.

🚨 Watch your clipboard!

A fake DocuSign site tricks users into running malware with a sneaky PowerShell script—copied via CAPTCHA.

✔️ Clipboard poisoning
✔️ Fake Gitcode & DocuSign sites
✔️ NetSupport RAT deployed

👀 Learn how it works → https://thehackernews.com/2025/06/fake-docusign-gitcode-sites-spread.html

🚨 Critical bugs in HPE StoreOnce | 9.8 CVSS flaw allows auth bypass + RCE as root.

👀 One bug (CVE-2025-37093) lets attackers skip login—then chain others for full takeover.

Patch now if you're running pre-4.3.11 versions.

🔗 Full details: https://thehackernews.com/2025/06/hpe-issues-security-patch-for-storeonce.html