🔐 Two Linux flaws let local attackers steal secrets from crash dumps — including password hashes.

Found in Ubuntu, RHEL & Fedora, the bugs (CVE-2025-5054 & CVE-2025-4598) exploit SUID crash handling.

A simple race—triggered at just the right time—can leak /etc/shadow data.

PoC is public. Mitigations exist.

Read: https://thehackernews.com/2025/05/new-linux-flaws-allow-password-hash.html

👀 “Strategic Opportunity” or Silent Backdoor?

CFOs across Europe, Africa, & Asia are being hunted in a stealth phishing op impersonating Rothschild recruiters. Victims solve a CAPTCHA—then unknowingly install NetBird & OpenSSH, giving attackers remote access.

It’s legit software. Weaponized.

Learn more: https://thehackernews.com/2025/06/fake-recruiter-emails-target-cfos-using.html

Cyberattacks are getting smarter—not louder.

APTs, AI malware, and browser hijacks are slipping in through trusted tools.

We’ve cut through the noise—here are the key exploits, CVEs, and tactics to know.

🔗 Read latest weekly recap: https://thehackernews.com/2025/06/weekly-recap-apt-intrusions-ai-malware.html

🚨 EDR alone won’t cut it anymore.

Today’s threats bypass traditional tools—using stealth, encryption, and insider tactics.

That’s why banks, energy firms, and governments are turning to Network Detection & Response (NDR) to catch what SIEM and EDR can’t.

From Volt Typhoon to hidden data theft—NDR sees what others miss.

Find out how → https://thehackernews.com/2025/06/the-secret-defense-strategy-of-four.html

🚨 Qualcomm just patched 3 zero-days actively exploited in the wild—two rated CVSS 8.6.

▶ CVE-2025-21479
▶ CVE-2025-21480
▶ CVE-2025-27038

👀 A twist? Similar bugs were used by spyware vendors like Variston and Cy4Gate.

More here: https://thehackernews.com/2025/06/qualcomm-fixes-3-zero-days-used-in.html

🚨 JINX-0132 is hijacking DevOps servers for cryptomining—no malware, no staging.

They’re exploiting Docker, Gitea, Consul & Nomad (first known wild exploit) using tools straight from GitHub.

🔍 First known exploit of Nomad misconfigs in the wild
💰 $10K+ in compute stolen/month
🌍 5,700+ exposed servers (US, China, EU...)

🔗 Full story: https://thehackernews.com/2025/06/cryptojacking-campaign-exploits-devops.html

🚨 WARNING: Another Chrome zero-day exploited in the wild.

Google just patched CVE-2025-5419 — a high-severity V8 engine flaw found by its own Threat Analysis Group.

Attackers are already using it via malicious HTML pages.

Update Chrome NOW | Read: https://thehackernews.com/2025/06/new-chrome-zero-day-actively-exploited.html

🕵️‍♂️ APT29? Cozy Bear? Midnight Blizzard?

Same hacker. Different names.

🔥 Microsoft and CrowdStrike are finally fixing the naming mess. Faster attribution. Better defense.

Check it out → https://thehackernews.com/2025/06/microsoft-and-crowdstrike-launch-shared.html

🚨 Chrome to Block TLS Certificates from Two Major Certificate Authorities.

Why? Repeated security failures. Broken promises. No real progress.

Read: https://thehackernews.com/2025/06/google-chrome-to-distrust-two.html

⚠️ Switch CAs now to avoid disruptions.

🚨 New Android malware 'Crocodilus' spreads worldwide.

First seen in Spain & Turkey, it now targets users in 🇵🇱 Poland, 🇧🇷 Brazil, 🇦🇷 Argentina, 🇮🇳 India & more.

It:
🔸 Steals crypto seed phrases
🔸 Poses as " Bank Support " to evade Google alerts
🔸 Spreads via Facebook ads

🔗 Details: https://thehackernews.com/2025/06/android-trojan-crocodilus-now-active-in.html

New GenAI Security Best Practices Bundle

3-in-1 AI security guides. Get access to 3 resources that will help secure your AI pipeline and mitigate critical risks.

Unlock the Bundle: https://thehackernews.uk/wiz-genai-sec-bundle

“Hey, I got a new phone—can you reset my MFA?”

That’s how $100M+ breaches begin.

Scattered Spider isn’t new — they’ve been hijacking accounts using help desk scams, deepfakes & AiTM phishing kits since 2022.

Learn how to fight back → https://thehackernews.com/2025/06/scattered-spider-understanding-help.html

XPOSURE is back! The National Exposure Management Virtual Summit returns for its fourth year, focused on what matters most: reducing cyber exposure and risk.

Join top cybersecurity leaders from Pentera, Forrester, AWS, Armis, Recorded Future, and SecurityScorecard to learn how leading security teams are taking a proactive approach to exposure across the enterprise.

Featuring Jen Easterly, former Director of the Cybersecurity and Infrastructure Security Agency (CISA), as the XPOSURE 2025 keynote.

If you’re building toward a more proactive security model, this is where you need to be.

📅 June 18 | 🕚 11 AM ET
🎓 Up to 3.5 CPE credits
🔗 https://thn.news/xposure2025

#XPOSURE2025 #CTEM #CyberSecurityLeadership #EnterpriseSecurity

🚨 A 10-year-old flaw (CVE-2025-49113 / CVSS 9.9) in Roundcube Webmail could let hackers take over your system.

Nation-state groups like APT28 have already exploited Roundcube before.

🔗 Read: https://thehackernews.com/2025/06/critical-10-year-old-roundcube-webmail.html

🔧 Patch to 1.6.11 or 1.5.10 LTS now.
📌 PoC coming soon.

🚨 Watch your clipboard!

A fake DocuSign site tricks users into running malware with a sneaky PowerShell script—copied via CAPTCHA.

✔️ Clipboard poisoning
✔️ Fake Gitcode & DocuSign sites
✔️ NetSupport RAT deployed

👀 Learn how it works → https://thehackernews.com/2025/06/fake-docusign-gitcode-sites-spread.html

🚨 Critical bugs in HPE StoreOnce | 9.8 CVSS flaw allows auth bypass + RCE as root.

👀 One bug (CVE-2025-37093) lets attackers skip login—then chain others for full takeover.

Patch now if you're running pre-4.3.11 versions.

🔗 Full details: https://thehackernews.com/2025/06/hpe-issues-security-patch-for-storeonce.html

🚨 New wave of supply chain attacks hits npm, PyPI & RubyGems.

Hackers are hiding malware in popular open-source packages to:

🔻 Steal crypto wallets
🗑️ Delete entire codebases
🕵️ Exfiltrate Telegram bot data

Full story & package list → https://thehackernews.com/2025/06/malicious-pypi-npm-and-ruby-packages.html

🚨 70% of data leaks now happen in-browser.

Legacy DLP tools can’t see what your employees are copy-pasting into AI tools, Slack, or Gmail.

The browser is the new security perimeter.

Read why browser-centric DLP is now a must → https://thehackernews.com/2025/06/your-saas-data-isnt-safe-why.html

🚨 New Chaos RAT variant targets Linux & Windows users

Masquerading as a Linux network tool, the malware spreads via phishing to deploy crypto miners, steal data, and gain full device control.

🔗 Full report: https://thehackernews.com/2025/06/chaos-rat-malware-targets-windows-and.html

Do you know how and where AI is running in your org? That customer service agent isn't just an LLM—it's system prompts, tool calls, RAG data, user logs, and MCP servers.

Every untracked component = a breach waiting to happen.

Why AI asset sprawl goes way beyond model discovery → https://thn.news/ai-assets-sprawl