XPOSURE is back! The National Exposure Management Virtual Summit returns for its fourth year, focused on what matters most: reducing cyber exposure and risk.
Join top cybersecurity leaders from Pentera, Forrester, AWS, Armis, Recorded Future, and SecurityScorecard to learn how leading security teams are taking a proactive approach to exposure across the enterprise.
Featuring Jen Easterly, former Director of the Cybersecurity and Infrastructure Security Agency (CISA), as the XPOSURE 2025 keynote.
If youβre building toward a more proactive security model, this is where you need to be.
π June 18 | π 11 AM ET
π Up to 3.5 CPE credits
π https://thn.news/xposure2025
#XPOSURE2025 #CTEM #CyberSecurityLeadership #EnterpriseSecurity
Join top cybersecurity leaders from Pentera, Forrester, AWS, Armis, Recorded Future, and SecurityScorecard to learn how leading security teams are taking a proactive approach to exposure across the enterprise.
Featuring Jen Easterly, former Director of the Cybersecurity and Infrastructure Security Agency (CISA), as the XPOSURE 2025 keynote.
If youβre building toward a more proactive security model, this is where you need to be.
π June 18 | π 11 AM ET
π Up to 3.5 CPE credits
π https://thn.news/xposure2025
#XPOSURE2025 #CTEM #CyberSecurityLeadership #EnterpriseSecurity
π2
π¨ A 10-year-old flaw (CVE-2025-49113 / CVSS 9.9) in Roundcube Webmail could let hackers take over your system.
Nation-state groups like APT28 have already exploited Roundcube before.
π Read: https://thehackernews.com/2025/06/critical-10-year-old-roundcube-webmail.html
π§ Patch to 1.6.11 or 1.5.10 LTS now.
π PoC coming soon.
Nation-state groups like APT28 have already exploited Roundcube before.
π Read: https://thehackernews.com/2025/06/critical-10-year-old-roundcube-webmail.html
π§ Patch to 1.6.11 or 1.5.10 LTS now.
π PoC coming soon.
π11π₯5π€5π4
π¨ Watch your clipboard!
A fake DocuSign site tricks users into running malware with a sneaky PowerShell scriptβcopied via CAPTCHA.
βοΈ Clipboard poisoning
βοΈ Fake Gitcode & DocuSign sites
βοΈ NetSupport RAT deployed
π Learn how it works β https://thehackernews.com/2025/06/fake-docusign-gitcode-sites-spread.html
A fake DocuSign site tricks users into running malware with a sneaky PowerShell scriptβcopied via CAPTCHA.
βοΈ Clipboard poisoning
βοΈ Fake Gitcode & DocuSign sites
βοΈ NetSupport RAT deployed
π Learn how it works β https://thehackernews.com/2025/06/fake-docusign-gitcode-sites-spread.html
π₯7π6π€―4
π¨ Critical bugs in HPE StoreOnce | 9.8 CVSS flaw allows auth bypass + RCE as root.
π One bug (CVE-2025-37093) lets attackers skip loginβthen chain others for full takeover.
Patch now if you're running pre-4.3.11 versions.
π Full details: https://thehackernews.com/2025/06/hpe-issues-security-patch-for-storeonce.html
π One bug (CVE-2025-37093) lets attackers skip loginβthen chain others for full takeover.
Patch now if you're running pre-4.3.11 versions.
π Full details: https://thehackernews.com/2025/06/hpe-issues-security-patch-for-storeonce.html
π11π₯4
π¨ New wave of supply chain attacks hits npm, PyPI & RubyGems.
Hackers are hiding malware in popular open-source packages to:
π» Steal crypto wallets
ποΈ Delete entire codebases
π΅οΈ Exfiltrate Telegram bot data
Full story & package list β https://thehackernews.com/2025/06/malicious-pypi-npm-and-ruby-packages.html
Hackers are hiding malware in popular open-source packages to:
π» Steal crypto wallets
ποΈ Delete entire codebases
π΅οΈ Exfiltrate Telegram bot data
Full story & package list β https://thehackernews.com/2025/06/malicious-pypi-npm-and-ruby-packages.html
π€―11π6
π¨ 70% of data leaks now happen in-browser.
Legacy DLP tools canβt see what your employees are copy-pasting into AI tools, Slack, or Gmail.
The browser is the new security perimeter.
Read why browser-centric DLP is now a must β https://thehackernews.com/2025/06/your-saas-data-isnt-safe-why.html
Legacy DLP tools canβt see what your employees are copy-pasting into AI tools, Slack, or Gmail.
The browser is the new security perimeter.
Read why browser-centric DLP is now a must β https://thehackernews.com/2025/06/your-saas-data-isnt-safe-why.html
π14π€7
π¨ New Chaos RAT variant targets Linux & Windows users
Masquerading as a Linux network tool, the malware spreads via phishing to deploy crypto miners, steal data, and gain full device control.
π Full report: https://thehackernews.com/2025/06/chaos-rat-malware-targets-windows-and.html
Masquerading as a Linux network tool, the malware spreads via phishing to deploy crypto miners, steal data, and gain full device control.
π Full report: https://thehackernews.com/2025/06/chaos-rat-malware-targets-windows-and.html
π9π₯3β‘2π1
Do you know how and where AI is running in your org? That customer service agent isn't just an LLMβit's system prompts, tool calls, RAG data, user logs, and MCP servers.
Every untracked component = a breach waiting to happen.
Why AI asset sprawl goes way beyond model discovery β https://thn.news/ai-assets-sprawl
Every untracked component = a breach waiting to happen.
Why AI asset sprawl goes way beyond model discovery β https://thn.news/ai-assets-sprawl
π7π4
π¨ Google warns: Fake IT calls breaching Salesforce accounts.
Hackers from UNC6040 trick staff into approving a malicious βData Loaderβ app to steal data.
π Learn how the scam works: https://thehackernews.com/2025/06/google-exposes-vishing-group-unc6040.html
Hackers from UNC6040 trick staff into approving a malicious βData Loaderβ app to steal data.
π Learn how the scam works: https://thehackernews.com/2025/06/google-exposes-vishing-group-unc6040.html
π7π5π3π₯2
π¨ One PASSWORD to rule them all?
A critical flaw (CVSS 9.9) in Cisco ISE cloud deployments (AWS, Azure, OCI) means static credentials are reused across systemsβallowing unauthenticated attackers to access configs, data, and more.
Details β https://thehackernews.com/2025/06/critical-cisco-ise-auth-bypass-flaw.html
π No fixβonly factory reset.
A critical flaw (CVSS 9.9) in Cisco ISE cloud deployments (AWS, Azure, OCI) means static credentials are reused across systemsβallowing unauthenticated attackers to access configs, data, and more.
Details β https://thehackernews.com/2025/06/critical-cisco-ise-auth-bypass-flaw.html
π No fixβonly factory reset.
π11π₯9π4β‘1π€―1
π¨ Dark web carding site BidenCash taken down by U.S. DoJ
πΉ 15M+ stolen credit cards sold
πΉ $17M in criminal profits
πΉ 3.3M cards leaked for free to attract buyers
πΉ 117K+ users served since 2022
Seized in global sting with FBI & Europol.
Read: https://thehackernews.com/2025/06/doj-seizes-145-domains-tied-to.html
πΉ 15M+ stolen credit cards sold
πΉ $17M in criminal profits
πΉ 3.3M cards leaked for free to attract buyers
πΉ 117K+ users served since 2022
Seized in global sting with FBI & Europol.
Read: https://thehackernews.com/2025/06/doj-seizes-145-domains-tied-to.html
π19π9
π₯ 2025βs biggest cyber threat? The accounts you forgot existed.
Machine IDs now outnumber humans 45:1 β and theyβre 7.5x more dangerous.
Leaked secrets, orphaned privileges, siloed teams.
Attackers see the full map. Do you?
π How to close identity gaps before itβs too late: https://thehackernews.com/expert-insights/2025/06/identity-first-security-multilayered.html
Machine IDs now outnumber humans 45:1 β and theyβre 7.5x more dangerous.
Leaked secrets, orphaned privileges, siloed teams.
Attackers see the full map. Do you?
π How to close identity gaps before itβs too late: https://thehackernews.com/expert-insights/2025/06/identity-first-security-multilayered.html
π₯8
Iran-linked hackers are spying on Kurdish & Iraqi officials using custom malware.
The group BladedFeline breached:
β’ KRG diplomats
β’ Iraq gov networks
β’ Uzbekistan telecom
Backdoors used: Whisper, Spearal, Shahmaran, Slippery Snakelet.
π΅οΈββοΈ Full story β https://thehackernews.com/2025/06/iran-linked-bladedfeline-hits-iraqi-and.html
The group BladedFeline breached:
β’ KRG diplomats
β’ Iraq gov networks
β’ Uzbekistan telecom
Backdoors used: Whisper, Spearal, Shahmaran, Slippery Snakelet.
π΅οΈββοΈ Full story β https://thehackernews.com/2025/06/iran-linked-bladedfeline-hits-iraqi-and.html
β‘7π3π₯3π±3
π₯ $4.88M average breach cost β boards want real ROI, not just patch counts.
Business Value Assessment (BVA) links risk to $$ and shows cost of inaction β often $500K+ monthly.
Stop guessing. Measure impact. Turn security into business value.
Try this new ROI Calculator β¬οΈ https://thehackernews.com/2025/06/redefining-cyber-value-why-business.html
Business Value Assessment (BVA) links risk to $$ and shows cost of inaction β often $500K+ monthly.
Stop guessing. Measure impact. Turn security into business value.
Try this new ROI Calculator β¬οΈ https://thehackernews.com/2025/06/redefining-cyber-value-why-business.html
π₯7π4π€2
π¨βBitterβ hacking group targets governments and diplomats worldwide using advanced malware and spear-phishing.
Recent attacks spread from South Asia to Turkey. Active during business hours.
Learn more β https://thehackernews.com/2025/06/bitter-hacker-group-expands-cyber.html
Recent attacks spread from South Asia to Turkey. Active during business hours.
Learn more β https://thehackernews.com/2025/06/bitter-hacker-group-expands-cyber.html
π12
β οΈ Ukraine hit by PathWiper malware wiping critical data via hacked admin tools. Linked to Russia-based APT groups.
π¨ Meanwhile, Silent Werewolf launches stealth attacks on Russian & Moldovan sectors using advanced loaders.
Stay informedβlearn here: https://thehackernews.com/2025/06/new-pathwiper-data-wiper-malware.html
π¨ Meanwhile, Silent Werewolf launches stealth attacks on Russian & Moldovan sectors using advanced loaders.
Stay informedβlearn here: https://thehackernews.com/2025/06/new-pathwiper-data-wiper-malware.html
π₯23π±5π2π€―1
π¨ Enterprise security is under siege!
30% of attacks target web assets, 21% hit APIs & IoT devices.
β οΈ Too many alerts
β οΈ Scattered tests
β οΈ Limited visibility = High risk
π AI-powered full-path attack simulation + centralized control = real defense.
Learn what it means β https://thehackernews.com/expert-insights/2025/06/solving-enterprise-security-challenge.html
30% of attacks target web assets, 21% hit APIs & IoT devices.
β οΈ Too many alerts
β οΈ Scattered tests
β οΈ Limited visibility = High risk
π AI-powered full-path attack simulation + centralized control = real defense.
Learn what it means β https://thehackernews.com/expert-insights/2025/06/solving-enterprise-security-challenge.html
π8π5π₯2
π¨Alert: Positive Technologies has confirmed the deadly CVE-2025-49113 exploitβauthenticated users can run arbitrary commands through PHP object deserialization.
Read: https://thehackernews.com/2025/06/critical-10-year-old-roundcube-webmail.html
Action: Update Roundcube immediately to the latest version.
Read: https://thehackernews.com/2025/06/critical-10-year-old-roundcube-webmail.html
Action: Update Roundcube immediately to the latest version.
π8π₯5π€―1
Think like an attacker to defend better.
AEV continuously simulates cyber-attacks to show how hackers exploit your system.
It helps teams prioritize fixesβcredentials, misconfigs, etc.βbeyond patching.
Stay ahead by understanding attackers, not just checking boxes: https://thehackernews.com/2025/06/inside-mind-of-adversary-why-more.html
AEV continuously simulates cyber-attacks to show how hackers exploit your system.
It helps teams prioritize fixesβcredentials, misconfigs, etc.βbeyond patching.
Stay ahead by understanding attackers, not just checking boxes: https://thehackernews.com/2025/06/inside-mind-of-adversary-why-more.html
π9π₯5π2
π¨ Tech support scam busted: 4 arrested in India, 2 fake call centers taken down targeting Japanese victims via AI-powered tricks.
66,000+ malicious domains removed since 2024 through global CBI-Microsoft-Japan effort.
Cybercrime is evolvingβglobal teamwork is the key.
Learn more: https://thehackernews.com/2025/06/microsoft-helps-cbi-dismantle-indian.html
66,000+ malicious domains removed since 2024 through global CBI-Microsoft-Japan effort.
Cybercrime is evolvingβglobal teamwork is the key.
Learn more: https://thehackernews.com/2025/06/microsoft-helps-cbi-dismantle-indian.html
π₯11π€―7π4π2β‘1