🚨 New wave of supply chain attacks hits npm, PyPI & RubyGems.

Hackers are hiding malware in popular open-source packages to:

🔻 Steal crypto wallets
🗑️ Delete entire codebases
🕵️ Exfiltrate Telegram bot data

Full story & package list → https://thehackernews.com/2025/06/malicious-pypi-npm-and-ruby-packages.html

🚨 70% of data leaks now happen in-browser.

Legacy DLP tools can’t see what your employees are copy-pasting into AI tools, Slack, or Gmail.

The browser is the new security perimeter.

Read why browser-centric DLP is now a must → https://thehackernews.com/2025/06/your-saas-data-isnt-safe-why.html

🚨 New Chaos RAT variant targets Linux & Windows users

Masquerading as a Linux network tool, the malware spreads via phishing to deploy crypto miners, steal data, and gain full device control.

🔗 Full report: https://thehackernews.com/2025/06/chaos-rat-malware-targets-windows-and.html

Do you know how and where AI is running in your org? That customer service agent isn't just an LLM—it's system prompts, tool calls, RAG data, user logs, and MCP servers.

Every untracked component = a breach waiting to happen.

Why AI asset sprawl goes way beyond model discovery → https://thn.news/ai-assets-sprawl

🚨 Google warns: Fake IT calls breaching Salesforce accounts.

Hackers from UNC6040 trick staff into approving a malicious “Data Loader” app to steal data.

🔗 Learn how the scam works: https://thehackernews.com/2025/06/google-exposes-vishing-group-unc6040.html

🚨 One PASSWORD to rule them all?

A critical flaw (CVSS 9.9) in Cisco ISE cloud deployments (AWS, Azure, OCI) means static credentials are reused across systems—allowing unauthenticated attackers to access configs, data, and more.

Details → https://thehackernews.com/2025/06/critical-cisco-ise-auth-bypass-flaw.html

🔐 No fix—only factory reset.

🚨 Dark web carding site BidenCash taken down by U.S. DoJ

🔹 15M+ stolen credit cards sold
🔹 $17M in criminal profits
🔹 3.3M cards leaked for free to attract buyers
🔹 117K+ users served since 2022

Seized in global sting with FBI & Europol.

Read: https://thehackernews.com/2025/06/doj-seizes-145-domains-tied-to.html

🔥 2025’s biggest cyber threat? The accounts you forgot existed.

Machine IDs now outnumber humans 45:1 — and they’re 7.5x more dangerous.

Leaked secrets, orphaned privileges, siloed teams.
Attackers see the full map. Do you?

👉 How to close identity gaps before it’s too late: https://thehackernews.com/expert-insights/2025/06/identity-first-security-multilayered.html

Iran-linked hackers are spying on Kurdish & Iraqi officials using custom malware.

The group BladedFeline breached:
• KRG diplomats
• Iraq gov networks
• Uzbekistan telecom

Backdoors used: Whisper, Spearal, Shahmaran, Slippery Snakelet.

🕵️‍♂️ Full story → https://thehackernews.com/2025/06/iran-linked-bladedfeline-hits-iraqi-and.html

🔥 $4.88M average breach cost — boards want real ROI, not just patch counts.

Business Value Assessment (BVA) links risk to $$ and shows cost of inaction — often $500K+ monthly.

Stop guessing. Measure impact. Turn security into business value.

Try this new ROI Calculator ⬇️ https://thehackernews.com/2025/06/redefining-cyber-value-why-business.html

🚨“Bitter” hacking group targets governments and diplomats worldwide using advanced malware and spear-phishing.

Recent attacks spread from South Asia to Turkey. Active during business hours.

Learn more → https://thehackernews.com/2025/06/bitter-hacker-group-expands-cyber.html

⚠️ Ukraine hit by PathWiper malware wiping critical data via hacked admin tools. Linked to Russia-based APT groups.

🚨 Meanwhile, Silent Werewolf launches stealth attacks on Russian & Moldovan sectors using advanced loaders.

Stay informed—learn here: https://thehackernews.com/2025/06/new-pathwiper-data-wiper-malware.html

🚨 Enterprise security is under siege!

30% of attacks target web assets, 21% hit APIs & IoT devices.

⚠️ Too many alerts
⚠️ Scattered tests
⚠️ Limited visibility = High risk

🔍 AI-powered full-path attack simulation + centralized control = real defense.

Learn what it means → https://thehackernews.com/expert-insights/2025/06/solving-enterprise-security-challenge.html

🚨Alert: Positive Technologies has confirmed the deadly CVE-2025-49113 exploit—authenticated users can run arbitrary commands through PHP object deserialization.

Read: https://thehackernews.com/2025/06/critical-10-year-old-roundcube-webmail.html

Action: Update Roundcube immediately to the latest version.

Think like an attacker to defend better.

AEV continuously simulates cyber-attacks to show how hackers exploit your system.

It helps teams prioritize fixes—credentials, misconfigs, etc.—beyond patching.

Stay ahead by understanding attackers, not just checking boxes: https://thehackernews.com/2025/06/inside-mind-of-adversary-why-more.html

🚨 Tech support scam busted: 4 arrested in India, 2 fake call centers taken down targeting Japanese victims via AI-powered tricks.

66,000+ malicious domains removed since 2024 through global CBI-Microsoft-Japan effort.

Cybercrime is evolving—global teamwork is the key.

Learn more: https://thehackernews.com/2025/06/microsoft-helps-cbi-dismantle-indian.html

⚠️ macOS Alert — Fake Spectrum CAPTCHA is a trap!

Russian hackers use clipboard hacks + terminal scripts to steal passwords & install Atomic Stealer.

Victims unknowingly run commands — handing over control.

This sneaky ClickFix tactic preys on your “security check” fatigue.

Read: https://thehackernews.com/2025/06/new-atomic-macos-stealer-campaign.html

⚠️ Generative AI is leaking your sensitive data—4 million+ blocked attempts just in Zscaler’s cloud alone.

Blocking AI apps won’t stop employees; it just pushes data risks into the shadows.

The real fix? Visibility, context-aware policies, and secure AI alternatives that keep productivity high and data safe.

Here’s what smart AI security looks like ↓

Details here → https://thehackernews.com/2025/06/empower-users-and-protect-against-genai.html

🚨 Over 700 downloads of multiple malicious Chrome extensions are stealing banking data from Brazilians and 70+ companies.

Phishing emails disguised as invoices install spyware targeting Banco do Brasil.

Details here ↓ https://thehackernews.com/2025/06/malicious-browser-extensions-infect-722.html

🚨 Supply chain attacks hit npm & PyPI: malware in 1M+ downloads steals data, runs commands, and wipes files.

A PyPI package steals Instagram creds, spreading them to botnets.

Check your dependencies NOW.

Full details ↓ https://thehackernews.com/2025/06/new-supply-chain-malware-operation-hits.html