🚨 Chrome to Block TLS Certificates from Two Major Certificate Authorities.

Why? Repeated security failures. Broken promises. No real progress.

Read: https://thehackernews.com/2025/06/google-chrome-to-distrust-two.html

⚠️ Switch CAs now to avoid disruptions.

🚨 New Android malware 'Crocodilus' spreads worldwide.

First seen in Spain & Turkey, it now targets users in 🇵🇱 Poland, 🇧🇷 Brazil, 🇦🇷 Argentina, 🇮🇳 India & more.

It:
🔸 Steals crypto seed phrases
🔸 Poses as " Bank Support " to evade Google alerts
🔸 Spreads via Facebook ads

🔗 Details: https://thehackernews.com/2025/06/android-trojan-crocodilus-now-active-in.html

New GenAI Security Best Practices Bundle

3-in-1 AI security guides. Get access to 3 resources that will help secure your AI pipeline and mitigate critical risks.

Unlock the Bundle: https://thehackernews.uk/wiz-genai-sec-bundle

“Hey, I got a new phone—can you reset my MFA?”

That’s how $100M+ breaches begin.

Scattered Spider isn’t new — they’ve been hijacking accounts using help desk scams, deepfakes & AiTM phishing kits since 2022.

Learn how to fight back → https://thehackernews.com/2025/06/scattered-spider-understanding-help.html

XPOSURE is back! The National Exposure Management Virtual Summit returns for its fourth year, focused on what matters most: reducing cyber exposure and risk.

Join top cybersecurity leaders from Pentera, Forrester, AWS, Armis, Recorded Future, and SecurityScorecard to learn how leading security teams are taking a proactive approach to exposure across the enterprise.

Featuring Jen Easterly, former Director of the Cybersecurity and Infrastructure Security Agency (CISA), as the XPOSURE 2025 keynote.

If you’re building toward a more proactive security model, this is where you need to be.

📅 June 18 | 🕚 11 AM ET
🎓 Up to 3.5 CPE credits
🔗 https://thn.news/xposure2025

#XPOSURE2025 #CTEM #CyberSecurityLeadership #EnterpriseSecurity

🚨 A 10-year-old flaw (CVE-2025-49113 / CVSS 9.9) in Roundcube Webmail could let hackers take over your system.

Nation-state groups like APT28 have already exploited Roundcube before.

🔗 Read: https://thehackernews.com/2025/06/critical-10-year-old-roundcube-webmail.html

🔧 Patch to 1.6.11 or 1.5.10 LTS now.
📌 PoC coming soon.

🚨 Watch your clipboard!

A fake DocuSign site tricks users into running malware with a sneaky PowerShell noscript—copied via CAPTCHA.

✔️ Clipboard poisoning
✔️ Fake Gitcode & DocuSign sites
✔️ NetSupport RAT deployed

👀 Learn how it works → https://thehackernews.com/2025/06/fake-docusign-gitcode-sites-spread.html

🚨 Critical bugs in HPE StoreOnce | 9.8 CVSS flaw allows auth bypass + RCE as root.

👀 One bug (CVE-2025-37093) lets attackers skip login—then chain others for full takeover.

Patch now if you're running pre-4.3.11 versions.

🔗 Full details: https://thehackernews.com/2025/06/hpe-issues-security-patch-for-storeonce.html

🚨 New wave of supply chain attacks hits npm, PyPI & RubyGems.

Hackers are hiding malware in popular open-source packages to:

🔻 Steal crypto wallets
🗑️ Delete entire codebases
🕵️ Exfiltrate Telegram bot data

Full story & package list → https://thehackernews.com/2025/06/malicious-pypi-npm-and-ruby-packages.html

🚨 70% of data leaks now happen in-browser.

Legacy DLP tools can’t see what your employees are copy-pasting into AI tools, Slack, or Gmail.

The browser is the new security perimeter.

Read why browser-centric DLP is now a must → https://thehackernews.com/2025/06/your-saas-data-isnt-safe-why.html

🚨 New Chaos RAT variant targets Linux & Windows users

Masquerading as a Linux network tool, the malware spreads via phishing to deploy crypto miners, steal data, and gain full device control.

🔗 Full report: https://thehackernews.com/2025/06/chaos-rat-malware-targets-windows-and.html

Do you know how and where AI is running in your org? That customer service agent isn't just an LLM—it's system prompts, tool calls, RAG data, user logs, and MCP servers.

Every untracked component = a breach waiting to happen.

Why AI asset sprawl goes way beyond model discovery → https://thn.news/ai-assets-sprawl

🚨 Google warns: Fake IT calls breaching Salesforce accounts.

Hackers from UNC6040 trick staff into approving a malicious “Data Loader” app to steal data.

🔗 Learn how the scam works: https://thehackernews.com/2025/06/google-exposes-vishing-group-unc6040.html

🚨 One PASSWORD to rule them all?

A critical flaw (CVSS 9.9) in Cisco ISE cloud deployments (AWS, Azure, OCI) means static credentials are reused across systems—allowing unauthenticated attackers to access configs, data, and more.

Details → https://thehackernews.com/2025/06/critical-cisco-ise-auth-bypass-flaw.html

🔐 No fix—only factory reset.

🚨 Dark web carding site BidenCash taken down by U.S. DoJ

🔹 15M+ stolen credit cards sold
🔹 $17M in criminal profits
🔹 3.3M cards leaked for free to attract buyers
🔹 117K+ users served since 2022

Seized in global sting with FBI & Europol.

Read: https://thehackernews.com/2025/06/doj-seizes-145-domains-tied-to.html

🔥 2025’s biggest cyber threat? The accounts you forgot existed.

Machine IDs now outnumber humans 45:1 — and they’re 7.5x more dangerous.

Leaked secrets, orphaned privileges, siloed teams.
Attackers see the full map. Do you?

👉 How to close identity gaps before it’s too late: https://thehackernews.com/expert-insights/2025/06/identity-first-security-multilayered.html

Iran-linked hackers are spying on Kurdish & Iraqi officials using custom malware.

The group BladedFeline breached:
• KRG diplomats
• Iraq gov networks
• Uzbekistan telecom

Backdoors used: Whisper, Spearal, Shahmaran, Slippery Snakelet.

🕵️‍♂️ Full story → https://thehackernews.com/2025/06/iran-linked-bladedfeline-hits-iraqi-and.html

🔥 $4.88M average breach cost — boards want real ROI, not just patch counts.

Business Value Assessment (BVA) links risk to $$ and shows cost of inaction — often $500K+ monthly.

Stop guessing. Measure impact. Turn security into business value.

Try this new ROI Calculator ⬇️ https://thehackernews.com/2025/06/redefining-cyber-value-why-business.html

🚨“Bitter” hacking group targets governments and diplomats worldwide using advanced malware and spear-phishing.

Recent attacks spread from South Asia to Turkey. Active during business hours.

Learn more → https://thehackernews.com/2025/06/bitter-hacker-group-expands-cyber.html

⚠️ Ukraine hit by PathWiper malware wiping critical data via hacked admin tools. Linked to Russia-based APT groups.

🚨 Meanwhile, Silent Werewolf launches stealth attacks on Russian & Moldovan sectors using advanced loaders.

Stay informed—learn here: https://thehackernews.com/2025/06/new-pathwiper-data-wiper-malware.html

🚨 Enterprise security is under siege!

30% of attacks target web assets, 21% hit APIs & IoT devices.

⚠️ Too many alerts
⚠️ Scattered tests
⚠️ Limited visibility = High risk

🔍 AI-powered full-path attack simulation + centralized control = real defense.

Learn what it means → https://thehackernews.com/expert-insights/2025/06/solving-enterprise-security-challenge.html