“`html
In our rapidly evolving, interconnected environment, the threats posed by cyberattacks are becoming increasingly common and intricate. Consequently, it is crucial to remain informed and conscious of the dangers. Each week, our newsletter provides a concise summary of the most significant news, expert insights, and practical advice to assist you in safeguarding your digital information and staying proactive against possible threats.
In this issue, we explore recent cyberattacks, vulnerabilities that have come to light, and vital updates concerning laws and regulations impacting enterprises globally. We emphasize critical topics such as sophisticated scams and the escalation of ransomware, along with the latest weaknesses affecting cloud services and internet-enabled devices.
Our aim is to equip you with the knowledge to identify potential threats before they escalate into more substantial issues. We also offer straightforward guidance to enhance your organization’s security and encourage a culture of vigilance regarding online safety.
Whether you are involved in cybersecurity, IT, or simply have an interest in securing your personal and data online, we intend to keep you educated and ready. Our newsletter combines vital news with practical perspectives and uncomplicated advice for everyday readers.
Anticipate regular segments that feature brief updates on security risks, suggestions for beneficial tools, and insights into emerging technologies that can bolster security.
Thank you for relying on us as your informational resource on cybersecurity. We invite you to delve deeper, share your views, and join a community devoted to protecting our digital landscape. Stay secure, stay informed, and remember that being knowledgeable is your strongest defense against online threats.
Threats
1. Malicious Packages Uploaded to PyPI Repositories
Cybercriminals are targeting Python developers by uploading harmful, weaponized packages to the official PyPI repository. These packages have the potential to compromise developer systems and could propagate malware through the software supply chain.
Read more
2. Over 20 Malicious Applications on Google Play Target Cryptocurrency Users
A coordinated phishing operation has been found involving over 20 malicious apps on Google Play. These apps, masquerading as legitimate cryptocurrency wallets and exchanges, siphon users’ wallet credentials. The perpetrators exploited compromised developer accounts, some with over 100,000 downloads, making the apps seem credible. The campaign focuses on platforms like SushiSwap, PancakeSwap, Hyperliquid, and Raydium, posing significant financial dangers to users.
Read more
3. Malicious Payload Concealed in JPEG Image Using Steganography
Researchers have uncovered a new attack wherein a malicious payload was hidden within a JPEG image utilizing steganography. This technique enables attackers to evade conventional security measures by concealing malware in seemingly harmless image files.
Read more
4. BERT Ransomware Now Affects Linux Systems
The BERT ransomware has advanced, now capable of targeting Linux systems in addition to Windows. This enhancement broadens its reach and heightens the risk for organizations utilizing Linux servers.
Read more
5. AsyncRAT Delivered via Deceptive Verification Prompts
Threat actors are disseminating the AsyncRAT remote access trojan through misleading verification prompts. Users duped into engaging with these prompts may inadvertently install the malware, granting attackers remote oversight of their systems.
Read more
6. Weaponized Research Papers Deliver Malware
Cybercriminals are distributing weaponized research papers that, once downloaded or opened, deploy malware on victims’ devices. These attacks frequently target researchers and professionals seeking academic materials.
Read more
7. Malicious PuTTY Ads Utilize to Disperse Malware
Attackers are employing harmful advertisements for PuTTY, a well-known SSH and telnet client, to spread malware. Unwary users searching for PuTTY downloads risk acquiring corrupted versions.
Read more
8. Microsoft Defender Email Bombing Assaults
A fresh wave of email bombing attacks is leveraging Microsoft Defender notifications to inundate users’ inboxes and potentially obscure more targeted phishing schemes.
Read more
9. Supercard Malware Compromises Android Devices
The new Supercard malware is infecting Android gadgets, utilizing them to execute further attacks or extract sensitive data. The malware propagates through compromised applications and phishing initiatives.
Read more
10. Threat Actors Contaminate Google Search Results
Cybercriminals are altering Google search results to redirect users to harmful websites. This “search poisoning” method raises the chances of users concluding on phishing or malware-infected pages.
Read more
Cyber Attacks
Record-Breaking DDoS Attack Reaches 7.3 Tbps
Cloudflare successfully neutralized the largest distributed denial-of-service (DDoS) attack on record, peaking at 7.3 terabits per second. The assault, which continued for only 45 seconds, targeted a hosting provider and unleashed 37.4 terabytes of worthless traffic from over 122,000 IP addresses across 161 nations. This incident represents a notable escalation in both scale and complexity, highlighting the escalating threat posed by global botnets and susceptible IoT devices.
Read more
Fortinet FortiGate API Exploit Tool Emerges on Dark Web
A severe zero-day vulnerability in Fortinet’s FortiOS and FortiProxy products is under active exploitation. The flaw permits unauthenticated remote code execution via the SSL VPN interface, potentially granting attackers complete control over affected devices. Threat actors are trading exploit tools on dark web forums, and organizations employing Fortinet products are advised to update immediately.
Read more
700+ ComfyUI AI Image Generation Servers Breached
Hackers have taken advantage of major vulnerabilities in ComfyUI, a widely-used AI image-generation framework, compromising at least 695 servers globally. Attackers implemented a backdoor known as “Pickai” to extract sensitive information, execute remote commands, and ensure persistent access. This operation illustrates the rising risk to organizations applying AI infrastructure without solid security measures.
Read more
Phishing Campaigns Exploit Vercel Hosting Service
Threat actors are misusing Vercel, a reliable frontend hosting platform, to disseminate harmful LogMeIn remote access tools. Over 1,200 users have been targeted with phishing communications that lead to deceptive Vercel-hosted sites, tricking victims into installing malware masquerading as genuine documents. The operation showcases the rising tendency to utilize legitimate platforms to evade detection and enhance the impact of phishing campaigns.
Read more
Qilin Ransomware Group Implements Advanced Loader Techniques
The Qilin (Agenda) ransomware group has improved its assault methods by incorporating…
“““html
Advanced loaders such as NETXLOADER and SmokeLoader. These instruments utilize intricate obfuscation and stealth techniques, allowing in-memory execution of ransomware payloads while evading security solutions. Qilin’s transition to Rust for development further enhances their capability to spread within virtual ecosystems and target high-value organizations.
Read more
WormGPT Variants Seize Commercial AI Models
WormGPT, an infamous malicious AI application, has re-emerged as a collection of wrappers that commandeer legitimate large language models (LLMs) like xAI’s Grok and Mistral AI’s Mixtral. By manipulating prompts to bypass these models’ safeguards, threat actors are able to generate phishing emails and malicious scripts. This development lowers the threshold for cybercrime, enabling attackers to weaponize commercial AI platforms with minimal effort.
Read more
Vulnerabilities
1. Citrix NetScaler ADC & Gateway: Severe Vulnerabilities Facilitate Data Breach
Two critical flaws (CVE-2025-5349, CVE-2025-5777) in NetScaler ADC and Gateway might enable attackers to access sensitive information or compromise network integrity. All entities using affected versions must update without delay, particularly as some older, unsupported versions remain unpatched.
Read more
2. Linux Kernel Privilege Escalation: Exploit Active in the Wild
A use-after-free vulnerability (CVE-2024-1086) in the Linux netfilter component permits local attackers to escalate privileges to root and execute arbitrary code. The flaw is currently being exploited, and patches are available for all major kernel releases. Immediate updates are advised.
Read more
3. Google Chrome: Multiple Zero-Day Vulnerabilities Addressed
Google has issued urgent updates for Chrome, resolving several critical vulnerabilities, including CVE-2025-5419 (actively exploited zero-day in the V8 engine) and CVE-2025-4664 (policy enforcement bypass). Users and organizations are encouraged to upgrade to version 137.0.7151.68/.69 or later.
Read more
4. Apache SeaTunnel: Unauthenticated RCE & File Reading Vulnerability
A severe flaw (CVE-2025-32896) in Apache SeaTunnel permits unauthenticated attackers to read arbitrary files and execute remote code through a legacy REST API endpoint. Users should update to version 2.3.11 or later and secure API endpoints.
Read more
5. OpenVPN: Denial-of-Service and Potential RCE Risks
OpenVPN versions 2.6.1 through 2.6.13 (with –tls-crypt-v2 enabled) are susceptible to an attack that may crash servers and potentially lead to further exploitation. The issue has been remedied in version 2.6.14.
Read more
6. Linux Privilege Escalation: Common Exploitation Techniques
Attackers persist in exploiting misconfigured services, vulnerable SUID binaries, and improper sudo permissions to elevate privileges on Linux systems. Security teams should routinely audit user permissions and system settings.
Read more
7. Password Reset Poisoning Attack
A new attack vector targets web applications’ password reset functionality, allowing attackers to hijack requests for password resets and compromise accounts. Organizations should evaluate and enhance their reset procedures.
Read more
8. Cisco AnyConnect VPN: Vulnerability Endangers Servers
A recently revealed vulnerability in Cisco AnyConnect VPN servers may allow attackers to compromise remote access systems. Immediate patching is recommended for all affected systems.
Read more
Data Breach
1. Zoomcar Data Breach Affects 8.4 Million Users
The Indian car-sharing service Zoomcar has acknowledged a significant data breach impacting approximately 8.4 million users. The breach was identified on June 9, 2025, after employees received notifications from a hacker claiming to have compromised company data. Exposed information includes users’ names, phone numbers, car registration details, home addresses, and email addresses. Although there is currently no indication that financial details or passwords were compromised, the exposed data could facilitate targeted phishing and identity fraud. The full extent and method of the breach are still under investigation.
Read more
2. Washington Post Journalists Targeted in Government-Linked Email Breach
The Washington Post is probing a targeted cyberattack that compromised the Microsoft email accounts of several journalists, especially those covering national security, economic policy, and China. The breach, discovered on June 12, 2025, is suspected to be carried out by a foreign state actor, with initial signs indicating Chinese involvement. Hackers accessed both sent and received emails, but there is no evidence that customer data or other internal systems were impacted. The attack exploited vulnerabilities in Microsoft’s authentication methods, potentially using phishing and zero-day exploits to circumvent multi-factor authentication. This breach underscores the persistent threat of espionage against media entities.
Read more
3. Record-Breaking Leak: 16 Billion Passwords Exposed Online
Cybersecurity researchers have discovered the largest credential breach in history, with over 16 billion login records leaked online. The data, aggregated from 30 different datasets, contains usernames and passwords for major platforms such as Google, Apple, Facebook, GitHub, Telegram, and even government portals. The leak is attributed to infostealer malware rather than direct company breaches and consists predominantly of new, highly exploitable credentials. Experts caution that this “blueprint for mass exploitation” could result in widespread phishing, account takeovers, and identity theft. Users are advised to verify if their accounts are impacted and to utilize strong, unique passwords along with multi-factor authentication.
Read more
Other News
Darknet Market ‘Archetyp’ Disbanded in Major International Raid
Law enforcement across Europe and the United States have successfully dismantled the infamous Archetyp Market, a longstanding dark web marketplace known for promoting the sale of fentanyl and other potent opioids. This operation, coordinated by Europol, led to the dismantling of the market’s infrastructure and the arrest of its administrator in Barcelona. This action disrupts a critical supply line for some of the world’s most dangerous substances and delivers a strong message to cybercriminals exploiting the dark web for unlawful profits.
Read more
“`
GCHQ Intern Sentenced to Seven Years Following Data Theft
A previous intern at the UK’s intelligence organization GCHQ has received a sentence of seven and a half years in prison for unlawfully duplicating highly confidential files onto his personal devices. Hasaan Arshad, 25, illicitly removed classified information—including the identities of 17 GCHQ personnel—from a secure location, endangering national security. The violation was revealed during a police search of his residence, with prosecutors emphasizing the grave threat posed if such data had ended up in inappropriate hands.
Read more
Scania Financial Services Affected by Data Breach
Sweden’s Scania Financial Services has acknowledged a major data breach after an adversary known as “hensi” asserted to have accessed and extracted 34,000 sensitive files from the company’s insurance system. The breach, which utilized credentials pilfered from an external IT collaborator, exposed documents connected to insurance claims—potentially including personal, financial, and medical information of clients and partners. The complete extent of the incident is currently under investigation.
Read more
FBI Thwarts Ransomware Gang Behind 43 Attacks
The FBI has successfully dismantled the Radar/Dispossessor ransomware group, which was responsible for breaching at least 43 businesses. The operation involved the seizure of the gang’s servers and domains in the UK and Germany. Radar, once associated with LockBit, had developed a dual approach of ransomware and data resale, earning profits from both ransom requests and the distribution of stolen information. Their disbanding represents a significant victory in the continuous campaign against ransomware.
Read more
Krispy Kreme Acknowledges Customer Data Breach in Ransomware Incident
Krispy Kreme has commenced notifying customers that their personal data was compromised in a ransomware incident perpetrated by the Play group in late 2024. The breach, which affected online ordering services, was only confirmed to have jeopardized personal information in May 2025. Although the precise nature of the compromised data remains undisclosed, the company is providing affected individuals with free identity monitoring services. This incident underscores the rising dangers to businesses with extensive digital operations.
Read more
The post Weekly Cybersecurity News Recap – Key Vulnerabilities, Threats, and Data Breaches appeared first on Cyber Security News.