Daily CyberSecurity •

Water Curse: GitHub Supply Chain Attack Spreads Malware via Fake Tools, Targets Devs & Gamers

GitHub

Water Curse: GitHub Supply Chain Attack Spreads Malware via Fake Tools, Targets Devs & Gamers

June 17, 2025

GrayAlpha’s Expanding Arsenal: FIN7-Aligned Threat Actor Deploys Custom Loaders to Spread NetSupport RAT

GrayAlpha, FIN7

Cybercriminals

GrayAlpha’s Expanding Arsenal: FIN7-Aligned Threat Actor Deploys Custom Loaders to Spread NetSupport RAT

June 17, 2025

Google Play Store Alert: New Phishing Apps Bypass Security, Stealing Crypto Wallet Seeds

Crypto Phishing Apps, Google Play Store

Cybercriminals

Google Play Store Alert: New Phishing Apps Bypass Security, Stealing Crypto Wallet Seeds

June 16, 2025

Obscure VBScript “sostener.vbs” Unmasked: Fuels Multi-Stage RAT Delivery, Linked to Blind Eagle APT

RAT

Cybercriminals

Obscure VBScript “sostener.vbs” Unmasked: Fuels Multi-Stage RAT Delivery, Linked to Blind Eagle APT

June 16, 2025

Taiwan Under Attack: Sophisticated Phishing Campaign Delivers Winos 4.0, HoldingHands RAT, & Gh0stCringe

Taiwan Cyberattack, Phishing Campaign

Malware

Taiwan Under Attack: Sophisticated Phishing Campaign Delivers Winos 4.0, HoldingHands RAT, & Gh0stCringe

June 18, 2025

KimJongRAT Returns: New PE & PowerShell Variants Steal Crypto and Browser Data via CDNs

KimJong

Malware

KimJongRAT Returns: New PE & PowerShell Variants Steal Crypto and Browser Data via CDNs

June 18, 2025

Fileless AsyncRAT Campaign Targets German Users with Stealthy PowerShell Payload

BingX cyberattack

Malware

Fileless AsyncRAT Campaign Targets German Users with Stealthy PowerShell Payload

June 17, 2025

Water Curse: GitHub Supply Chain Attack Spreads Malware via Fake Tools, Targets Devs & Gamers

GitHub

Water Curse: GitHub Supply Chain Attack Spreads Malware via Fake Tools, Targets Devs & Gamers

June 17, 2025

Hackers Leak 7.4 Million Paraguayan Citizen Records, Demand $1 Per Person Ransom

Paraguay Data Breach, Ransomware

Data Leak

Hackers Leak 7.4 Million Paraguayan Citizen Records, Demand $1 Per Person Ransom

June 17, 2025

SmartAttack: Turning Your Smartwatch into a Spy Tool for Air-Gapped Networks

Smartwatch Hacking, Air-Gapped Data Exfiltration

Data Leak

SmartAttack: Turning Your Smartwatch into a Spy Tool for Air-Gapped Networks

June 16, 2025

Android’s Secret Tracking: Meta & Yandex Abused Localhost for User Data

Android Tracking

Data Leak

Android’s Secret Tracking: Meta & Yandex Abused Localhost for User Data

June 9, 2025

Popular Chrome Extensions Caught Leaking Sensitive User Data via Unencrypted HTTP

Data Leak

Popular Chrome Extensions Caught Leaking Sensitive User Data via Unencrypted HTTP

June 7, 2025

Halo Security Honored with 2025 MSP Today Product of the Year Award halo-security-msp-today_1750188136PpIMWQWEM7

halo-security-msp-today_1750188136PpIMWQWEM7

Halo Security Honored with 2025 MSP Today Product of the Year Award

cybernewswire June 18, 2025

Miami, Florida, 18th June 2025, CyberNewsWire

Mastodon Cracks Down: New Terms Ban Unauthorized AI Data Scraping Mastodon Data, AI Scraping CVE-2024-23832 PoC

Mastodon Data, AI Scraping CVE-2024-23832 PoC

Mastodon Cracks Down: New Terms Ban Unauthorized AI Data Scraping

Ddos June 18, 2025

Firefox Pilots AI Search: Perplexity AI Integration Challenges Google’s Dominance Firefox AI Search, Perplexity AI

Firefox AI Search, Perplexity AI

Firefox Pilots AI Search: Perplexity AI Integration Challenges Google’s Dominance

Ddos June 18, 2025

The “Infinite Workday” is Here: Microsoft Warns of Never-Ending Work Driven by Hybrid Models & AI Infinite Workday, AI in Work Microsoft Russia, Bankruptcy AI code generation, Microsoft AI Microsoft Layoffs, Restructuring

Infinite Workday, AI in Work Microsoft Russia, Bankruptcy AI code generation, Microsoft AI Microsoft Layoffs, Restructuring

The “Infinite Workday” is Here: Microsoft Warns of Never-Ending Work Driven by Hybrid Models & AI

Ddos June 18, 2025

Why Threat Intelligence Is Critical for Business Security and Avoiding Cyberattacks

Threat Intelligence

Why Threat Intelligence Is Critical for Business Security and Avoiding Cyberattacks

Ddos June 18, 2025

Linux Kernel Flaw (CVE-2023-0386) Actively Exploited for Root Privilege Escalation, PoC Available CVE-2023-0386 PoC Linux Privilege Escalation, OverlayFS

CVE-2023-0386 PoC Linux Privilege Escalation, OverlayFS

Linux Kernel Flaw (CVE-2023-0386) Actively Exploited for Root Privilege Escalation, PoC Available

Ddos June 18, 2025

Critical NetScaler Flaws Allow Access Control Bypass & Memory Overread NetScaler Vulnerabilities, Access Bypass CVE-2024-8534 and CVE-2024-8535

NetScaler Vulnerabilities, Access Bypass CVE-2024-8534 and CVE-2024-8535

Critical NetScaler Flaws Allow Access Control Bypass & Memory Overread

Ddos June 18, 2025

Urgent Veeam Update: Critical RCE CVE-2025-23121 (CVSS 9.9) & Two Other Flaws Threaten Backup Servers Veeam Vulnerabilities CVE-2024-42448 & CVE-2024-42449

Veeam Vulnerabilities CVE-2024-42448 & CVE-2024-42449

Urgent Veeam Update: Critical RCE CVE-2025-23121 (CVSS 9.9) & Two Other Flaws Threaten Backup Servers

Ddos June 18, 2025

Chrome Update Alert: Two High-Severity Flaws (CVE-2025-6191, CVE-2025-6192) Patched Chrome Security Update, High-Severity Google Chrome, Antitrust CVE-2024-10487 and CVE-2024-10488 Google Chrome Root Program Chrome Update, CVE-2025-3619 Chrome Acquisition, Perplexity.ai

Chrome Security Update, High-Severity Google Chrome, Antitrust CVE-2024-10487 and CVE-2024-10488 Google Chrome Root Program Chrome Update, CVE-2025-3619 Chrome Acquisition, Perplexity.ai

Chrome Update Alert: Two High-Severity Flaws (CVE-2025-6191, CVE-2025-6192) Patched

Ddos June 18, 2025

WAGO Device Manager Vulnerabilities Expose Critical Industrial Infrastructure to Remote Exploits WAGO Vulnerability

WAGO Vulnerability

WAGO Device Manager Vulnerabilities Expose Critical Industrial Infrastructure to Remote Exploits

Ddos June 18, 2025

Kimsuky APT Group Abuses HWP and AnyDesk for Covert Remote Surveillance kimsumy

kimsumy

Kimsuky APT Group Abuses HWP and AnyDesk for Covert Remote Surveillance

Ddos June 18, 2025

Trend Micro Fortifies AI Security: Integrates NVIDIA Agentic AI Safety for End-to-End Protection AI Security Trend Micro Deep Security - CVE-2024-48904 & CVE-2024-51503

AI Security Trend Micro Deep Security - CVE-2024-48904 & CVE-2024-51503

Trend Micro Fortifies AI Security: Integrates NVIDIA Agentic AI Safety for End-to-End Protection

Ddos June 17, 2025

OpenAI Secures $200M DoD Contract to Develop Advanced AI for National Security OpenAI, DoD Contract OpenAI Lawsuit, ChatGPT Privacy North Korea ChatGPT - GPT-4.5 model OpenAI Models, AI Advancements OpenAI pricing, Flex API

OpenAI, DoD Contract OpenAI Lawsuit, ChatGPT Privacy North Korea ChatGPT - GPT-4.5 model OpenAI Models, AI Advancements OpenAI pricing, Flex API

OpenAI Secures $200M DoD Contract to Develop Advanced AI for National Security

Ddos June 17, 2025

Windows Hello Update: Microsoft Disables Facial Recognition in the Dark Due to Security Flaw Windows Hello vulnerabilities Windows Hello, Facial Recognition

Windows Hello vulnerabilities Windows Hello, Facial Recognition

Windows Hello Update: Microsoft Disables Facial Recognition in the Dark Due to Security Flaw

Ddos June 17, 2025

High-Severity Flaw Exposes ASUS Armoury Crate to Authentication Bypass ASUS Armoury Crate vulnerability Asus CVE Numbering Authority - CVE-2024-12912 and CVE-2024-13062 AMI BMC vulnerability, CVE-2024-54085

ASUS Armoury Crate vulnerability Asus CVE Numbering Authority - CVE-2024-12912 and CVE-2024-13062 AMI BMC vulnerability, CVE-2024-54085

High-Severity Flaw Exposes ASUS Armoury Crate to Authentication Bypass

Ddos June 17, 2025

Team46 (TaxOff) Exploits Google Chrome Zero-Day (CVE-2025-2783) in Sophisticated Phishing Campaign Team46 APT, Google Chrome Zero-Day

Team46 APT, Google Chrome Zero-Day

Team46 (TaxOff) Exploits Google Chrome Zero-Day (CVE-2025-2783) in Sophisticated Phishing Campaign

Ddos June 17, 2025

CVE-2025-49596: Critical RCE Vulnerability in MCP Inspector Exposes AI Developer Environments MCP Inspector, RCE Vulnerability

MCP Inspector, RCE Vulnerability

CVE-2025-49596: Critical RCE Vulnerability in MCP Inspector Exposes AI Developer Environments

Ddos June 17, 2025

Two sslh Flaws Disclosed: Remote DoS Attacks Possible via Protocol Multiplexer sslh Vulnerabilities, DoS Attack

sslh Vulnerabilities, DoS Attack

Two sslh Flaws Disclosed: Remote DoS Attacks Possible via Protocol Multiplexer

Ddos June 17, 2025

Unauthenticated RCE in BeyondTrust Tools: Chat Feature Opens Door to Server Takeover BeyondTrust RCE, Server-Side Template Injection

BeyondTrust RCE, Server-Side Template Injection

Unauthenticated RCE in BeyondTrust Tools: Chat Feature Opens Door to Server Takeover

Ddos June 17, 2025

Apache Tomcat Patches 4 Flaws: DoS, Privilege Bypass, & Installer Risks Addressed Apache Tomcat Vulnerabilities

Apache Tomcat Vulnerabilities

Apache Tomcat Patches 4 Flaws: DoS, Privilege Bypass, & Installer Risks Addressed

Ddos June 17, 2025