Over 20 Malicious Applications on Google Play Seek to Exploit User Seed Phrases
Recent investigations have revealed that over 20 malicious applications available on Google Play are engaged in the theft of cryptocurrency seed phrases. These deceptive applications masquerade as reputable wallets…

Supply Chain Compromise Affects Gluestack NPM Packages with 960,000 Weekly Downloads
A significant supply chain compromise has occurred within the Node Package Manager (NPM) ecosystem, impacting 16 widely utilized Gluestack packages, specifically ‘react-native-aria’. These packages collectively account for over 950,000…

Texas Department of Transportation Initiates Investigation into Breach of Crash Report Records and Distributes Notification Letters
A recent incident involving the Texas Department of Transportation (TxDOT) has brought to light a significant breach of security within its Crash Records Information System (CRIS). On May 12,…

Emergence of New Supply Chain Malware Operation Targeting npm and PyPI Ecosystems Affects Millions Worldwide
Cybersecurity researchers have identified a significant supply chain attack targeting multiple packages associated with GlueStack, which has led to the delivery of malware. The threat was introduced through alterations…

ICE Initiates Deportation Proceedings Against Australian Cybersecurity Offender “DR32”
The recent developments regarding David Kee Crees, an Australian citizen, have garnered attention within the cybersecurity community. Crees, who has operated under various online aliases including “Abdilo,” “Notavirus,” “Surivaton,”…

Malicious Browser Extensions Compromise Security of Over 700 Users Throughout Latin America Since Early 2025
Cybersecurity researchers have identified an ongoing campaign targeting users in Brazil since the beginning of 2025. This campaign involves the distribution of a malicious extension for Chromium-based web browsers…

Federal Government’s Engagement with Artificial Intelligence Regulations
On Thursday, a testimony was presented before the House Committee on Oversight and Government Reform during a hearing focused on the implications of artificial intelligence within the federal government.…

Cybercriminals Exploit Phony IT Support Calls to Compromise Corporate Systems, Google
A financially motivated group of hackers identified as UNC6040 has adopted a straightforward yet efficient strategy to execute breaches within targeted organizations. This group primarily aims to exploit vulnerabilities…

Weekly Security Overview (June 1 – June 7)
Last week, significant developments in the realm of information security were reported across various platforms.

Recent articles highlighted the concerning issue of AsyncRAT infections, with victims increasingly finding themselves…

Evaluating the Limitations of Your IdP or CASB: Five Critical Risks Associated with Shadow IT
Organizations often overlook the risks of shadow IT, which do not require internal sabotage to lead to data breaches. Situations such as forgotten free trials, AI-powered tools syncing data…

Trump Administration Updates Cybersecurity Regulations, Supersedes Previous Directive
US President Donald Trump has issued a new cybersecurity-related Executive Order, which supersedes prior directives issued by past administrations. This order notably restricts the application of cyber sanctions solely…

AMI Group – Notice of Ransomware Incident Affecting Travel & Tours Services
As of June 3, there has been a recent notice communicated via Facebook regarding a potential cyber threat. At the time of this report, no formal announcement has been…

Restricted Canva Creator Information Compromised Through AI Chatbot Database
A Chroma database managed by the Russian artificial intelligence chatbot startup My Jedai has been discovered exposed on the internet, resulting in the unauthorized disclosure of sensitive survey responses.…

Google Addresses Vulnerability Exposing Account-Linked Phone Numbers
A recently identified vulnerability within Google’s account recovery system has been rectified, which could have enabled malicious actors to execute a brute-force attack to disclose recovery phone numbers associated…

Over 70 Organizations Across Diverse Sectors Compromised by China-Associated Cyber Espionage Threat Actor
The reconnaissance activity targeting a prominent cybersecurity firm, SentinelOne, forms part of a larger strategy of interconnected intrusions directed at multiple entities between July 2024 and March 2025.

The…

Security Vulnerability in PayU Plugin Facilitates Account Takeover on 5,000 WordPress Sites
A critical vulnerability in the PayU CommercePro plugin has exposed thousands of WordPress sites to risks from unauthenticated attackers capable of hijacking user accounts.

Vulnerability in Shipping Cost API…

Executive Order On Cybersecurity Policy Revision by Former President Trump
President Donald Trump has enacted an executive order on cybersecurity, initiating a comprehensive update to U.S. cybersecurity policy. This order aims to discard certain aspects deemed problematic from previous…

Undetected Vulnerabilities in npm Packages Enable Complete System Compromise
Recent investigations have uncovered a number of malicious npm packages that contain hidden endpoints capable of wiping systems upon receiving specific commands. Security experts are urging developers to exercise…

Guidelines for Reporting Online Scams: Procedures and Resources
If you have fallen victim to a scam, it is crucial to report the incident to assist in preventing others from experiencing similar fraud and to enable authorities to…

Compromised Ticketmaster Data from Snowflake Breach Reemerges on Dark Web Marketplace
The Arkana Security group recently listed what appeared to be newly stolen Ticketmaster data for sale, but it has been identified as data acquired during the 2024 Snowflake data…