Federal Government’s Engagement with Artificial Intelligence Regulations
On Thursday, a testimony was presented before the House Committee on Oversight and Government Reform during a hearing focused on the implications of artificial intelligence within the federal government.…

Cybercriminals Exploit Phony IT Support Calls to Compromise Corporate Systems, Google
A financially motivated group of hackers identified as UNC6040 has adopted a straightforward yet efficient strategy to execute breaches within targeted organizations. This group primarily aims to exploit vulnerabilities…

Weekly Security Overview (June 1 – June 7)
Last week, significant developments in the realm of information security were reported across various platforms.

Recent articles highlighted the concerning issue of AsyncRAT infections, with victims increasingly finding themselves…

Evaluating the Limitations of Your IdP or CASB: Five Critical Risks Associated with Shadow IT
Organizations often overlook the risks of shadow IT, which do not require internal sabotage to lead to data breaches. Situations such as forgotten free trials, AI-powered tools syncing data…

Trump Administration Updates Cybersecurity Regulations, Supersedes Previous Directive
US President Donald Trump has issued a new cybersecurity-related Executive Order, which supersedes prior directives issued by past administrations. This order notably restricts the application of cyber sanctions solely…

AMI Group – Notice of Ransomware Incident Affecting Travel & Tours Services
As of June 3, there has been a recent notice communicated via Facebook regarding a potential cyber threat. At the time of this report, no formal announcement has been…

Restricted Canva Creator Information Compromised Through AI Chatbot Database
A Chroma database managed by the Russian artificial intelligence chatbot startup My Jedai has been discovered exposed on the internet, resulting in the unauthorized disclosure of sensitive survey responses.…

Google Addresses Vulnerability Exposing Account-Linked Phone Numbers
A recently identified vulnerability within Google’s account recovery system has been rectified, which could have enabled malicious actors to execute a brute-force attack to disclose recovery phone numbers associated…

Over 70 Organizations Across Diverse Sectors Compromised by China-Associated Cyber Espionage Threat Actor
The reconnaissance activity targeting a prominent cybersecurity firm, SentinelOne, forms part of a larger strategy of interconnected intrusions directed at multiple entities between July 2024 and March 2025.

The…

Security Vulnerability in PayU Plugin Facilitates Account Takeover on 5,000 WordPress Sites
A critical vulnerability in the PayU CommercePro plugin has exposed thousands of WordPress sites to risks from unauthenticated attackers capable of hijacking user accounts.

Vulnerability in Shipping Cost API…

Executive Order On Cybersecurity Policy Revision by Former President Trump
President Donald Trump has enacted an executive order on cybersecurity, initiating a comprehensive update to U.S. cybersecurity policy. This order aims to discard certain aspects deemed problematic from previous…

Undetected Vulnerabilities in npm Packages Enable Complete System Compromise
Recent investigations have uncovered a number of malicious npm packages that contain hidden endpoints capable of wiping systems upon receiving specific commands. Security experts are urging developers to exercise…

Guidelines for Reporting Online Scams: Procedures and Resources
If you have fallen victim to a scam, it is crucial to report the incident to assist in preventing others from experiencing similar fraud and to enable authorities to…

Compromised Ticketmaster Data from Snowflake Breach Reemerges on Dark Web Marketplace
The Arkana Security group recently listed what appeared to be newly stolen Ticketmaster data for sale, but it has been identified as data acquired during the 2024 Snowflake data…

CISA Includes Erlang SSH and Roundcube Vulnerabilities in the Catalog of Known Exploited Threats
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added two significant security vulnerabilities affecting Erlang/Open Telecom Platform (OTP) SSH and Roundcube to its Known Exploited Vulnerabilities (KEV)…

Daily Encounter Rate of Mobile Scams Reaches 44%, According to Malwarebytes Research
The ownership of smartphones has increasingly become a source of concern. The prevalence of malicious text messages disguised as package delivery notifications, phishing emails that mimic reputable brands, and…

Adobe Deploys Critical Patch Addressing 254 Vulnerabilities to Mitigate High-Severity Security Risks
Adobe has released significant security updates addressing a total of 254 vulnerabilities that affect its software portfolio, predominantly impacting Adobe Experience Manager (AEM). Out of these, 225 vulnerabilities are…

Android Enterprise Introduces Enhanced Security and Productivity Updates
Android Enterprise has introduced a series of features designed to enhance mobile security, optimize device management, and increase user productivity. These advancements are timely as organizations increasingly depend on…

Evoke Wellness Agrees to $1.9 Million Settlement to Resolve FTC Allegations of Consumer Misleading in Substance Use Disorder Treatment Services
On June 10, inquiries were directed towards Evoke Wellness, located in Hilliard, Ohio, concerning reports of insider wrongdoing that were disseminated through local media channels, yet were conspicuously absent…

June 2025 Patch Tuesday: Microsoft Addresses 66 Vulnerabilities, Including Active Zero-Day Exploit
On June 2025, a significant Patch Tuesday was released, addressing a total of 66 vulnerabilities across Microsoft products. Among these, a notable zero-day vulnerability in WebDAV has been recognized,…