ποΈ Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A novel attack technique named EchoLeak has been characterized as a "zeroclick" artificial intelligence AI vulnerability that allows bad actors to exfiltrate sensitive data from Microsoft 365 Copilot's context sans any user interaction. The criticalrated vulnerability has been assigned the CVE identifier CVE202532711 CVSS score 9.3. It requires no customer action and has been already.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Non-Human Identities: How to Address the Expanding Security Risk ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Human identities management and control is pretty well done with its set of dedicated tools, frameworks, and best practices. This is a very different world when it comes to Nonhuman identities also referred to as machine identities. GitGuardians endtoend NHI security platform is here to close the gap. Enterprises are Losing Track of Their Machine Identities Machine identitiesservice.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ConnectWise has disclosed that it's planning to rotate the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise remote monitoring and management RMM executables due to security concerns. The company said it's doing so "due to concerns raised by a thirdparty researcher about how ScreenConnect handled certain configuration data in earlier versions.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Cybersecurity researchers have uncovered a new account takeover ATO campaign that leverages an opensource penetration testing framework called TeamFiltration to breach Microsoft Entra ID formerly Azure Active Directory user accounts. The activity, codenamed UNKSneakyStrike by Proofpoint, has targeted over 80,000 user accounts across hundreds of organizations' cloud tenants since a surge in.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Former members tied to the Black Basta ransomware operation have been observed sticking to their triedandtested approach of email bombing and Microsoft Teams phishing to establish persistent access to target networks. "Recently, attackers have introduced Python script execution alongside these techniques, using cURL requests to fetch and deploy malicious payloads," ReliaQuest said in a report.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ 295 Malicious IPs Launch Coordinated Brute-Force Attacks on Apache Tomcat Manager ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Threat intelligence firm GreyNoise has warned of a "coordinated bruteforce activity" targeting Apache Tomcat Manager interfaces. The company said it observed a surge in bruteforce and login attempts on June 5, 2025, an indication that they could be deliberate efforts to "identify and access exposed Tomcat services at scale." To that end, 295 unique IP addresses have been found to be engaged.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ INTERPOL Dismantles 20,000+ Malicious IPs Linked to 69 Malware Variants in Operation Secure ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
INTERPOL on Wednesday announced the dismantling of more than 20,000 malicious IP addresses or domains that have been linked to 69 informationstealing malware variants. The joint action, codenamed Operation Secure, took place between January and April 2025, and involved law enforcement agencies from 26 countries to identify servers, map physical networks, and execute targeted takedowns. "These.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Why DNS Security Is Your First Defense Against Cyber Attacks? ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
In todays cybersecurity landscape, much of the focus is placed on firewalls, antivirus software, and endpoint detection. While these tools are essential, one critical layer often goes overlooked the Domain Name System DNS. As the starting point of nearly every online interaction, DNS is not only foundational its increasingly a target. When left unsecured, it becomes a single point of.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ SinoTrack GPS Devices Vulnerable to Remote Vehicle Control via Default Passwords ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Two security vulnerabilities have been disclosed in SinoTrack GPS devices that could be exploited to control certain remote functions on connected vehicles and even track their locations. "Successful exploitation of these vulnerabilities could allow an attacker to access device profiles without authorization through the common web management interface," the U.S. Cybersecurity and Infrastructure.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ How to Build a Lean Security Model: 5 Lessons from River Island ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
In todays security landscape, budgets are tight, attack surfaces are sprawling, and new threats emerge daily. Maintaining a strong security posture under these circumstances without a large team or budget can be a real challenge. Yet lean security models are not only possible they can be highly effective. River Island, one of the UKs leading fashion retailers, offers a powerful.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Microsoft Patches 67 Vulnerabilities Including WEBDAV Zero-Day Exploited in the Wild ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Microsoft has released patches to fix 67 security flaws, including one zeroday bug in Web Distributed Authoring and Versioning WebDAV that it said has come under active exploitation in the wild. Of the 67 vulnerabilities, 11 are rated Critical and 56 are rated Important in severity. This includes 26 remote code execution flaws, 17 information disclosure flaws, and 14 privilege escalation.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Palo Alto Networks Patches Series of Vulnerabilities π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The cybersecurity provider also implemented recent fixes in Chromium that affected its Prisma Access Browser.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
π€―2
π NIST Publishes New Zero Trust Implementation Guidance π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The new NIST guidance sets out 19 example implementations of zero trust using commercial, offtheshelf technologies.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
π Europol Says Criminal Demand for Data is βSkyrocketingβ π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Europol warns of vicious circle of data breaches and cybercrime.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
π Phishing Alert as Erie Insurance Reveals Cyber βEventβ π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Erie Insurance reveals suspected network breach and ongoing outage.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Phishing Alert as Erie Insurance Reveals Cyber βEventβ
Erie Insurance reveals suspected network breach and ongoing outage
π Congress Introduces Bill to Strengthen Healthcare Cybersecurity π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The legislation aims to expand the federal governments role in helping healthcare providers protect and respond to cyberattacks.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Congress Introduces Bill to Strengthen Healthcare Cybersecurity
The legislation aims to expand the federal governmentβs role in helping healthcare providers protect and respond to cyber-attacks
π 20,000 Asian IPs and Domains Dismantled in Infostealer Crackdown π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Interpolcoordinated Operation Secure led to 32 arrests, including the suspected ringleader of a cybercriminal organization.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
20,000 Asian IPs and Domains Dismantled in Infostealer Crackdown
Interpol-coordinated Operation Secure led to 32 arrests, including the suspected ringleader of a cybercriminal organization
π Hands-On Skills Now Key to Landing Your First Cyber Role π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
An ISC2 study found that 90 of security hiring managers would consider entrylevel candidates with only previous IT work experience.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Hands-On Skills Now Key to Landing Your First Cyber Role
An ISC2 study found that 90% of security hiring managers would consider entry-level candidates with only previous IT work experience
π Researcher Finds Five Zero-Days and 20+ Misconfigurations in Salesforce Cloud π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
The products affected by the issues are part of the Salesforce OmniStudio suite, including FlexCards and Data Mappers.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
π Half of Mobile Users Now Face Daily Scams π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Malwarebytes claims 44 of mobile users are exposed to scams every day.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Half of Mobile Users Now Face Daily Scams
Malwarebytes claims 44% of mobile users are exposed to scams every day
π Two Microsoft Zero-Days for Admins to Fix in June Patch Tuesday π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Microsoft has patched two zero days this month, one of which is being exploited in the wild.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Two Microsoft Zero-Days for Admins to Fix in June Patch Tuesday
Microsoft has patched two zero days this month, one of which is being exploited in the wild