New Secure Boot flaw lets attackers install bootkit malware, patch now

Security researchers have disclosed a new Secure Boot bypass tracked as CVE-2025-3052 that can be used to turn off security on PCs and servers and install bootkit malware.

Lawrence Abrams | bleepingcomputer​.com • Jun 10, 2025

💡 t.me/zerotrusthackers

CYBER SECURITY VS CYBER FORENSIC

Security Resources: t.me/zerotrusthackers

8 Free AI Courses by Google

🚀 Google is offering 8 amazing AI courses—perfect for beginners and pros! Whether you're curious about machine learning or want to sharpen your AI skills, these courses are a golden opportunity.

💡 No cost, no catch—just pure knowledge from one of the biggest names in tech.

𝐋𝐢𝐧𝐤👇

https://techurl.in/iOhWh

✅ Don’t miss out on this chance to boost your career or explore a new field

U.S. Agencies Warn of Rising Iranian Cyberattacks on Defense, OT Networks, and Critical Infrastructure

U.S. issues warning on potential Iranian cyber-attacks, urging stronger protections for critical infrastructure and defense sectors.

The Hacker News | thehackernews​.com • Jun 30, 2025

💡 t.me/zerotrusthackers

Germany asks Google, Apple remove DeepSeek AI from app stores

The Berlin Commissioner for Data Protection has formally requested Google and Apple to remove the DeepSeek AI application from the application stores due to GDPR violations.

Bill Toulas | bleepingcomputer​.com • Jun 30, 2025

💡 t.me/zerotrusthackers

30th June | 🥷Bug Bounty Write-Ups

Demystifying MCP (Model Context Protocol): 3 Common Mis
https://www.pynt.io/blog/api-era/demystifying-mcp-model-context-protocol-3-common-misconceptions

Cyber Security Updates Here: Daily Posts at Your Comfort
https://t.me/zerotrusthackers

Make Self-XSS Great Again
https://blog.slonser.info/posts/make-self-xss-great-again/

Human-Centric Hosting in the Age of AI: Q&A with Zach Aufort of BigScoots
https://patchstack.com/articles/human-centric-hosting-in-the-age-of-ai-with-zach-aufort-of-bigscoots/

Double Dash, Double Trouble: A Subtle SQL Injection Flaw
https://www.sonarsource.com/blog/double-dash-double-trouble-a-subtle-sql-injection-flaw/

Is your AI safe? Threat analysis of MCP (Model Context Protocol)
https://www.cyberark.com/resources/threat-research-blog/is-your-ai-safe-threat-analysis-of-mcp-model-context-protocol

Marketplace Takeover: How We Could’ve Taken Over Every Developer Using a VSCode Fork
https://blog.koi.security/marketplace-takeover-how-we-couldve-taken-over-every-developer-using-a-vscode-fork-f0f8cf104d44

Novel SSRF Technique Involving HTTP Redirect Loops › Searchlight Cyber
https://slcyber.io/assetnote-security-research-center/novel-ssrf-technique-involving-http-redirect-loops/

Daily Cyber Security Updates Here:
https://t.me/zerotrusthackers

WhatsApp Channel:
https://whatsapp.com/channel/0029VaxVv551iUxRku094918

🚨 83% of attacks now involve stolen credentials—and machines outnumber humans 50 to 1.

The real threat? Leaked API keys & orphaned tokens silently granting access across your stack.

GitGuardian just launched a smarter way to track every secret & secure your non-human identities.

🛡 t.me/zerotrusthackers

🚨 Microsoft is killing password support in its Authenticator app by August 2025.

Autofill dies in July.
Saved logins? Only accessible in Edge—if it’s your default autofill.

Don’t export in time? You lose them.

🛡 t.me/zerotrusthackers

🚨 A new Chrome zero-day is already being exploited in the wild.

Discovered by Google TAG on June 25, CVE-2025-6554 lets attackers run malicious code via a crafted web page.

It targets Chrome’s V8 engine—again.

🛡 t.me/zerotrusthackers

🚨 85% of work now happens in the browser—yet most orgs still can’t see what’s pasted into ChatGPT.

A new guide exposes how GenAI, BYOD, and rogue extensions turned the browser into the #1 blind spot in enterprise security.

🛡 t.me/zerotrusthackers

"Interior Ministry of Pakistan" Phising Domain

hxxps://interiorgovpk.site

🛡 t.me/zerotrusthackers

🚨Los Angeles Police Department database leaked on hacking form

Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials

CVE-2025-20309 in Cisco Unified CM could grant root access, allowing arbitrary command execution.

The Hacker News | thehackernews​.com • Jul 3, 2025

🛡 t.me/zerotrusthackers

30th June | 🥷Bug Bounty Write-Ups

Demystifying MCP (Model Context Protocol): 3 Common Mis
https://www.pynt.io/blog/api-era/demystifying-mcp-model-context-protocol-3-common-misconceptions

Cyber Security Updates Here: Daily Posts at Your Comfort
https://t.me/zerotrusthackers

How I Chained Directory Traversal and CSV Parser Abuse for RCE in a Django App
https://jineeshak.github.io/posts/Chaining-Directory-Traversal-and-CSV-Parser-Abuse-for-RCE-in-Django/

How we got persistent XSS on every AEM cloud site, thrice
https://slcyber.io/assetnote-security-research-center/how-we-got-persistent-xss-on-every-aem-cloud-site-thrice/

Guest Post: How I Scanned all of GitHub’s “Oops Commits” for Leaked Secrets ◆ Truffle Security Co.
https://trufflesecurity.com/blog/guest-post-how-i-scanned-all-of-github-s-oops-commits-for-leaked-secrets

Critical RCE in Anthropic MCP Inspector (CVE-2025-49596) Enables Browser-Based Exploits | Oligo Security
https://www.oligo.security/blog/critical-rce-vulnerability-in-anthropic-mcp-inspector-cve-2025-49596

Azure's Role Roulette: How Over-Privileged Roles and API Vulnerabilities Expose Enterprise Networks
https://www.token.security/blog/azures-role-roulette-how-over-privileged-roles-and-api-vulnerabilities-expose-enterprise-networks

GitPhish: Automating Enterprise GitHub Device Code Phishing
https://www.praetorian.com/blog/gitphish-automating-enterprise-github-device-code-phishing/

Daily Cyber Security Updates Here:
https://t.me/zerotrusthackers

WhatsApp Channel:
https://whatsapp.com/channel/0029VaxVv551iUxRku094918

🔰 Linux Command Cheat Sheet

File Commands

- ls - Directory listing
- ls -l - Long listing format
- ls -a - List all files including hidden files
- cd /path/to/directory - Change directory
- pwd - Display the current working directory
- mkdir directory_name - Create a new directory
- rmdir directory_name - Remove an empty directory
- rm file_name - Remove a file
- rm -r directory_name - Remove a directory and its contents recursively
- touch file_name - Create or update a file
- cat file_name - Concatenate and display the file content
- more file_name - View file content page by page
- less file_name - Improved viewing of file content over more
- cp source_file target_file - Copy files from source to target
- mv old_name new_name - Rename or move a file/directory

SSH (Secure Shell)

- ssh user@host - Connect to host as user
- ssh -p port user@host - Connect using a specific port
- ssh-keygen -t rsa - Generate RSA key pair
- ssh-copy-id user@host - Copy your key to the remote server for password-less login

Searching

- grep pattern files - Search for a pattern in files
- grep -r pattern dir - Recursively search for a pattern in a directory
- find dir -name name* - Find files starting with name in a directory
- locate file_name - Find files by name (uses a database)

Process Management

- ps aux - Display your currently active processes
- ps aux | grep process_name - Find a process named process_name
- top - Display all running processes
- kill pid - Kill a process with a given PID
- killall process_name - Kill all processes named process_name
- bg - List stopped or background jobs; resume a stopped job in the background
- fg - Bring the most recent job to the foreground

File Permissions

- chmod +x file_name - Make a file executable
- chmod 755 file_name - Set read and execute permissions for owner and read for others
- chown user:group file_name - Change file owner and group

Networking

- ifconfig - Display all network interfaces and IP addresses
- ping host - Send ICMP echo request to host
- traceroute host - Display the route packets take to a network host
- netstat -tulnp - Display listening ports and their applications

Archiving and Compression

- tar cf archive_name.tar files - Create a tar archive containing files
- tar xf archive_name.tar - Extract files from a tar archive
- gzip file_name - Compress a file and rename it to file.gz
- gunzip file.gz - Decompress file.gz back to the original

System Info and Management

- uname -a - Show system and kernel info
- df -h - Display free disk space in a human-readable form
- du -sh directory_name - Show disk usage of a directory in human-readable form
- free -m - Show free and used memory in MB

Misc Commands

- man command_name - Show manual for a command
- echo "text" - Display a message on the screen
- date - Display the current date and time
- uptime - Show how long the system has been running

Top Hackers Tools👇
https://t.me/zerotrusthackers/47

Cyber Security & Ethical Hacking Courses👇
https://t.me/zerotrusthackers/41

32 Advance Search Engine For Hacker
https://t.me/zerotrusthackers/166

More Resources Here
https://whatsapp.com/channel/0029VaxVv551iUxRku094918

➡️ Give 100+ Reactions for More Such Content 🥳

AI Tools Like GPT, Perplexity Misleading Users to Phishing Sites

A new wave of cyber risk is emerging as AI-powered tools like ChatGPT and Perplexity become default search and answer engines for millions.

Divya | gbhackers​.com • Jul 3, 2025

🛡 t.me/zerotrusthackers

IdeaLab confirms data stolen in ransomware attack last year

IdeaLab is notifying individuals impacted by a data breach incident last October when hackers accessed sensitive information.

Bill Toulas | bleepingcomputer​.com • Jul 3, 2025

🛡 t.me/zerotrusthackers

🔰 Linux netcat command crash course

These channels are for Programmers, Coders, Software Engineers.

0️⃣ Python
1️⃣ Data Science
2️⃣ Machine Learning
3️⃣ Data Analysis & Visualization
4️⃣ Artificial Intelligence
5️⃣ Blockchain
6️⃣ Statistics
7️⃣ Deep Learning
8️⃣ Programming & Design
9️⃣ Cyber Security
🔟 Tech Jobs

👉 https://t.me/addlist/du5HOxSLF-NkMTFk

Join our channel for more:
🟢 https://t.me/techpsyche

Some companies don't value security that they're paying 100 Indian Rupees for this🥲💔

Rs. 100 is like USD 1

⚡t.me/zerotrusthackers

🚀𝐁𝐨𝐨𝐬𝐭 𝐘𝐨𝐮𝐫 𝐂𝐚𝐫𝐞𝐞𝐫 𝐰𝐢𝐭𝐡 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭’𝐬 𝐅𝐫𝐞𝐞 𝐂𝐨𝐮𝐫𝐬𝐞𝐬!

💡 Learn directly from industry leaders at Microsoft and LinkedIn Learning and gain in-demand skills to elevate your career—all without spending a dime!

𝐋𝐢𝐧𝐤👇:-

https://tinyurl.com/nheyanxr

📈 Don’t miss this chance to build your skills, earn certifications, and get job-ready—all for free. Your journey in data analytics begins now!

🔗 Start Learning Today!