TECHZONE™

Blind Eagle Uses Proton66 Hosting for Phishing, RAT Deployment on Colombian Banks https://thehackernews.com/2025/06/blind-eagle-uses-proton66-hosting-for.html The threat actor known as Blind Eagle has been attributed with high confidence to the use of the Russian bulletproof hosting service Proton66. Trustwave SpiderLabs, in a report published last week, said it was able to make this connection by pivoting from Proton66-linked digital assets, leading to the discovery of an active threat cluster that leverages Visual Basic Script (VBS) files as its

Leveraging Credentials As Unique Identifiers: A Pragmatic Approach To NHI Inventories  https://thehackernews.com/2025/06/leveraging-credentials-as-unique.html Identity-based attacks are on the rise. Attacks in which malicious actors assume the identity of an entity to easily gain access to resources and sensitive data have been increasing in number and frequency over the last few years. Some recent reports estimate that 83% of attacks involve compromised secrets. According to reports such as the Verizon DBIR, attackers are more commonly using stolen

⚡ Weekly Recap: Airline Hacks, Citrix 0-Day, Outlook Malware, Banking Trojans and more https://thehackernews.com/2025/06/weekly-recap-airline-hacks-citrix-0-day.html Ever wonder what happens when attackers don’t break the rules—they just follow them better than we do? When systems work exactly as they’re built to, but that “by design” behavior quietly opens the door to risk? This week brings stories that make you stop and rethink what’s truly under control. It’s not always about a broken firewall or missed patch—it’s about the small choices, default settings

This month in security with Tony Anscombe – June 2025 edition https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-june-2025/ From Australia's new ransomware payment disclosure rules to another record-breaking DDoS attack, June 2025 saw no shortage of interesting cybersecurity news

FBI Warns of Scattered Spider's Expanding Attacks on Airlines Using Social Engineering https://thehackernews.com/2025/06/fbi-warns-of-scattered-spiders.html The U.S. Federal Bureau of Investigation (FBI) has revealed that it has observed the notorious cybercrime group Scattered Spider broadening its targeting footprint to strike the airline sector. To that end, the agency said it's actively working with aviation and industry partners to combat the activity and help victims. "These actors rely on social engineering techniques, often impersonating

GIFTEDCROOK Malware Evolves: From Browser Stealer to Intelligence-Gathering Tool https://thehackernews.com/2025/06/giftedcrook-malware-evolves-from.html The threat actor behind the GIFTEDCROOK malware has made significant updates to turn the malicious program from a basic browser data stealer to a potent intelligence-gathering tool. "Recent campaigns in June 2025 demonstrate GIFTEDCROOK's enhanced ability to exfiltrate a broad range of sensitive documents from the devices of targeted individuals, including potentially proprietary files and

Facebook’s New AI Tool Asks to Upload Your Photos for Story Ideas, Sparking Privacy Concerns https://thehackernews.com/2025/06/facebooks-new-ai-tool-requests-photo.html Facebook, the social network platform owned by Meta, is asking for users to upload pictures from their phones to suggest collages, recaps, and other ideas using artificial intelligence (AI), including those that have not been directly uploaded to the service. According to TechCrunch, which first reported the feature, users are being served a new pop-up message asking for permission to "allow

ESET Threat Report H1 2025 https://www.welivesecurity.com/en/eset-research/eset-threat-report-h1-2025/ A view of the H1 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign https://thehackernews.com/2025/06/over-1000-soho-devices-hacked-in-china.html Threat hunters have discovered a network of more than 1,000 compromised small office and home office (SOHO) devices that have been used to facilitate a prolonged cyber espionage infrastructure campaign for China-nexus hacking groups. The Operational Relay Box (ORB) network has been codenamed LapDogs by SecurityScorecard's STRIKE team. "The LapDogs network has a high concentration of victims

PUBLOAD and Pubshell Malware Used in Mustang Panda's Tibet-Specific Attack https://thehackernews.com/2025/06/pubload-and-pubshell-malware-used-in.html A China-linked threat actor known as Mustang Panda has been attributed to a new cyber espionage campaign directed against the Tibetan community. The spear-phishing attacks leveraged topics related to Tibet, such as the 9th World Parliamentarians' Convention on Tibet (WPCT), China's education policy in the Tibet Autonomous Region (TAR), and a recently published book by the 14th Dalai Lama,

Business Case for Agentic AI SOC Analysts https://thehackernews.com/2025/06/business-case-for-agentic-ai-soc.html Security operations centers (SOCs) are under pressure from both sides: threats are growing more complex and frequent, while security budgets are no longer keeping pace. Today’s security leaders are expected to reduce risk and deliver results without relying on larger teams or increased spending. At the same time, SOC inefficiencies are draining resources. Studies show that up to half of all

Chinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden Rootkit https://thehackernews.com/2025/06/chinese-group-silver-fox-uses-fake.html A new campaign has been observed leveraging fake websites advertising popular software such as WPS Office, Sogou, and DeepSeek to deliver Sainbox RAT and the open-source Hidden rootkit. The activity has been attributed with medium confidence to a Chinese hacking group called Silver Fox (aka Void Arachne), citing similarities in tradecraft with previous campaigns attributed to the threat actor.

MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted https://thehackernews.com/2025/06/moveit-transfer-faces-increased-threats.html Threat intelligence firm GreyNoise is warning of a "notable surge" in scanning activity targeting Progress MOVEit Transfer systems starting May 27, 2025—suggesting that attackers may be preparing for another mass exploitation campaign or probing for unpatched systems.MOVEit Transfer is a popular managed file transfer solution used by businesses and government agencies to share sensitive data

OneClik Malware Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors https://thehackernews.com/2025/06/oneclik-malware-targets-energy-sector.html Cybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsoft's ClickOnce software deployment technology and bespoke Golang backdoors to compromise organizations within the energy, oil, and gas sectors. "The campaign exhibits characteristics aligned with Chinese-affiliated threat actors, though attribution remains cautious," Trellix researchers Nico Paulo

Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks https://thehackernews.com/2025/06/critical-open-vsx-registry-flaw-exposes.html Cybersecurity researchers have disclosed a critical vulnerability in the Open VSX Registry ("open-vsx[.]org") that, if successfully exploited, could have enabled attackers to take control of the entire Visual Studio Code extensions marketplace, posing a severe supply chain risk. "This vulnerability provides attackers full control over the entire extensions marketplace, and in turn, full control

Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access https://thehackernews.com/2025/06/critical-rce-flaws-in-cisco-ise-and-ise.html Cisco has released updates to address two maximum-severity security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could permit an unauthenticated attacker to execute arbitrary commands as the root user. The vulnerabilities, assigned the CVE identifiers CVE-2025-20281 and CVE-2025-20282, carry a CVSS score of 10.0 each. A description of the defects is

New FileFix Method Emerges as a Threat Following 517% Rise in ClickFix Attacks https://thehackernews.com/2025/06/new-filefix-method-emerges-as-threat.html The ClickFix social engineering tactic as an initial access vector using fake CAPTCHA verifications increased by 517% between the second half of 2024 and the first half of this year, according to data from ESET. "The list of threats that ClickFix attacks lead to is growing by the day, including infostealers, ransomware, remote access trojans, cryptominers, post-exploitation tools, and even

The Hidden Risks of SaaS: Why Built-In Protections Aren't Enough for Modern Data Resilience https://thehackernews.com/2025/06/the-hidden-risks-of-saas-why-built-in.html SaaS Adoption is Skyrocketing, Resilience Hasn’t Kept Pace SaaS platforms have revolutionized how businesses operate. They simplify collaboration, accelerate deployment, and reduce the overhead of managing infrastructure. But with their rise comes a subtle, dangerous assumption: that the convenience of SaaS extends to resilience. It doesn’t. These platforms weren’t built with full-scale data

Iranian APT35 Hackers Targeting Israeli Tech Experts with AI-Powered Phishing Attacks https://thehackernews.com/2025/06/iranian-apt35-hackers-targeting-israeli.html An Iranian state-sponsored hacking group associated with the Islamic Revolutionary Guard Corps (IRGC) has been linked to a spear-phishing campaign targeting journalists, high-profile cyber security experts, and computer science professors in Israel. "In some of those campaigns, Israeli technology and cyber security professionals were approached by attackers who posed as fictitious assistants to

Cyber Criminals Exploit Open-Source Tools to Compromise Financial Institutions Across Africa https://thehackernews.com/2025/06/cyber-criminals-exploit-open-source.html Cybersecurity researchers are calling attention to a series of cyber attacks targeting financial organizations across Africa since at least July 2023 using a mix of open-source and publicly available tools to maintain access. Palo Alto Networks Unit 42 is tracking the activity under the moniker CL-CRI-1014, where "CL" refers to "cluster" and "CRI" stands for "criminal motivation." It's suspected