TECHZONE™

Empower Users and Protect Against GenAI Data Loss https://thehackernews.com/2025/06/empower-users-and-protect-against-genai.html When generative AI tools became widely available in late 2022, it wasn’t just technologists who paid attention. Employees across all industries immediately recognized the potential of generative AI to boost productivity, streamline communication and accelerate work. Like so many waves of consumer-first IT innovation before it—file sharing, cloud storage and collaboration platforms—AI landed in

Microsoft Helps CBI Dismantle Indian Call Centers Behind Japanese Tech Support Scam https://thehackernews.com/2025/06/microsoft-helps-cbi-dismantle-indian.html India's Central Bureau of Investigation (CBI) has revealed that it has arrested four individuals and dismantled two illegal call centers that were found to be engaging in a sophisticated transnational tech support scam targeting Japanese citizens. The law enforcement agency said it conducted coordinated searches at 19 locations across Delhi, Haryana, and Uttar Pradesh on May 28, 2025, as part of

Inside the Mind of the Adversary: Why More Security Leaders Are Selecting AEV https://thehackernews.com/2025/06/inside-mind-of-adversary-why-more.html Cybersecurity involves both playing the good guy and the bad guy. Diving deep into advanced technologies and yet also going rogue in the Dark Web. Defining technical policies and also profiling attacker behavior. Security teams cannot be focused on just ticking boxes, they need to inhabit the attacker’s mindset. This is where AEV comes in. AEV (Adversarial Exposure Validation) is an advanced

New PathWiper Data Wiper Malware Disrupts Ukrainian Critical Infrastructure in 2025 Attack https://thehackernews.com/2025/06/new-pathwiper-data-wiper-malware.html A critical infrastructure entity within Ukraine was targeted by a previously unseen data wiper malware named PathWiper, according to new findings from Cisco Talos. "The attack was instrumented via a legitimate endpoint administration framework, indicating that the attackers likely had access to the administrative console, that was then used to issue malicious commands and deploy PathWiper across

BladedFeline: Whispering in the dark https://www.welivesecurity.com/en/eset-research/bladedfeline-whispering-dark/ ESET researchers analyzed a cyberespionage campaign conducted by BladedFeline, an Iran-aligned APT group with likely ties to OilRig

Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hardcoded Credentials https://thehackernews.com/2025/06/popular-chrome-extensions-leak-api-keys.html Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks. "Several widely used extensions [...] unintentionally transmit sensitive data over simple HTTP," Yuanjing Guo, a security researcher in the Symantec's Security Technology and Response

Researchers Detail Bitter APT’s Evolving Tactics as Its Geographic Scope Expands https://thehackernews.com/2025/06/bitter-hacker-group-expands-cyber.html The threat actor known as Bitter has been assessed to be a state-backed hacking group that's tasked with gathering intelligence that aligns with the interests of the Indian government. That's according to new findings jointly published by Proofpoint and Threatray in an exhaustive two-part analysis. "Their diverse toolset shows consistent coding patterns across malware families, particularly in

Redefining Cyber Value: Why Business Impact Should Lead the Security Conversation https://thehackernews.com/2025/06/redefining-cyber-value-why-business.html Security teams face growing demands with more tools, more data, and higher expectations than ever. Boards approve large security budgets, yet still ask the same question: what is the business getting in return? CISOs respond with reports on controls and vulnerability counts – but executives want to understand risk in terms of financial exposure, operational impact, and avoiding loss. The

Iran-Linked BladedFeline Hits Iraqi and Kurdish Targets with Whisper and Spearal Malware https://thehackernews.com/2025/06/iran-linked-bladedfeline-hits-iraqi-and.html An Iran-aligned hacking group has been attributed to a new set of cyber attacks targeting Kurdish and Iraqi government officials in early 2024. The activity is tied to a threat group ESET tracks as BladedFeline, which is assessed with medium confidence to be a sub-cluster within OilRig, a known Iranian nation-state cyber actor. It's said to be active since September 2017, when it targeted

DoJ Seizes 145 Domains Tied to BidenCash Carding Marketplace in Global Takedown https://thehackernews.com/2025/06/doj-seizes-145-domains-tied-to.html The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of cryptocurrency funds and about 145 clearnet and dark web domains associated with an illicit carding marketplace called BidenCash. "The operators of the BidenCash marketplace use the platform to simplify the process of buying and selling stolen credit cards and associated personal information," the DoJ said. "BidenCash

Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI https://thehackernews.com/2025/06/critical-cisco-ise-auth-bypass-flaw.html Cisco has released security patches to address a critical security flaw impacting the Identity Services Engine (ISE) that, if successfully exploited, could allow unauthenticated actors to carry out malicious actions on susceptible systems. The security defect, tracked as CVE-2025-20286, carries a CVSS score of 9.9 out of 10.0. It has been described as a static credential vulnerability. "A

Google Exposes Vishing Group UNC6040 Targeting Salesforce with Fake Data Loader App https://thehackernews.com/2025/06/google-exposes-vishing-group-unc6040.html Google has disclosed details of a financially motivated threat cluster that it said "specialises" in voice phishing (aka vishing) campaigns designed to breach organizations' Salesforce instances for large-scale data theft and subsequent extortion. The tech giant's threat intelligence team is tracking the activity under the moniker UNC6040, which it said exhibits characteristics that align with

Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloads https://thehackernews.com/2025/06/chaos-rat-malware-targets-windows-and.html Threat hunters are calling attention to a new variant of a remote access trojan (RAT) called Chaos RAT that has been used in recent attacks targeting Windows and Linux systems. According to findings from Acronis, the malware artifact may have been distributed by tricking victims into downloading a network troubleshooting utility for Linux environments. "Chaos RAT is an open-source RAT written in

Your SaaS Data Isn't Safe: Why Traditional DLP Solutions Fail in the Browser Era https://thehackernews.com/2025/06/your-saas-data-isnt-safe-why.html Traditional data leakage prevention (DLP) tools aren't keeping pace with the realities of how modern businesses use SaaS applications. Companies today rely heavily on SaaS platforms like Google Workspace, Salesforce, Slack, and generative AI tools, significantly altering the way sensitive information is handled. In these environments, data rarely appears as traditional files or crosses networks

Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks https://thehackernews.com/2025/06/malicious-pypi-npm-and-ruby-packages.html Several malicious packages have been uncovered across the npm, Python, and Ruby package repositories that drain funds from cryptocurrency wallets, erase entire codebases after installation, and exfiltrate Telegram API tokens, once again demonstrating the variety of supply chain threats lurking in open-source ecosystems. The findings come from multiple reports published by Checkmarx,

HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass https://thehackernews.com/2025/06/hpe-issues-security-patch-for-storeonce.html Hewlett Packard Enterprise (HPE) has released security updates to address as many as eight vulnerabilities in its StoreOnce data backup and deduplication solution that could result in an authentication bypass and remote code execution. "These vulnerabilities could be remotely exploited to allow remote code execution, disclosure of information, server-side request forgery, authentication bypass,

Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack https://thehackernews.com/2025/06/fake-docusign-gitcode-sites-spread.html Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their machines and infect them with the NetSupport RAT malware. The DomainTools Investigations (DTI) team said it identified "malicious multi-stage downloader Powershell scripts" hosted on lure websites that masquerade as Gitcode and DocuSign. "

Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code https://thehackernews.com/2025/06/critical-10-year-old-roundcube-webmail.html Cybersecurity researchers have disclosed details of a critical security flaw in the Roundcube webmail software that has gone unnoticed for a decade and could be exploited to take over susceptible systems and execute arbitrary code. The vulnerability, tracked as CVE-2025-49113, carries a CVSS score of 9.9 out of 10.0. It has been described as a case of post-authenticated remote code execution via

Don’t let dormant accounts become a doorway for cybercriminals https://www.welivesecurity.com/en/cybersecurity/dont-let-dormant-accounts-become-doorway-cybercriminals/ Do you have online accounts you haven't used in years? If so, a bit of digital spring cleaning might be in order.

Scattered Spider: Understanding Help Desk Scams and How to Defend Your Organization https://thehackernews.com/2025/06/scattered-spider-understanding-help.html In the wake of high-profile attacks on UK retailers Marks & Spencer and Co-op, Scattered Spider has been all over the media, with coverage spilling over into the mainstream news due to the severity of the disruption caused — currently looking like hundreds of millions in lost profits for M&S alone.  This coverage is extremely valuable for the cybersecurity community as it raises