TECHZONE™

Water Curse Employs 76 GitHub Accounts to Deliver Multi-Stage Malware Campaign https://thehackernews.com/2025/06/water-curse-hijacks-76-github-accounts.html Cybersecurity researchers have exposed a previously unknown threat actor known as Water Curse that relies on weaponized GitHub repositories to deliver multi-stage malware. "The malware enables data exfiltration (including credentials, browser data, and session tokens), remote access, and long-term persistence on infected systems," Trend Micro researchers Jovit Samaniego, Aira Marcelo, Mohamed

Ex-CIA Analyst Sentenced to 37 Months for Leaking Top Secret National Defense Documents https://thehackernews.com/2025/06/ex-cia-analyst-sentenced-to-37-months.html A former U.S. Central Intelligence Agency (CIA) analyst has been sentenced to little more than three years in prison for unlawfully retaining and transmitting top secret National Defense Information (NDI) to people who were not entitled to receive them and for attempting to cover up the malicious activity. Asif William Rahman, 34, of Vienna, has been sentenced today to 37 months on charges of

CISA Warns of Active Exploitation of Linux Kernel Privilege Escalation Vulnerability https://thehackernews.com/2025/06/cisa-warns-of-active-exploitation-of.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed a security flaw impacting the Linux kernel in its Known Exploited Vulnerabilities (KEV) catalog, stating it has been actively exploited in the wild. The vulnerability, CVE-2023-0386 (CVSS score: 7.8), is an improper ownership bug in the Linux kernel that could be exploited to escalate privileges on susceptible

Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication https://thehackernews.com/2025/06/veeam-patches-cve-2025-23121-critical.html Veeam has rolled out patches to contain a critical security flaw impacting its Backup & Replication software that could result in remote code execution under certain conditions. The security defect, tracked as CVE-2025-23121, carries a CVSS score of 9.9 out of a maximum of 10.0. "A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user," the

Iran Slows Internet to Prevent Cyber Attacks Amid Escalating Regional Conflict https://thehackernews.com/2025/06/iran-restricts-internet-access-to.html Iran has throttled internet access in the country in a purported attempt to hamper Israel's ability to conduct covert cyber operations, days after the latter launched an unprecedented attack on the country, escalating geopolitical tensions in the region. Fatemeh Mohajerani, the spokesperson of the Iranian Government, and the Iranian Cyber Police, FATA, said the internet slowdown was designed to

Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor https://thehackernews.com/2025/06/google-chrome-zero-day-cve-2025-2783.html A now-patched security flaw in Google Chrome was exploited as a zero-day by a threat actor known as TaxOff to deploy a backdoor codenamed Trinper. The attack, observed in mid-March 2025 by Positive Technologies, involved the use of a sandbox escape vulnerability tracked as CVE-2025-2783 (CVSS score: 8.3). Google addressed the flaw later that month after Kaspersky reported in-the-wild

LangSmith Bug Could Expose OpenAI Keys and User Data via Malicious Agents https://thehackernews.com/2025/06/langchain-langsmith-bug-let-hackers.html Cybersecurity researchers have disclosed a now-patched security flaw in LangChain's LangSmith platform that could be exploited to capture sensitive data, including API keys and user prompts. The vulnerability, which carries a CVSS score of 8.8 out of a maximum of 10.0, has been codenamed AgentSmith by Noma Security. LangSmith is an observability and evaluation platform that allows users to

Silver Fox APT Targets Taiwan with Complex Gh0stCringe and HoldingHands RAT Malware https://thehackernews.com/2025/06/silver-fox-apt-targets-taiwan-with.html Cybersecurity researchers are warning of a new phishing campaign that's targeting users in Taiwan with malware families such as HoldingHands RAT and Gh0stCringe. The activity is part of a broader campaign that delivered the Winos 4.0 malware framework earlier this January by sending phishing messages impersonating Taiwan's National Taxation Bureau, Fortinet FortiGuard Labs said in a report

Google Warns of Scattered Spider Attacks Targeting IT Support Teams at U.S. Insurance Firms https://thehackernews.com/2025/06/google-warns-of-scattered-spider.html The notorious cybercrime group known as Scattered Spider (aka UNC3944) that recently targeted various U.K. and U.S. retailers has begun to target major insurance companies, according to Google Threat Intelligence Group (GTIG). "Google Threat Intelligence Group is now aware of multiple intrusions in the U.S. which bear all the hallmarks of Scattered Spider activity," John Hultquist, chief analyst

Are Forgotten AD Service Accounts Leaving You at Risk? https://thehackernews.com/2025/06/are-forgotten-ad-service-accounts.html For many organizations, Active Directory (AD) service accounts are quiet afterthoughts, persisting in the background long after their original purpose has been forgotten. To make matters worse, these orphaned service accounts (created for legacy applications, scheduled tasks, automation scripts, or test environments) are often left active with non-expiring or stale passwords. It’s no surprise

Hard-Coded 'b' Password in Sitecore XP Sparks Major RCE Risk in Enterprise Deployments https://thehackernews.com/2025/06/hard-coded-b-password-in-sitecore-xp.html Cybersecurity researchers have disclosed three security flaws in the popular Sitecore Experience Platform (XP) that could be chained to achieve pre-authenticated remote code execution. Sitecore Experience Platform is an enterprise-oriented software that provides users with tools for content management, digital marketing, and analytics and reports. The list of vulnerabilities, which are yet to be

Backups Are Under Attack: How to Protect Your Backups https://thehackernews.com/2025/06/how-to-protect-your-backups-from-ransomware-attacks.html Ransomware has become a highly coordinated and pervasive threat, and traditional defenses are increasingly struggling to neutralize it. Today’s ransomware attacks initially target your last line of defense — your backup infrastructure. Before locking up your production environment, cybercriminals go after your backups to cripple your ability to recover, increasing the odds of a ransom payout.

New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks https://thehackernews.com/2025/06/new-flodrix-botnet-variant-exploits.html Cybersecurity researchers have called attention to a new campaign that's actively exploiting a recently disclosed critical security flaw in Langflow to deliver the Flodrix botnet malware. "Attackers use the vulnerability to execute downloader scripts on compromised Langflow servers, which in turn fetch and install the Flodrix malware," Trend Micro researchers Aliakbar Zahravi, Ahmed Mohamed

TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert https://thehackernews.com/2025/06/tp-link-router-flaw-cve-2023-33538.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw in TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.  The vulnerability in question is CVE-2023-33538 (CVSS score: 8.8), a command injection bug that could result in the execution of arbitrary system commands when

Meta Starts Showing Ads on WhatsApp After 6-Year Delay From 2018 Announcement https://thehackernews.com/2025/06/meta-starts-showing-ads-on-whatsapp.html Meta Platforms on Monday announced that it's bringing advertising to WhatsApp, but emphasized that the ads are "built with privacy in mind." The ads are expected to be displayed on the Updates tab through its Stories-like Status feature, which allows ephemeral sharing of photos, videos, voice notes, and text for 24 hours. These efforts are "rolling out gradually," per the company. The media

U.S. Seizes $7.74M in Crypto Tied to North Korea’s Global Fake IT Worker Network https://thehackernews.com/2025/06/us-seizes-774m-in-crypto-tied-to-north.html The U.S. Department of Justice (DoJ) said it has filed a civil forfeiture complaint in federal court that targets over $7.74 million in cryptocurrency, non-fungible tokens (NFTs), and other digital assets allegedly linked to a global IT worker scheme orchestrated by North Korea. "For years, North Korea has exploited global remote IT contracting and cryptocurrency ecosystems to evade U.S.

Anubis Ransomware Encrypts and Wipes Files, Making Recovery Impossible Even After Payment https://thehackernews.com/2025/06/anubis-ransomware-encrypts-and-wipes.html An emerging ransomware strain has been discovered incorporating capabilities to encrypt files as well as permanently erase them, a development that has been described as a "rare dual-threat." "The ransomware features a 'wipe mode,' which permanently erases files, rendering recovery impossible even if the ransom is paid," Trend Micro researchers Maristel Policarpio, Sarah Pearl Camiling, and

⚡ Weekly Recap: iPhone Spyware, Microsoft 0-Day, TokenBreak Hack, AI Data Leaks and More https://thehackernews.com/2025/06/weekly-recap-iphone-spyware-microsoft-0.html Some of the biggest security problems start quietly. No alerts. No warnings. Just small actions that seem normal but aren't. Attackers now know how to stay hidden by blending in, and that makes it hard to tell when something’s wrong. This week’s stories aren’t just about what was attacked—but how easily it happened. If we’re only looking for the obvious signs, what are we missing right in front

Playbook: Transforming Your Cybersecurity Practice Into An MRR Machine https://thehackernews.com/2025/06/playbook-transforming-your.html Introduction The cybersecurity landscape is evolving rapidly, and so are the cyber needs of organizations worldwide. While businesses face mounting pressure from regulators, insurers, and rising threats, many still treat cybersecurity as an afterthought. As a result, providers may struggle to move beyond tactical services like one-off assessments or compliance checklists, and demonstrate

Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data https://thehackernews.com/2025/06/malicious-pypi-package-masquerades-as.html Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that's capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others. The package, named chimera-sandbox-extensions, attracted 143 downloads and likely targets users of a service called Chimera Sandbox,