NewsWeave

Top 20 Cybersecurity International News

2025-06-14 09:58:53

Here's a summary of top cybersecurity news:

  1. Discord Invite Link Hijacking: A new campaign exploits Discord's invite system to deliver the Skuld stealer and AsyncRAT trojan.
    Source: thehackernews.com
  2. JSFireTruck JavaScript Malware: Over 269,000 websites were infected in one month with malicious JavaScript injections obfuscated using JSFuck.
    Source: thehackernews.com
  3. SimpleHelp Flaws Exploited: Ransomware gangs are exploiting unpatched SimpleHelp RMM flaws to target victims with double extortion.
    Source: thehackernews.com
  4. Apple Zero-Click Flaw: A now-patched security flaw in Apple's Messages app was exploited to spy on journalists using Paragon spyware.
    Source: thehackernews.com
  5. WordPress Sites as Weapons: VexTrio and affiliates run a global scam network distributing malicious content through compromised WordPress sites.
    Source: thehackernews.com
  6. TokenBreak Attack: A novel attack technique called TokenBreak bypasses AI moderation with single-character text changes.
    Source: thehackernews.com
  7. Microsoft 365 Copilot Vulnerability: A zero-click AI vulnerability, EchoLeak, exposes Microsoft 365 Copilot data without user interaction.
    Source: thehackernews.com
  8. TeamFiltration Tool: Over 80,000 Microsoft Entra ID accounts targeted using the open-source TeamFiltration tool in account takeover campaigns.
    Source: thehackernews.com
  9. IBM QRadar SIEM Vulnerability: A critical XSS vulnerability in IBM's QRadar SIEM platform allows authenticated users to execute malicious Javascript code.
    Source: cybersecuritynews.com
  10. WAF Vulnerability: A WAF vulnerability in Akamai, Cloudflare, and Imperva affected 40% of Fortune 100 companies.
    Source: cybersecuritynews.com
  11. Kali Linux 2025.2 Release: Kali Linux 2025.2 Released: Smartwatch Wi-Fi Injection, Android Radio, and Hacking Tools.
    Source: cybersecuritynews.com
  12. AI-Powered Vishing Simulation: Arsen Launches AI-Powered Vishing Simulation to Help Organizations Combat Voice Phishing at Scale.
    Source: cybersecuritynews.com
  13. Microsoft 365 Authentication Issues: Microsoft 365 Authentication Issues Disrupt User Access Across Multiple Regions.
    Source: cybersecuritynews.com
  14. SmartAttack Steals Data: New SmartAttack Steals Sensitive Data From Air-Gapped Systems via Smartwatches.
    Source: cybersecuritynews.com
  15. NC, Georgia Government Cyberattacks: Government offices in North Carolina and Georgia disrupted by cyberattacks.
    Source: therecord.media
  16. FIN7-Linked Infrastructure: GrayAlpha Unmasked: New FIN7-Linked Infrastructure, PowerNet Loader, and Fake Update Attacks.
    Source: www.recordedfuture.com
  17. Medical Software Data Breach: Medical software maker Episource data breach leaks thousands of patients' private health info.
    Source: www.comparitech.com
  18. Spring Framework Flaw: Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header.
    Source: gbhackers.com
  19. Microsoft Defender Spoofing Flaw: Microsoft Defender Spoofing Flaw Enables Privilege Escalation and AD Access.
    Source: gbhackers.com
  20. GitHub Device Code Flow Phishing: Developers Beware - Sophisticated Phishing Scams Exploit GitHub Device Code Flow to Hijack Tokens.
    Source: gbhackers.com