🟥 𝐃𝐚𝐢𝐥𝐲 𝐑𝐞𝐩𝐨𝐫𝐭-𝟐𝟎 𝐉𝐮𝐧𝐞 𝟐𝟎𝟐𝟓 🟥
(Posts are updated throughout the day)

𝐍𝐞𝐰𝐬:

1. No WhatsApp ads in EU until 2026, DPC says

https://www.siliconrepublic.com/business/whatsapp-ads-eu-2026-dpc-data

2. North Korea’s Lazarus Group linked to $11.5M theft from Taiwan crypto exchange

https://www.bitopro.com/ns/en-US/announcements/1226

3. UK Cyber Growth Action Plan set to invest £16 million to boost the cyber sector, secure critical services

https://industrialcyber.co/regulation-standards-and-compliance/uk-cyber-growth-action-plan-set-to-invest-16-million-to-boost-the-cyber-sector-secure-critical-services/

4. Israeli Officials Warn Iran Is Hijacking Security Cameras to Spy

https://www.bloomberg.com/news/articles/2025-06-20/iran-hijacking-home-security-cameras-to-spy-within-israel

5. U.S. Spy Agencies Assess Iran Remains Undecided on Building a Bomb

https://www.nytimes.com/2025/06/19/us/politics/iran-nuclear-weapons-assessment.html?smid=nytcore-ios-share&referringSource=articleShare

6. Hegseth Faces Growing Pressure Over Cyber Leadership Vacuum

https://www.bankinfosecurity.com/hegseth-faces-growing-pressure-over-cyber-leadership-vacuum-a-28756

7. America could be hit with 'high-impact' cyberattack targeting energy grid, fmr WH tech chief says

https://www.foxnews.com/us/america-could-hit-high-impact-cyberattack-targeting-energy-grid-fmr-wh-tech-chief-says

8. China Unleashes Hackers Against Its Friend Russia, Seeking War Secrets

https://www.nytimes.com/2025/06/19/world/europe/china-hackers-russia-war-ukraine.html

---

𝐆𝐥𝐨𝐛𝐚𝐥 𝐁𝐫𝐞𝐚𝐜𝐡 𝐍𝐞𝐰𝐬 𝐚𝐧𝐝 𝐃𝐚𝐭𝐚 𝐋𝐞𝐚𝐤𝐬:

1. Oxford City Council was subject to a cyber security incident

https://www.oxford.gov.uk/news/article/1704/statement-on-cyber-security-incident

---

𝐓𝐚𝐜𝐭𝐢𝐜𝐚𝐥 𝐑𝐞𝐩𝐨𝐫𝐭𝐬 𝐰𝐢𝐭𝐡 𝐈𝐎𝐂𝐬:

1. Cobalt Strike Operators Leverage PowerShell Loaders Across Chinese, Russian, and Global Infrastructure

https://hunt.io/blog/cobaltstrike-powershell-loader-chinese-russian-infrastructure

2. Infostealer Disguised as Copyright Infringement Document Distributed in Korea

https://asec.ahnlab.com/en/88544/

3. TxTag Takedown: Busting Phishing Email Schemes

https://cofense.com/blog/txtag-takedown-busting-phishing-email-schemes

4. Malware Analysis Report UMBRELLA STAND

https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/umbrella-stand/ncsc-mar-umbrella_stand.pdf

5. Malware Tipper SHOE RACK

https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/shoe-rack-tipper/ncsc-tip-shoe_rack.pdf

6. STRRAT Malware – Active IOCs

https://rewterz.com/threat-advisory/strrat-malware-active-iocs-7

7. AntiDot Botnet IOCs

https://catalyst.prodaft.com/public/report/antidot/overview#heading-1000

https://github.com/prodaft/malware-ioc/tree/master/AntiDot

---

𝐓𝐡𝐫𝐞𝐚𝐭 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 / 𝐃𝐢𝐠𝐢𝐭𝐚𝐥 𝐅𝐨𝐫𝐞𝐧𝐬𝐢𝐜𝐬:

1. The Fall of a Hacker: Unmasking the Philippines’ Most Wanted Cybercriminal

https://nazdaily.medium.com/the-fall-of-a-hacker-unmasking-the-philippines-most-wanted-cybercriminal-ea84c6c08b1b

2. Silver Fox APT Targets Public Sector via Trojanized Medical Software

https://www.picussecurity.com/resource/blog/silver-fox-apt-targets-public-sector-via-trojanized-medical-software

3. ResolverRAT: The Stealth Malware Campaign Exploiting Healthcare and Pharma

https://medium.com/@devenchhajed24/resolverrat-the-stealth-malware-campaign-exploiting-healthcare-and-pharma-f451c768105d

4. MacOS hacking part 2: classic injection trick into macOS applications. Simple C example

https://cocomelonc.github.io/macos/2025/06/19/malware-mac-2.html

---

𝐋𝐢𝐠𝐡𝐭 𝐑𝐞𝐚𝐝𝐢𝐧𝐠:

1. Part 1: The Iran-Israel Cyber Standoff - The Hacktivist Front

https://www.cloudsek.com/blog/part-1-the-iran-israel-cyber-standoff---the-hacktivist-front

2. Part 2: The Iran-Israel Cyber Standoff - The State's Silent War

https://www.cloudsek.com/blog/part-2-the-iran-israel-cyber-standoff---the-states-silent-war

3. Defending the Internet: how Cloudflare blocked a monumental 7.3 Tbps DDoS attack

https://blog.cloudflare.com/defending-the-internet-how-cloudflare-blocked-a-monumental-7-3-tbps-ddos/

4. Ireland’s Data Protection Commission publishes 2024 Annual Report

https://www.dataprotection.ie/sites/default/files/uploads/2025-06/DPC_Annual_Report_EN_Low_Res.pdf

5. Nobitex, Sanctions, and The $90 Million Exploit: A Window into Iran’s Largest Crypto Exchange

https://www.chainalysis.com/blog/nobitex-iranian-exchange-exploit-june-2025/

6. How Russia leverages private companies, hacktivist to strengthen cyber capabilities

https://cybersecuritynews.com/researchers-uncovered-on-how-russia-leverages-private-companies/

7. Speech by Minister of State Florian Hahn at the Shaping Cybersecurity Conference

https://www.auswaertiges-amt.de/en/newsroom/news/2723488-2723488

---

🟥 𝐃𝐚𝐢𝐥𝐲 𝐑𝐞𝐩𝐨𝐫𝐭 -𝟏𝟗 𝐉𝐮𝐧𝐞 𝟐𝟎𝟐𝟓 🟥
(Posts are updated throughout the day)

𝐍𝐞𝐰𝐬:

1. Cyber warfare 'biggest threat' as Europe takes Ireland to court over terror law failures

https://www.irishexaminer.com/news/arid-41653586.html

2. Elkstone-backed Mesh acquired by Romanian cybersecurity firm

https://www.siliconrepublic.com/start-ups/mesh-bitdefender-elkstone-acquisition-2025-ireland

3. Tadaweb secures €17.3 million to arm cybersecurity and defense teams with smarter OSINT

https://www.eu-startups.com/2025/06/tadaweb-secures-e17-3-million-to-arm-cybersecurity-and-defense-teams-with-smarter-osint/

4. Ryuk ransomware’s initial access expert extradited to the U.S

https://npu.gov.ua/news/zavolodivaly-koshtamy-svitovykh-pidpryiemstv-politseiski-zatrymaly-uchasnyka-khakerskoho-uhrupovannia-shcho-perebuvav-u-rozshuku-fbr-ssha

8. Scammers hijack websites of Bank of America, Netflix, Microsoft, and more to insert fake phone number

https://www.malwarebytes.com/blog/news/2025/06/scammers-hijack-websites-of-bank-of-america-netflix-microsoft-and-more-to-insert-fake-phone-number

---

𝐆𝐥𝐨𝐛𝐚𝐥 𝐁𝐫𝐞𝐚𝐜𝐡 𝐍𝐞𝐰𝐬 𝐚𝐧𝐝 𝐃𝐚𝐭𝐚 𝐋𝐞𝐚𝐤𝐬:

1. Beam Technologies. The threat actor known as 303 claims responsibility for breaching a server belonging to Beam Technologies Japan, a startup from RIKEN that develops optical semiconductor devices.
Allegedly, over 4 million records were exfiltrated from its database. The leaked data appears to include full names, addresses, phone numbers, email addresses, and company names of customers, as seen in the provided SQL dump.

2. Nipro Medical Corporation. The Qilin ransomware group claims to have breached Nipro Medical Corporation, a U.S.-based subsidiary of Japan’s Nipro Corporation.Exposed documents allegedly include international shipping records, commercial invoices, purchase orders, financial statements, and trial balance reports from multiple Nipro branches worldwide, including operations in Indonesia, the U.S., Nicaragua, Ecuador, Chile, and Canada.

---

𝐓𝐚𝐜𝐭𝐢𝐜𝐚𝐥 𝐑𝐞𝐩𝐨𝐫𝐭𝐬 𝐰𝐢𝐭𝐡 𝐈𝐎𝐂𝐬:

1. Feeling Blue(Noroff): Inside a Sophisticated DPRK Web3 Intrusion

https://www.huntress.com/blog/inside-bluenoroff-web3-intrusion-analysis

2. Famous Chollima deploying Python version of GolangGhost RAT

https://blog.talosintelligence.com/python-version-of-golangghost-rat/

3. Part 2: Tracking LummaC2 Infrastructure

https://www.domaintools.com/resources/blog/part-2-tracking-lummac2-infrastructure/

4. Analyzing SERPENTINE#CLOUD: Threat Actors Abuse Cloudflare Tunnels to Infect Systems with Stealthy Python-Based Malware

https://www.securonix.com/blog/analyzing_serpentinecloud-threat-actors-abuse-cloudflare-tunnels-threat-research/

5. Zombies Never Die: Analysis of the RapperBot botnet

https://blog.xlab.qianxin.com/rapperbot/

6. Declaration trap: Crypto Drainers masquerading as European Tax Authorities

https://www.group-ib.com/blog/declaration-trap/

7. Uncovering a Tor-Enabled Docker Exploit

https://www.trendmicro.com/en_us/research/25/f/tor-enabled-docker-exploit.html

8. Hidden Malware Discovered in jQuery Migrate: A Stealthy Supply Chain Threat

https://www.trellix.com/blogs/research/malware-delivered-via-jquery-migrate-and-parrot-tds/

9. What’s in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia

https://cloud.google.com/blog/topics/threat-intelligence/creative-phishing-academics-critics-of-russia

10. Amatera Stealer: Rebranded ACR Stealer With Improved Evasion, Sophistication

https://www.proofpoint.com/us/blog/threat-insight/amatera-stealer-rebranded-acr-stealer-improved-evasion-sophistication

11. Analysis of a Malicious WordPress Plugin: The Covert Redirector

https://blog.sucuri.net/2025/06/analysis-of-a-malicious-wordpress-plugin-the-covert-redirector.html

12. Meowsterio: Weaponizing ClickOnce in 2025

https://g0njxa.medium.com/meowsterio-weaponizing-clickonce-in-2025-8c2595a817c8

13. Pickai: The Backdoor Hiding in Your AI Stack

https://blog.xlab.qianxin.com/pickai-the_backdoor_hiding_in_your_ai_stack/

14. APT-C-60 (Pseudo-hunter) Attack Evolution: GitHub-based Dynamic Load Distribution and Instruction Relay

https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247506307&idx=1&sn=917d291b3f14b349263a9b0a2f115323&chksm=f9c1ea8aceb6639ce7e8fa02c8630b203f508d3d971d21174c6a55f1bf4d4102ddc2af602d73&scene=178&cur_album_id=1955835290309230595&search_click_id=#rd

15. Modified XWORM Distribution by Chinese-Speaking Threat Actor

https://dmpdump.github.io/posts/Modified_Xworm_Distribution/

16. SideWinder APT Group aka Rattlesnake – Active IOCs

https://rewterz.com/threat-advisory/sidewinder-apt-group-aka-rattlesnake-active-iocs-22

17. Masslogger Fileless Variant – Spreads via .VBE, Hides in Registry

https://www.seqrite.com/blog/masslogger-fileless-vbe-registry-malware/

18. Threat actor Banana Squad exploits GitHub repos in new campaign

https://www.reversinglabs.com/blog/threat-actor-banana-squad-exploits-github-repos-in-new-campaign

19. DPRK IT Worker-Related Account Takeover

https://www.ketman.org/dprk-it-worker-related-account-takeover.html

20. Case of Attacks Targeting MySQL Servers to Install RAT Malware

https://asec.ahnlab.com/en/88514/

21. Shadow Vector targets Colombian users via privilege escalation and court-themed SVG decoys

https://www.acronis.com/en-us/cyber-protection-center/posts/shadow-vector-targets-colombian-users-via-privilege-escalation-and-court-themed-svg-decoys/

---

𝐓𝐡𝐫𝐞𝐚𝐭 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 / 𝐃𝐢𝐠𝐢𝐭𝐚𝐥 𝐅𝐨𝐫𝐞𝐧𝐬𝐢𝐜𝐬:

1. Same Sea, New Phish Russian Government-Linked Social Engineering Targets App-Specific Passwords

https://citizenlab.ca/2025/06/russian-government-linked-social-engineering-targets-app-specific-passwords/

2. Mocha Manakin delivers custom NodeJS backdoor via paste and run

https://redcanary.com/blog/threat-intelligence/mocha-manakin-nodejs-backdoor/

3. Protestware in JavaScript UI Toolkits on npm Target Russian Language Sites

https://socket.dev/blog/protestware-on-npm-targets-russian-language-sites

4. Understanding and Mitigating Golden SAML Attacks

https://techcommunity.microsoft.com/blog/microsoft-entra-blog/understanding-and-mitigating-golden-saml-attacks/4418864

5. Threat Advisory: LightPerlGirl Malware

https://www.todyl.com/blog/threat-advisory-lightperlgirl-malware

6. Windows Memory Forensics — Zeus Banking Trojan Dump

https://medium.com/@dhruvsaikia/windows-memory-forensics-zeus-banking-trojan-dump-2d6852d7a8dd

7. Digital Forensics with Autopsy: A Comprehensive Guide

https://medium.com/@arhamkhan459/digital-forensics-with-autopsy-a-comprehensive-guide-38420ea576e7

8. Jamf report finds phishing & infostealers surge on Apple devices

https://itbrief.com.au/story/jamf-report-finds-phishing-infostealers-surge-on-apple-devices

9. Lockbit Ransomware Analysis with ANY.RUN

https://motasemhamdan.medium.com/lockbit-ransomware-analysis-with-any-run-c89cdc604d28

---

𝐋𝐢𝐠𝐡𝐭 𝐑𝐞𝐚𝐝𝐢𝐧𝐠:

1. Threats to the 2025 NATO Summit

https://go.recordedfuture.com/hubfs/reports/cta-2025-0618.pdf

2. APT and financial attacks on industrial organizations in Q1 2025

https://ics-cert.kaspersky.com/publications/reports/2025/06/19/apt-and-financial-attackson-industrial-organizations-in-q1-2025/

3. The Proxy Warfare: Unmasking Russia’s Externalized Cyber Capabilities

https://quointelligence.eu/2025/06/proxy-warfare-russia-externalized-cyber-capabilities/

4. 5 Lessons Learned as Incident Commander of the Biggest Security Incident of My Career

https://medium.com/@ryangcox/5-lessons-learned-as-incident-commander-of-the-biggest-security-incident-of-my-career-46498f61dae6

5. Nationalization of Cyber Threat Intelligence

https://fromcyberia.substack.com/p/nationalization-of-cyber-threat-intelligence

6. Shifting Gears: India's Government Calls for Financial Cybersecurity Change

https://www.tripwire.com/state-of-security/shifting-gears-indias-government-calls-financial-cybersecurity-change

7. Largest Ever Seizure of Funds Related to Crypto Confidence Scams

https://www.justice.gov/usao-dc/media/1403996/dl?inline

8. What’s Trending: Top Cyber Attacker Techniques, March–May 2025

https://reliaquest.com/blog/whats-trending-top-cyber-attacker-techniques-march-2025-may-2025/

9. The Digital Front Line: Israel and Iran Turn the Internet into a Covert Combat Zone

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/the-digital-front-line-israel-and-iran-turn-the-internet-into-a-covert-combat-zone/

---

🟥 𝐃𝐚𝐢𝐥𝐲 𝐑𝐞𝐩𝐨𝐫𝐭 -𝟏𝟖 𝐉𝐮𝐧𝐞 𝟐𝟎𝟐𝟓 🟥
(Posts are updated throughout the day)

𝐍𝐞𝐰𝐬:

1. UBS data leak: UBS reports data leak after cyber attack on provider, client data unaffected

https://www.reuters.com/sustainability/boards-policy-regulation/ubs-reports-data-leak-after-cyber-attack-provider-client-data-unaffected-2025-06-18/

2. Spain says blackout caused by grid failures and poor planning not a cyber attack

https://www.irishnews.com/news/world/spain-says-blackout-caused-by-multiple-technical-factors-and-not-a-cyber-attack-JM6IKFPJ6FP4BBKI4ZUYWM7OGI/

3. EDRi urges total spyware ban across EU

https://edri.org/wp-content/uploads/2025/06/EDRi_Spyware-position-paper.pdf

4. CISA Warns of Active Exploitation of Linux Kernel Privilege Escalation Vulnerability

https://www.cisa.gov/news-events/alerts/2025/06/17/cisa-adds-one-known-exploited-vulnerability-catalog

5. Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication

https://www.veeam.com/kb4743

6. Amazon CISO: Iranian hacking crews ‘on high alert’ since Israel attack

https://www.theregister.com/2025/06/18/amazon_ciso_agentic_acceleration/

7. Iran Slows Internet to Prevent Cyber Attacks Amid Escalating Regional Conflict

https://x.com/netblocks/status/1935012084938330209

8. Iran asks its people to delete WhatsApp from their devices

https://apnews.com/article/iran-whatsapp-meta-israel-d9e6fe43280123c9963802e6f10ac8d1

9. Iran orders officials to ditch connected devices

https://www.politico.eu/article/iran-orders-officials-to-ditch-connected-devices/?utm_source=RSS_Feed&utm_medium=RSS&utm_campaign=RSS_Syndication

10. Privacy overwhelming, say Europe’s Gen Zs and millennials

https://www.siliconrepublic.com/enterprise/privacy-samsung-survey-europe-genz-millennial

11. Russia detects first SuperCard malware attacks skimming bank data via NFC

https://therecord.media/supercard-nfc-banking-malware-russia

https://habr.com/ru/companies/F6/news/918840/

12. U.S. Chargé d'affaires Dickerson: Romania and the United States - partners in cybersecurity

https://agerpres.ro/english/2025/06/17/u-s-charg-d-affaires-dickerson-romania-and-the-united-states---partners-in-cybersecurity--1460193

---

𝐆𝐥𝐨𝐛𝐚𝐥 𝐁𝐫𝐞𝐚𝐜𝐡 𝐍𝐞𝐰𝐬 𝐚𝐧𝐝 𝐃𝐚𝐭𝐚 𝐋𝐞𝐚𝐤𝐬:

1. Alleged Data Sale of Multiple Insurance Agents from USA: A threat actor operating under the alias Shinchan has claimed to be selling a dataset containing 250,000 insurance agent records from the United States. Posted to the DarkForums marketplace, the listing states that the leak includes detailed information scraped or compiled from various company websites. The exposed data reportedly includes names, titles, addresses, emails, phone numbers, SIC/NAICS codes, and company websites.

2. Brazilian Telecom Giant Telecall Allegedly Breached 70GB of Data for Sale: The seller claims the dataset contains a vast amount of strategic and sensitive information, representing only a fraction of a larger, yet-unexplored, trove of data. The information allegedly exposes deep operational details, network configurations, and customer data. According to the post, the compromised data includes tens of millions of records and is being offered for sale, with a price tag running into thousands of dollars in cryptocurrency. The threat actor suggests the data could be used for network analysis, fraud, or competitive intelligence.

3. Israeli Organizations Weizmann Institute, Mor-logistics, and Agura B.C. LTD Allegedly Breached by Handala Hacking Group: According to the hackers’ claims, the infiltrations are severe, with the group allegedly exfiltrating massive volumes of data. They have stated they took over 4 terabytes of data from the Weizmann Institute and 425 gigabytes from Mor-logistics. In their communications, the group issued threats, giving Agura’s clients a 48-hour deadline before control is lost and asserting that the full data dumps from the other breaches would be made public imminently. The group claims to have breached core infrastructures and seized internal documents and classified research data.

---

𝐓𝐚𝐜𝐭𝐢𝐜𝐚𝐥 𝐑𝐞𝐩𝐨𝐫𝐭𝐬 𝐰𝐢𝐭𝐡 𝐈𝐎𝐂𝐬:

1. Identifying North Korean Kimsuky (APT43) Infrastructure

https://medium.com/@pteconway/identifying-north-korean-kimsuky-apt43-infrastructure-b6817a58a65b

2. A Wretch Client: From ClickFix deception to information stealer deployment

https://www.elastic.co/security-labs/a-wretch-client

3. Ransomware Gangs Collapse as Qilin Seizes Control

https://www.cybereason.com/blog/threat-alert-qilin-seizes-control

4. Your Mobile App, Their Playground: The Dark side of the Virtualization

https://zimperium.com/blog/your-mobile-app-their-playground-the-dark-side-of-the-virtualization

5. RaccoonO365: An Active Campaign and New Features

https://www.morado.io/blog-posts/raccoono365-an-active-campaign-and-new-features

6. Threat Group Targets Companies in Taiwan

https://www.fortinet.com/blog/threat-research/threat-group-targets-companies-in-taiwan

7. Salat Stealer — Malware Analysis

https://nop4tch.medium.com/salat-stealer-malware-analysis-e93744b0253f

8. DarkCrystal RAT aka DCRat – Active IOCs

https://rewterz.com/threat-advisory/darkcrystal-rat-aka-dcrat-active-iocs-44

9. Qilin Ransomware aka Agenda – Active IOCs

https://rewterz.com/threat-advisory/qilin-ransomware-aka-agenda-active-iocs

---

𝐓𝐡𝐫𝐞𝐚𝐭 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 / 𝐃𝐢𝐠𝐢𝐭𝐚𝐥 𝐅𝐨𝐫𝐞𝐧𝐬𝐢𝐜𝐬:

1. Kimsuky’s CHM and BabyShark Malware Using Cryptocurrency Theme

https://s2w.inc/en/resource/detail/852

2. A look at ‘Tinker,’ Black Basta’s phishing fixer, negotiator

https://intel471.com/blog/a-look-at-tinker-black-bastas-phishing-fixer-negotiator

3. Threat Research: WormGPT Variants Powered by Grok and Mixtral

https://www.catonetworks.com/blog/cato-ctrl-wormgpt-variants-powered-by-grok-and-mixtral/

4. Weak Certificate Mapping

https://www.hackingarticles.in/adcs-esc10-weak-certificate-mapping/

5. Understanding RaccoonO365 Phishing-as-a-Service

https://www.morado.io/blog-posts/understanding-raccoono365-phishing-as-a-service

6. Click Account Takeover (ATO)

https://medium.com/@anandrishav2228/click-account-takeover-ato-532065b4696d

7. How I Caught a Trojan Using DNS Traffic in Wireshark

https://medium.com/@Rim_ripper/how-i-caught-a-trojan-using-dns-traffic-in-wireshark-6fd460d00e89

8. How to use Prometheus to efficiently detect anomalies at scale

https://grafana.com/blog/2024/10/03/how-to-use-prometheus-to-efficiently-detect-anomalies-at-scale/

9. Atomic Stealer now using clipboard hijacking to target Macs

https://www.threatdown.com/blog/atomic-stealer-now-using-clipboard-hijacking-to-target-macs/

---

𝐋𝐢𝐠𝐡𝐭 𝐑𝐞𝐚𝐝𝐢𝐧𝐠:

1. Artificial Eyes: Generative AI in China’s Military Intelligence

https://go.recordedfuture.com/hubfs/reports/ta-cn-2025-0617.pdf

2. Lazarus Group launders stolen crypto via illicit networks and small OTC markets

https://www.cryptopolitan.com/zachxbt-on-lazarus-group-lcrypto-laundering/

3. U.S Bureau of Industry and Security needs better cyberattack response

https://www.oversight.gov/sites/default/files/documents/reports/2025-06/OIG-25-022-I.pdf

4. China cyberattacks may be precursor to Taiwan Strait conflict

https://focustaiwan.tw/cross-strait/202506180011

5. Big Brother Fears over Chinese Security Software in Bosnia’s Republika Srpska

https://balkaninsight.com/2025/06/18/big-brother-fears-over-chinese-security-software-in-bosnias-republika-srpska/

6. Spy ships, cyber-attacks and shadow fleets: the crack security team braced for trouble at sea

https://uk.news.yahoo.com/spy-ships-cyber-attacks-shadow-060005171.html

7. Kosovo Can Deepen US Ties with Cyber-Defence and Drone Collaboration

https://balkaninsight.com/2025/06/18/kosovo-can-deepen-us-ties-with-cyber-defence-and-drone-collaboration/

---

Identifying North Korean Kimsuky (APT43) Infrastructure

https://medium.com/@pteconway/identifying-north-korean-kimsuky-apt43-infrastructure-b6817a58a65b

🟥 𝐃𝐚𝐢𝐥𝐲 𝐑𝐞𝐩𝐨𝐫𝐭 -𝟏𝟕 𝐉𝐮𝐧𝐞 𝟐𝟎𝟐𝟓 🟥
(Posts are updated throughout the day)

𝐍𝐞𝐰𝐬:

1. Scattered Spider, fresh off retail sector attack spree, pivots to insurance industry

https://cyberscoop.com/scattered-spider-pivot-insurance-industry/

2. Suspected Chinese Hackers Targeted the Washington Post

https://www.inforisktoday.com/suspected-chinese-hackers-targeted-washington-post-a-28715

3. Spy school dropout: GCHQ intern jailed for swiping classified data

https://www.theregister.com/2025/06/16/gchq_intern_jailed/

4. Sentara Health terminates remote employees after realizing they couldn’t be sure who was doing the work.

https://databreaches.net/2025/06/16/sentara-health-terminates-remote-employees-after-realizing-they-couldnt-be-sure-who-was-doing-the-work/

5. Meta Starts Showing Ads on WhatsApp After 6-Year Delay From 2018 Announcement

https://thehackernews.com/2025/06/meta-starts-showing-ads-on-whatsapp.html

6. US offering $10 million for info on Iranian hackers behind IOControl malware

https://therecord.media/us-offers-reward-for-iran-hacker-iocontrol-malware

7. Hackers impersonating US government compromise email account of prominent Russia researcher

https://therecord.media/keir-giles-russia-researcher-email-hacked

---

𝐆𝐥𝐨𝐛𝐚𝐥 𝐁𝐫𝐞𝐚𝐜𝐡 𝐍𝐞𝐰𝐬 𝐚𝐧𝐝 𝐃𝐚𝐭𝐚 𝐋𝐞𝐚𝐤𝐬:

1. The threat actor known as "Cargo" claims to have leaked login credentials of Policía Nacional employees, including access to institutional emails and the CNP portal.

2. Israel Hacktivist group claims cyberattack on Iran’s Bank Sepah

https://www.iranintl.com/en/202506176243

---

𝐓𝐚𝐜𝐭𝐢𝐜𝐚𝐥 𝐑𝐞𝐩𝐨𝐫𝐭𝐬 𝐰𝐢𝐭𝐡 𝐈𝐎𝐂𝐬:

1. Exploring a New KimJongRAT Stealer Variant and Its PowerShell Implementation

https://unit42.paloaltonetworks.com/kimjongrat-stealer-variant-powershell/

2. SadFuture: Mapping XDSpy latest evolution

https://harfanglab.io/insidethelab/sadfuture-xdspy-latest-evolution/

3. From SambaSpy to Sorillus: Dancing through a multi-language phishing campaign in Europe

https://www.orangecyberdefense.com/global/blog/cert-news/from-sambaspy-to-sorillus-dancing-through-a-multi-language-phishing-campaign-in-europe

4. Clone, Compile, Compromise: Water Curse’s Open-Source Malware Trap on GitHub

https://www.trendmicro.com/en_us/research/25/f/water-curse.html

5. Team46 and TaxOff: two sides of the same coin

https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/team46-and-taxoff-two-sides-of-the-same-coin

6. Understanding Katz Stealer Malware and Its Credential Theft Capabilities

https://www.picussecurity.com/resource/blog/understanding-katz-stealer-malware-and-its-credential-theft-capabilities

7. Malicious Loan App Removed from iOS and Google Play App Store Posed Severe Risks to Users

https://blog.checkpoint.com/research/malicious-loan-app-removed-from-ios-and-google-play-app-store-posed-severe-risks-to-users/

8. Don't Get Caught in the Headlights - DeerStealer Analysis

https://www.esentire.com/blog/dont-get-caught-in-the-headlights-deerstealer-analysis

9. Beware of smishing euphoria using Hangul subdomains

https://blog.alyac.co.kr/5592

10. Tracking CVE-2025-31324: Darktrace’s detection of SAP Netweaver exploitation before and after disclosure

https://www.darktrace.com/blog/tracking-cve-2025-31324-darktraces-detection-of-sap-netweaver-exploitation-before-and-after-disclosure

11. Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet

https://www.trendmicro.com/en_us/research/25/f/langflow-vulnerability-flodric-botnet.html

---

𝐓𝐡𝐫𝐞𝐚𝐭 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 / 𝐃𝐢𝐠𝐢𝐭𝐚𝐥 𝐅𝐨𝐫𝐞𝐧𝐬𝐢𝐜𝐬:

1. Exchange mutations. Malicious code in Outlook pages

https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/exchange-mutations-malicious-code-in-outlook-pages

2. LLMNR/NBT-NS Poisoning

https://cslabs.net/intelligence-blogs-1/f/llmnrnbt-ns-poisoning

3. NetAnalysis® 4: Boost Your Digital Forensics with Advanced Browser Analysis

https://www.digital-detective.net/netanalysis-4-boost-your-digital-forensics-with-advanced-browser-analysis/

4. Detecting Suspicious ipconfig Executions in the System

https://medium.com/@monik123/detecting-suspicious-ipconfig-process-chains-in-environments-f701e4e08a3f

5. Hidden Threats: How Malicious Browser Extensions Are Hijacking Your Banking Data

https://medium.com/@peris.ai/hidden-threats-how-malicious-browser-extensions-are-hijacking-your-banking-data-7c662a8ccbe7

6. Getting started with Hashcat: Password Recovery

https://medium.com/@tajiabdullah/getting-started-with-hashcat-password-recovery-7a266c53fdd4

7. Man-in-the-Middle Attack | Packets Sniffing | Ettercap

https://medium.com/@99alibinazam/man-in-the-middle-attack-packets-sniffing-ettercap-db82502f0227

8. A JPEG With A Payload

https://isc.sans.edu/diary/32048

9. Installing and Using YARA Malware Detector

https://medium.com/@s12deff/installing-and-using-yara-malware-detector-c36b6aaf2eec

10. Detecting Packet Sniffing Malware on Linux

https://sandflysecurity.com/blog/detecting-packet-sniffing-malware-on-linux

11. Adversaries Use Weaponized GitHub Repositories to Deliver Malware

https://www.knowyouradversary.ru/2025/06/167-adversaries-use-weaponized-github.html

---

𝐌𝐚𝐥𝐰𝐚𝐫𝐞:

1. [Amadey] Targeted Analysis of Campaign’s Kill Chain, String and Traffic Encryption Algorithm, and Download of Additional Modules

https://0x0d4y.blog/amadey-targeted-analysis/?utm_source=rss&utm_medium=rss&utm_campaign=amadey-targeted-analysis

2. VanHelsing Ransomware: A Deep Dive into a 2025 Cyber Threat

https://medium.com/@S44Di/decoding-vanhelsing-ransomware-a-deep-dive-into-a-2025-cyber-threat-10ac9cb1e03b

3. Mallox: Malware Overview

https://medium.com/@anyrun/mallox-malware-overview-82be62c23477

4. Anatomy of an AgentTesla Loader: Deobfuscation, Custom Encryption, and Active Defenses

https://medium.com/@pudimcaro/anatomy-of-an-agenttesla-loader-deobfuscation-custom-encryption-and-active-defenses-dbe8284d9870

---

𝐋𝐢𝐠𝐡𝐭 𝐑𝐞𝐚𝐝𝐢𝐧𝐠:

1. How "Telegram" is associated with the Russian FSB

https://istories.media/stories/2025/06/10/kak-telegram-svyazan-s-fsb/

2. Cyberthreats to the financial sector: forecast for 2025–2026

https://global.ptsecurity.com/analytics/cyberthreats-to-the-financial-sector--forecast-for-2025-2026

3. U.S Army Cyber Corps - A Prehistory

https://www.army.mil/article/286292/army_cyber_corps_a_prehistory

4. NSFOCUS APT Monthly Briefing – April 2025

https://nsfocusglobal.com/nsfocus-apt-monthly-briefing-april-2025/

5. China’s state security agency warns of phishing emails sent by foreign spies

https://www.scmp.com/news/china/politics/article/3314730/chinas-state-security-agency-warns-phishing-emails-sent-foreign-spies?utm_source=rss_feed

6. Radware warns of surge in Iranian cyber activity targeting Israeli industrial, critical systems

https://industrialcyber.co/industrial-cyber-attacks/radware-warns-of-surge-in-iranian-cyber-activity-targeting-israeli-industrial-critical-systems/

---

🟥 𝐃𝐚𝐢𝐥𝐲 𝐑𝐞𝐩𝐨𝐫𝐭 -𝟏𝟔 𝐉𝐮𝐧𝐞 𝟐𝟎𝟐𝟓 🟥
(Posts are updated throughout the day)

𝐍𝐞𝐰𝐬:

1. JPMorgan, Bank of America, and TD Bank Warn of Data Breaches Impacting Customer Information

https://uk.finance.yahoo.com/news/jpmorgan-bank-america-td-bank-094648100.html

2. Major European insurer hit by cyberattack

https://www.insurancebusinessmag.com/uk/news/cyber/major-european-insurer-hit-by-cyberattack-539138.aspx

3. Cyprus urged to invest in SME cybersecurity

https://cyprus-mail.com/2025/06/16/cyprus-urged-to-invest-in-sme-cybersecurity

4. MI6 appoints first female chief in 116-year history

https://www.bbc.com/news/articles/czxyx04dv1wo

5. UK National Cyber Security Centre calls for strategic cybersecurity policy agenda

https://www.ncsc.gov.uk/blog-post/sausages-incentives-rewarding-resilient-technology-future

6. Armoured cash transport trucks allegedly hauled money for $190 million crypto-laundering scheme

https://www.theregister.com/2025/06/16/asia_tech_news_roundup/

7. U.S. Senator Maria Cantwell is demanding answers by June 26 from AT&T and Verizon following the Chinese-linked ‘Salt Typhoon’ cyber operation.

https://industrialcyber.co/critical-infrastructure/cantwell-demands-answers-from-att-verizon-over-chinese-salt-typhoon-breach/

8. US regulators eye Google’s Wiz acquisition

https://www.bobsguide.com/us-regulators-eye-googles-wiz-acquisition/

9. Former CISA and NCSC Heads Warn Against Glamorizing Threat Actor Names

https://www.infosecurity-magazine.com/news/former-cisa-ncsc-threat-actor-names/

10. 700% spike in cyberattacks on Israel since strike on Iran

https://www.jpost.com/business-and-innovation/tech-and-start-ups/article-857790

---

𝐆𝐥𝐨𝐛𝐚𝐥 𝐁𝐫𝐞𝐚𝐜𝐡 𝐍𝐞𝐰𝐬 𝐚𝐧𝐝 𝐃𝐚𝐭𝐚 𝐋𝐞𝐚𝐤𝐬:

1. APT Iran Allegedly Hits Israeli Critical Infrastructure with Ransomware

https://dailydarkweb.net/aptiran-allegedly-hits-israeli-critical-infrastructure-with-ransomware/

2. A threat actor has allegedly posted a database containing the sensitive information of more than 103,000 patients from Hôpital Privé de la Miotte for sale on a dark web forum.

3. WestJet faced with cybersecurity incident involving app and internal systems

https://calgaryherald.com/business/westjet-cybersecurity-incident-june-2025

4. Washington Post Investigating Cyberattack on Journalists' Email Accounts, Source Says

https://www.usnews.com/news/top-news/articles/2025-06-15/washington-post-investigating-cyberattack-on-journalists-wsj-reports

---

𝐓𝐚𝐜𝐭𝐢𝐜𝐚𝐥 𝐑𝐞𝐩𝐨𝐫𝐭𝐬 𝐰𝐢𝐭𝐡 𝐈𝐎𝐂𝐬:

1. GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

https://www.recordedfuture.com/research/grayalpha-uses-diverse-infection-vectors-deploy-powernet-loader-netsupport-rat

2. Fileless AsyncRAT Distributed Via Clickfix Technique Targeting German Speaking Users

https://www.cloudsek.com/blog/fileless-asyncrat-distributed-via-clickfix-technique-targeting-german-speaking-users

3. PULSAR RAT Technical Analysis

https://45734016.fs1.hubspotusercontent-na1.net/hubfs/45734016/Pulsar%20RAT%20Technical%20Malware%20Analysis%20Report.pdf

4. Anubis: A Closer Look at an Emerging Ransomware with Built-in Wiper

https://www.trendmicro.com/en_us/research/25/f/anubis-a-closer-look-at-an-emerging-ransomware.html

5. May 2025 Threat Trend Report on Ransomware

https://asec.ahnlab.com/en/88474/

6. Malicious crypto-theft package targets Web3 developers in North Korean operation

https://www.aikido.dev/blog/malicious-package-web3

7. The Growing Risk of Malicious Browser Extensions

https://socket.dev/blog/the-growing-risk-of-malicious-browser-extensions

8. BERT RANSOMWARE

https://theravenfile.com/2025/06/16/bert-ransomware/

---

𝐓𝐡𝐫𝐞𝐚𝐭 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 / 𝐃𝐢𝐠𝐢𝐭𝐚𝐥 𝐅𝐨𝐫𝐞𝐧𝐬𝐢𝐜𝐬:

1. MacOS Tahoe brings a new disk image format

https://developer.apple.com/documentation/virtualization/vzdiskimagestoragedeviceattachment/

2. APT Stealth Falcon - CVE-2025-33053 Detection kql

https://github.com/SlimKQL/Hunting-Queries-Detection-Rules/blob/main/DefenderXDR/APT%20Stealth%20Falcon%20-%20CVE-2025-33053%20Detection.kql

3. Detecting Windows Problem Reporting Abuse

https://www.knowyouradversary.ru/2025/06/166-detecting-windows-problem-reporting.html

4. Ghosts in the Network: What Your Digital Footprint Reveals

https://medium.com/@wpauweerawardhana2002/ghosts-in-the-network-what-your-digital-footprint-reveals-0ce57e8b63e5

5. MacOS hacking part 1: stealing data via legit Telegram API. Simple C example

https://cocomelonc.github.io/macos/2025/06/12/malware-mac-1.html

6. Hunting Through APIs

https://kqlquery.com/posts/hunting-api-kql/

7. Cleartext Protocols 101: How to Connect Anonymously to FTP, Telnet, and rsync

https://osintteam.blog/cleartext-protocols-101-how-to-connect-anonymously-to-ftp-telnet-and-rsync-2c1001dcbdb0

8. dnsimg - storing images in txt records

https://asherfalcon.com/blog/posts/2

9. How Hackers Exploit RDP: What you Need to Know to Protect Yourself

https://medium.com/@cywarr/how-hackers-exploit-rdp-what-you-need-to-know-to-protect-yourself-d773fc52f2d5

10. How I Made EC2 SSH Access Instant with Aliases in PowerShell and Git Bash

https://medium.com/@JiokeCloudSec/%EF%B8%8F-how-i-made-ec2-ssh-access-instant-with-aliases-in-powershell-and-git-bash-5a9ca6eb2704

11. Using Heuristics to Detect Malicious Pages

https://medium.com/@bhuvanagowthami/using-heuristics-to-detect-malicious-pages-3e4ea1b24e79

12. Mastering Wireshark: A Visual Network Forensics Guide

https://medium.com/@kallabharath2004/mastering-wireshark-a-visual-network-forensics-guide-ffd0aa8e5b36

13. Rust C2 Powered By Tor

https://github.com/zarkones/OnionC2

14. Reverse searching the Usernames and Email IDs, tools and more

https://medium.com/@hawk101/reverse-searching-the-usernames-and-email-ids-tools-and-more-72a9954bcdfa

15. Telegram Account Checker

https://darkwebinformer.com/telegram-account-checker/

16. Container Escape Techniques: Breaking Out of the Digital Jail

https://infosecwriteups.com/container-escape-techniques-breaking-out-of-the-digital-jail-ad06962c5292

---

𝐌𝐚𝐥𝐰𝐚𝐫𝐞:

1. Virlock: Malware Overview

https://medium.com/@anyrun/virlock-malware-overview-f695fc63c973

2. Inside Zeus Malware — A Step-by-Step Network Traffic Analysis

https://medium.com/@CyberMina/inside-zeus-malware-a-step-by-step-network-traffic-analysis-941809b2d832

3. Bumblebee: Malware Analysis

https://medium.com/@coormac/bumblebee-malware-analysis-be38f76d78ab

4. Setup for Reverse Engineers

https://medium.com/@lord_murak/setup-for-reverse-engineers-090c5ddf868f

5. DarkGate Malware: A Network Forensics Investigation Using Wireshark & NetworkMiner

https://medium.com/@chirag.p.ghotikar/%EF%B8%8F-darkgate-malware-a-network-forensics-investigation-using-wireshark-networkminer-7fea5d94e23e

---

𝐋𝐢𝐠𝐡𝐭 𝐑𝐞𝐚𝐝𝐢𝐧𝐠:

1. Reflections of the Israel-Iran Conflict on the Cyber World

https://socradar.io/reflections-of-israel-iran-conflict-cyber-world/

2. Why BYOD and Third-Party Access Are the Silent Threats in Hybrid Work

https://medium.com/@chsieh_30329/why-byod-and-third-party-access-are-the-silent-threats-in-hybrid-work-and-how-mammoth-cyber-0b24a4c52ed0

3. A Cyberweapon Beyond Ransomware: NOT_PETYA by Isabella Kelly

https://medium.com/@valkyriescyber/a-cyberweapon-beyond-ransomware-not-petya-by-isabella-kelly-6724cf1e972a

4. Why banks’ tech-first approach leaves governance gaps

https://www.helpnetsecurity.com/2025/06/16/rich-friedberg-live-oak-bank-banking-cyber-governance/

5. HP Wolf Threat Insights Report June 2025

https://threatresearch.ext.hp.com/wp-content/uploads/2025/06/HP_Wolf_Security_Threat_Insights_Report_June_2025.pdf

---

🟥 𝐃𝐚𝐢𝐥𝐲 𝐑𝐞𝐩𝐨𝐫𝐭 - 𝟏𝟑 𝐉𝐮𝐧𝐞 𝟐𝟎𝟐𝟓 🟥
(Posts are updated throughout the day)

𝐍𝐞𝐰𝐬:

1. Cloudflare service outage June 12, 2025

https://blog.cloudflare.com/cloudflare-service-outage-june-12-2025/

2. Dell and TUS developing AI platform for advanced research

https://www.siliconrepublic.com/innovation/dell-tus-developing-ai-platform-advanced-research

https://blog.cloudflare.com/cloudflare-service-outage-june-12-2025/

3. EU Pumps €145.5 Million into Cybersecurity for SMEs and Healthcare

https://informationsecuritybuzz.com/eu-pumps-e145-5-million-into-cybersecurity/

https://ec.europa.eu/info/funding-tenders/opportunities/portal/screen/opportunities/calls-for-proposals?order=DESC&pageNumber=1&pageSize=50&sortBy=startDate&isExactMatch=true&status=31094501,31094502,31094503&programmePeriod=2021%20-%202027&frameworkProgramme=43108390&callIdentifier=HORIZON-CL3-2025-02-CS-ECCC

4. EU and Moldova conduct stress test on potential digital hybrid threats ahead of parliamentary elections

https://euneighbourseast.eu/news/latest-news/eu-and-moldova-conduct-stress-test-on-potential-digital-hybrid-threats-ahead-of-parliamentary-elections/

5. Iran orders full cyber alert across government systems

https://shafaq.com/en/Middle-East/Iran-orders-full-cyber-alert-across-government-systems

6. Cyber strike: Ukraine hits Russian Railways, tax, and customs sites in coordinated attack

https://newsukraine.rbc.ua/news/cyber-strike-ukraine-hits-russian-railways-1749807207.html

7. Ukrainian cyberattack cripples major internet provider in Siberia on Russia Day

https://tvpworld.com/87242100/ukrainian-hackers-cripple-siberian-internet-provider-on-russia-day

8. Airlines Secretly Selling Passenger Data to the Government

https://www.404media.co/airlines-dont-want-you-to-know-they-sold-your-flight-data-to-dhs/

9. Slapped wrists for Financial Conduct Authority staff who emailed work data home

https://www.theregister.com/2025/06/13/fca_staff_data_breach/

10. South African man imprisoned after ransom demand against his former employer

https://www.saps.gov.za/newsroom/msspeechdetail.php?nid=61361

11. Just 3% of New Zealand domains enforce top anti-phishing policy

https://securitybrief.co.nz/story/just-3-of-new-zealand-domains-enforce-top-anti-phishing-policy

12. Bank of England loses hundreds of laptops amid rising cyber threats

https://www.cityam.com/bank-of-england-loses-hundreds-of-laptops-amid-rising-cyber-threats/

---

𝐆𝐥𝐨𝐛𝐚𝐥 𝐁𝐫𝐞𝐚𝐜𝐡 𝐍𝐞𝐰𝐬 𝐚𝐧𝐝 𝐃𝐚𝐭𝐚 𝐋𝐞𝐚𝐤𝐬:

1. Brussels Parliament hit by cyber-attack: The services of the Brussels Parliament have been the target of a cyber attack since Monday. This was announced on Thursday.According to Parliament President Bertin Mampaka, every effort is being made to deal with the situation with external partners. Currently, there are no consequences for the functioning of the Parliament. Thursday's committee meetings and the plenary session will go ahead as planned for the time being.

https://www.brusselstimes.com/brussels/1623019/brussels-parliament-hit-by-cyber-attack

2. Spain - GTD System & Software Engineering: The threat actor known as "_Sentap" claims to have exfiltrated 2.71 GB of sensitive and classified data from the website of GTD System & Software Engineering, a Spanish defense technology company involved in military projects. The stolen dataset allegedly includes highly confidential technical documents, design diagrams, contracts, software system specifications, material safety data sheets, and logistics reports related to military equipment such as the AVANTE 2200 frigates and the VCR 8x8 armored vehicle.

3. A threat actor has allegedly breached Scania, a world-leading Swedish manufacturer of commercial vehicles, including heavy trucks and buses. The actor claims to be selling a database containing 34,000 files, offering the entire dataset exclusively to a single buyer to maximize its value and impact.

4. T-Mobile customers' address, number, and other info allegedly up for sale; company denies claim

https://www.phonearena.com/news/T-Mobile-customers-address-number-and-other-info-allegedly-up-for-sale-company-denies-claim_id171306

---

𝐓𝐚𝐜𝐭𝐢𝐜𝐚𝐥 𝐑𝐞𝐩𝐨𝐫𝐭𝐬 𝐰𝐢𝐭𝐡 𝐈𝐎𝐂𝐬:

1. Possible Lazarus Group IOCs

https://x.com/500mk500/status/1933459419422941267

2. Distributing Malware Disguising Paper Files (Kimsuky Group)

https://asec.ahnlab.com/ko/88419/

3. Predator Still Active, with New Client and Corporate Links Identified

https://www.recordedfuture.com/research/predator-still-active-new-links-identified

4. From Trust to Threat: Hijacked Discord Invites Used for Multi-Stage Malware Delivery

https://research.checkpoint.com/2025/from-trust-to-threat-hijacked-discord-invites-used-for-multi-stage-malware-delivery/

5. AITM phishing with Russian infrastructure and detection evasion from a lapsed domain

https://sublime.security/blog/aitm-phishing-with-russian-infrastructure-and-detection-evasion-from-a-lapsed-domain/

6. Vexing and Vicious: The Eerie Relationship between WordPress Hackers and an Adtech Cabal

https://blogs.infoblox.com/threat-intelligence/vexing-and-vicious-the-eerie-relationship-between-wordpress-hackers-and-an-adtech-cabal/

7. Inside the LockBit's Admin Panel Leak: Affiliates, Victims and Millions in Crypto

https://www.trellix.com/blogs/research/inside-the-lockbits-admin-panel-leak-affiliates-victims-and-millions-in-crypto/

8. Anatomy of a Linux SSH Honeypot Attack: Detailed Analysis of Captured Malware

https://isc.sans.edu/diary/rss/32024

---

𝐓𝐡𝐫𝐞𝐚𝐭 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 / 𝐃𝐢𝐠𝐢𝐭𝐚𝐥 𝐅𝐨𝐫𝐞𝐧𝐬𝐢𝐜𝐬:

1. Exchange Mutations. Malicious code in the Outlook pages

https://ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/exchange-mutations-vredonosnyj-kod-v-stranicah-outlook/#id1

2. The Predator spyware ecosystem is not dead

https://blog.sekoia.io/the-predator-spyware-ecosystem-is-not-dead/

3. Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider

https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-163a

4. Serverless Tokens in the Cloud: Exploitation and Detections

https://unit42.paloaltonetworks.com/serverless-authentication-cloud/

5. The TokenBreak Attack

https://hiddenlayer.com/innovation-hub/the-tokenbreak-attack/

6. A Curious Case of Iediagcmd.exe Abuse

https://www.knowyouradversary.ru/2025/06/163-curious-case-of-iediagcmdexe-abuse.html

7. Ransomware Gang Abuses Legitimate Employee Monitoring Software

https://www.knowyouradversary.ru/2025/06/164-ransomware-gang-abuses-legitimate.html

8. CloudFlare Project Galileo 11th Anniversary

https://radar.cloudflare.com/reports/project-galileo-11th-anniv

9. Day 2: “Detecting Port Scans with Wireshark”

https://medium.com/@huynhamy2201/day-2-detecting-port-scans-with-wireshark-c55fe984b7c6

10. Logs Don’t Lie: My Virtual Cyber Crime Investigation Experience

https://medium.com/@nimitahir7631/logs-dont-lie-my-virtual-cyber-crime-investigation-experience-0da19c2a4932

11. CVE-2025-26685 – Spoofing to Elevate Privileges with Microsoft Defender for Identity

https://www.netspi.com/blog/technical-blog/network-pentesting/microsoft-defender-for-identity-spoofing-cve-2025-26685/

12. Hunting Obfuscated PowerShell Attacks with SigmaHunter: EXE Drops in Temp Folder

https://medium.com/@egycondor/hunting-obfuscated-powershell-attacks-with-sigmahunter-exe-drops-in-temp-folder-150572552ffe

13. Cached screenshots on Windows 11

https://thinkdfir.com/2025/06/13/cached-screenshots-on-windows-11/

---

𝐌𝐚𝐥𝐰𝐚𝐫𝐞:

1. UAC-0219's Malware Analysis

https://medium.com/@johnlery71594/uac-0219s-malware-analysis-e8885758305d

---

𝐋𝐢𝐠𝐡𝐭 𝐑𝐞𝐚𝐝𝐢𝐧𝐠:

1. From Dirty Crypto to Clean Money – The Laundering Playbook of Russophone Cybercriminals

https://www.cybercrimediaries.com/post/from-dirty-crypto-to-clean-money-the-laundering-playbook-of-russophone-cybercriminals

2. Israel’s Long Shadow War Against Iran Now Overt

https://www.outlookindia.com/international/israels-long-shadow-war-against-iran-now-overt

3. The Real Threat From Iran

https://www.foreignaffairs.com/israel/real-threat-iran

4. Exposing the Russia’s Undersea Shadow War

https://techjournalism.medium.com/exposing-the-russias-undersea-shadow-war-467890fac159

---

🟥 𝐃𝐚𝐢𝐥𝐲 𝐑𝐞𝐩𝐨𝐫𝐭 - 𝟏𝟐 𝐉𝐮𝐧𝐞 𝟐𝟎𝟐𝟓 🟥
(Posts are updated throughout the day)

𝐍𝐞𝐰𝐬:

1. Steven Goff attends Ireland's Leinster House to discuss the current state of Ireland’s cyber defence capability and overall resilience.

https://www.linkedin.com/feed/update/urn:li:activity:7338585342750404608/?commentUrn=urn%3Ali%3Acomment%3A(activity%3A7338585342750404608%2C7338845455121805315)&dashCommentUrn=urn%3Ali%3Afsd_comment%3A(7338845455121805315%2Curn%3Ali%3Aactivity%3A7338585342750404608)

2. Ireland: Department of Social Protection fined €550,000 over facial scans

https://www.irishtimes.com/business/2025/06/12/department-of-social-protection-fined-550000-over-facial-scans/

3. Irish Data Protection Commission imposes fines for transfer of personal data to China

https://www.osborneclarke.com/insights/irish-data-protection-commission-imposes-fines-transfer-personal-data-china

4. Just 5% of Irish Leaders Equipped to Fully Harness AI to Drive Growth in Their Organisation

https://irishtechnews.ie/just-5-of-irish-leaders-equipped-to-harness-ai/

5. Cutting-edge IT and cyber security programme to enhance visitor experience and future-proof iconic Belfast attraction

https://www.newsletter.co.uk/business/this-partnership-marks-a-significant-step-in-our-digital-journey-cutting-edge-it-and-cyber-security-programme-to-enhance-visitor-experience-and-future-proof-iconic-belfast-attraction-5172394

6. NATO cyber advisor ready to work with energy sector to bolster security

https://www.enlit.world/digitalisation/cybersecurity/nato-cyber-advisor-ready-to-work-with-energy-sector-to-bolster-security/

7. Dutch police identify users on Cracked.io

https://www.politie.nl/nieuws/2025/juni/10/08-politie-identificeert-gebruikers-op-internationaal-verdacht-cyber-platform.html

8. Infinigate and Threema Announce European Partnership

https://pressat.co.uk/releases/infinigate-and-threema-announce-european-partnership-8bff1a87252448549e8105926688fa1d/

9. Guernsey to launch cyber security centre

https://www.bbc.com/news/articles/ckgrqwj729zo

10. Taiwan cyber unit says it will not be intimidated by China bounty offer

https://www.reuters.com/sustainability/boards-policy-regulation/taiwan-cyber-unit-says-it-will-not-be-intimidated-by-china-bounty-offer-2025-06-12/

11. BAE Systems brings South Korea’s Hanwha into intelligence-gathering constellation

https://spacenews.com/bae-systems-brings-south-koreas-hanwha-into-intelligence-gathering-constellation/

12. With Retail Cyberattacks on the Rise, Customers Find Orders Blocked and Shelves Empty

https://www.securityweek.com/with-retail-cyberattacks-on-the-rise-customers-find-orders-blocked-and-shelves-empty/

13. Critical Vulnerability Patched in SAP NetWeaver

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/june-2025.html

14. Mozilla Foundation Security Advisory 2025-47

https://www.mozilla.org/en-US/security/advisories/mfsa2025-47/

15. CISA’s executive director is leaving the agency

https://www.nextgov.com/cybersecurity/2025/06/cisas-executive-director-leaving-agency/405981/

16. SinoTrack GPS Receiver

https://www.cisa.gov/news-events/ics-advisories/icsa-25-160-01

17. techUK opposes ban on public sector ransomware payments

https://www.ukauthority.com/articles/techuk-opposes-ban-on-public-sector-ransomware-payments

18. 'Major compromise' at NHS temping arm exposed gaping security holes

https://www.theregister.com/2025/06/12/compromise_nhs_professionals/

---

𝐆𝐥𝐨𝐛𝐚𝐥 𝐁𝐫𝐞𝐚𝐜𝐡 𝐍𝐞𝐰𝐬 𝐚𝐧𝐝 𝐃𝐚𝐭𝐚 𝐋𝐞𝐚𝐤𝐬:

1. U.S Thomasville city systems hit by cyberattack, residents worry about data security

https://abc45.com/news/local/thomasville-city-systems-hit-by-cyberattack-residents-worry-about-data-security

2. Threat actor claims to be selling personal data from TotalEnergies Spain, including names, phone numbers, addresses, IPs, and electricity subscription details.

3. Erie Insurance and Erie Indemnity Company have disclosed that a weekend cyberattack is behind the recent business disruptions and platform outages on its website.

https://www.sec.gov/Archives/edgar/data/922621/000092262125000023/erie-20250607.htm

4. Ogeechee Circuit District Attorney’s Office Target of Cyber Attack. Thanks to a recently expanded contract with Georgia Technologies for 24/7 IT support, the attack was identified and stopped in progress, preventing what could have been catastrophic data loss.

https://www.thegeorgiavirtue.com/bulloch-local-government/district-attorney-office-target-of-cyber-attack/

5. A threat actor claims to be selling a dataset containing 600,000 credit card records allegedly sourced from Mashreq Bank. The leaked data reportedly includes sensitive personal and financial information such as cardholder full names, genders, dates of birth, mobile numbers, country and currency codes (e.g., AE–AED), and card types including Solitaire, Platinum Elite, and Cash Back.

---

𝐓𝐚𝐜𝐭𝐢𝐜𝐚𝐥𝐬 𝐑𝐞𝐩𝐨𝐫𝐭𝐬 𝐰𝐢𝐭𝐡 𝐈𝐎𝐂𝐬:

1. Tracing Silver Fox The Winos 4.0 Campaign Behind Operation Holding Hands

https://somedieyoungzz.github.io/posts/silver-fox/

2. Attackers Unleash TeamFiltration: Account Takeover Campaign (UNK_SneakyStrike) Leverages Popular Pentesting Tool

https://www.proofpoint.com/us/blog/threat-insight/attackers-unleash-teamfiltration-account-takeover-campaign

3. Gone But Not Forgotten: Black Basta’s Enduring Legacy

https://reliaquest.com/blog/decline-and-legacy-of-black-basta-whats-next-ransomware-phishing/

4. JSFireTruck: Exploring Malicious JavaScript Using JSF*ck as an Obfuscation Technique

https://unit42.paloaltonetworks.com/malicious-javascript-using-jsfiretruck-as-obfuscation/

5. The Spectre of SpectraRansomware

https://labs.k7computing.com/index.php/the-spectre-of-spectraransomware/

6.May 2025APT Attack Trends Report (Domestic) APT37 or Kimsuky IOCs

https://asec.ahnlab.com/ko/88436/

---

𝐓𝐡𝐫𝐞𝐚𝐭 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 / 𝐃𝐢𝐠𝐢𝐭𝐚𝐥 𝐅𝐨𝐫𝐞𝐧𝐬𝐢𝐜𝐬:

1. DPRK Actors Identified

https://x.com/browsercookies/status/1932932373609586853

https://x.com/browsercookies/status/1932615369237438730

2. Covert Web-to-App Tracking via Localhost on Android

https://localmess.github.io/

3. Detecting PureLogs traffic with CapLoader

https://www.netresec.com/?page=Blog&month=2025-06&post=Detecting-PureLogs-traffic-with-CapLoader

4. Day 1: “Detecting Failed Login Attempts on Linux”

https://medium.com/@huynhamy2201/day-1-detecting-failed-login-attempts-on-linux-45acf608f31f

5. remotely dumping Windows local credentials (SAM) by leveraging Shadow Snapshots.

https://labs.itresit.es/2025/06/11/remote-windows-credential-dump-with-shadow-snapshots-exploitation-and-detection/

6. Path Traversal: Portswigger Lab Walkthrough

https://thecyberray.medium.com/path-traversal-portswigger-lab-walkthrough-7f61dd044452

7. SVGs — Why Your “Images” Might Be More Dangerous Than You Think

https://medium.com/@akanksha.amarendra6/svgs-why-your-images-might-be-more-dangerous-than-you-think-8f84ba43afc9

8. Dissecting the Shamoon Attack

https://medium.com/@VampireXRay/dissecting-the-shamoon-attack-bbf378b0deaf

9. OneLogin, Many Issues: How I Pivoted from a Trial Tenant to Compromising Customer Signing Keys

https://specterops.io/blog/2025/06/10/onelogin-many-issues-how-i-pivoted-from-a-trial-tenant-to-compromising-customer-signing-keys/

10. TTP Exchange Launches

https://www.linkedin.com/feed/update/urn:li:activity:7338635559919120384/

11. C2 Architecture: Pull the Strings, Run the Show

https://www.scip.ch/en/?labs.20250612

12. Ransom Note Viewer

https://darkwebinformer.com/ransom-notes/

13. Cato CTRL™ Threat Research: Uncovering Nytheon AI – A New Platform of Uncensored LLMs

https://www.catonetworks.com/blog/cato-ctrl-nytheon-ai-a-new-platform-of-uncensored-llms/

14. SmartAttack uses smartwatches to steal data from air-gapped systems

https://arxiv.org/html/2506.08866v1

15. Breaking down ‘EchoLeak’, the First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 Copilot

https://www.aim.security/lp/aim-labs-echoleak-blogpost

16. Understanding SSRF: Abusing Server Trust from the Inside Out

https://blog.sucuri.net/2025/06/understanding-ssrf-abusing-server-trust-from-the-inside-out.html

17. First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted

https://citizenlab.ca/2025/06/first-forensic-confirmation-of-paragons-ios-mercenary-spyware-finds-journalists-targeted/

---

𝐌𝐚𝐥𝐰𝐚𝐫𝐞:

1. Malwoverview is a first response tool for threat hunting, which performs an initial and quick triage of malware samples, URLs, IP addresses, domains, malware families, IOCs and hashes.

https://www.linkedin.com/feed/update/urn:li:activity:7337534809486811137/

2.Tools and Automated Systems for Malware Analysis

https://medium.com/@alibadalov.20/tools-and-automated-systems-for-malware-analysis-0f1df12103da

---

𝐎𝐒𝐈𝐍𝐓:

1. OSINT Guide Pt 1 :Using Flatpak + Tor for Telegram OSINT

https://medium.com/@hacktheplanet/osint-guide-pt-1-using-flatpak-tor-for-telegram-osint-73cd66825c2f

2. TelegramScraper – OSINT Focused Recon Tool for Telegram

https://x.com/_0b1d1/status/1932730796647067658

---

𝐋𝐢𝐠𝐡𝐭 𝐑𝐞𝐚𝐝𝐢𝐧𝐠:

1. Broken Object Level Authorization (BOLA): Complete Guide — Part 1

https://medium.com/@narendarlb123/broken-object-level-authorization-bola-complete-guide-part-1-2960dbcd480a

2. Former CIA Analyst Sentenced to Over Three Years in Prison for Unlawfully Transmitting Top Secret National Defense Information

https://www.justice.gov/opa/pr/former-cia-analyst-sentenced-over-three-years-prison-unlawfully-transmitting-top-secret

3. Air Traffic Control in the US Still Runs on Windows 95 and Floppy Disks

https://www.wired.com/story/air-traffic-control-windows-95-floppy-disks/?utm_brand=wired&utm_social-type=owned&utm_source=twitter&utm_medium=social&utm_campaign=aud-dev

4. Defense-Through-Offense Mindset: From a Taiwanese Hacker to the Engine of China’s Cybersecurity Industry

https://nattothoughts.substack.com/p/defense-through-offense-mindset-from

5. Lazarus: Is your best IT worker really a North Korean hacker?

https://podcasts.apple.com/us/podcast/lazarus-is-your-best-it-worker-really-a-north-korean-hacker/id1813334799?i=1000712386700

---

🟥 𝐃𝐚𝐢𝐥𝐲 𝐑𝐞𝐩𝐨𝐫𝐭 - 𝟏𝟏 𝐉𝐮𝐧𝐞 𝟐𝟎𝟐𝟓 🟥
(Posts are updated throughout the day)

𝐍𝐞𝐰𝐬:

1. Teamxxx ransomware group claims to have breached Irish company 'Interiorsgroup[.]ie', offering data via their dedicated leak site (DLS).

2. Microsoft Patches 67 Vulnerabilities Including WEBDAV Zero-Day Exploited in the Wild

https://msrc.microsoft.com/update-guide/releaseNote/2025-Jun

3. ConnectWise rotating code signing certificates over security concerns

https://www.connectwise.com/company/trust/advisories

4. Code Execution Flaws Haunt Adobe Acrobat Reader, Adobe Commerce

https://helpx.adobe.com/security/products/acrobat/apsb25-57.html

5. 20,000 malicious IPs and domains taken down in INTERPOL infostealer crackdown

https://www.interpol.int/en/News-and-Events/News/2025/20-000-malicious-IPs-and-domains-taken-down-in-INTERPOL-infostealer-crackdown

6. Telefónica plots push into cyber and data centres to clear way for deals

https://www.ft.com/content/12ef6e5d-a55f-4e36-8329-0b6e33c54fbe

7. EU, India launch 1st-ever strategic dialogue to boost cooperation

https://www.aa.com.tr/en/asia-pacific/eu-india-launch-1st-ever-strategic-dialogue-to-boost-cooperation/3593255

8. Zero-Click Threat: Chinese Hackers Hijack Phones Without You Knowing

https://the420.in/chinese-hackers-smartphone-surveillance-ireport-nsa-warning/

9. Crypto scam probe by Telangana Cyber Security Bureau exposes cyber slavery racket with Chinese links

https://www.msn.com/en-in/news/India/crypto-scam-probe-by-telangana-cyber-security-bureau-exposes-cyber-slavery-racket-with-chinese-links/ar-AA1GjLkO

10. The Russian State Duma adopted a law on the creation of a national messenger

https://eurasiabusinessnews.com/2025/06/10/the-russian-state-duma-adopted-a-law-on-the-creation-of-a-national-messenger/

11. Sweden under cyberattack: Prime minister sounds the alarm

https://www.euractiv.com/section/tech/news/sweden-under-cyberattack-prime-minister-sounds-the-alarm/

---

𝐆𝐥𝐨𝐛𝐚𝐥 𝐁𝐫𝐞𝐚𝐜𝐡 𝐍𝐞𝐰𝐬 𝐚𝐧𝐝 𝐃𝐚𝐭𝐚 𝐋𝐞𝐚𝐤𝐬:

1. The Texas Department of Transportation experienced a data breach resulting in the theft of nearly 300,000 crash records due to compromised credentials. The exposed data includes personal information, increasing the risk of scams and identity theft for affected individuals.

https://www.txdot.gov/about/newsroom/statewide/account-compromise-leads-to-crash-records-data-breach.html

2. A threat actor has allegedly put comprehensive access to the digital infrastructure of the Ministry of Foreign Affairs of Kyrgyzstan up for sale on a dark web forum. The seller claims to have obtained complete control over the ministry’s systems. The post, which appeared on a clandestine online marketplace, asserts that the access is extensive and provides a list of the compromised assets.

3. SoftBank, a major Japanese telecommunications company, has announced a potential data breach involving over 137,000 customer records.
A former employee from another cooperating company allegedly accessed the office without authorization in December 2024 and exfiltrated personal data. The leaked information includes names, addresses, and phone numbers of SoftBank and Y!mobile subscribers.

https://www3.nhk.or.jp/news/html/20250611/k10014832201000.html

---

𝐓𝐚𝐜𝐭𝐢𝐜𝐚𝐥𝐬 𝐑𝐞𝐩𝐨𝐫𝐭𝐬 𝐰𝐢𝐭𝐡 𝐈𝐎𝐂𝐬:

1. CVE-2025-33053, Stealth Falcon and Horus: A Saga of Middle Eastern Cyber Espionage

https://research.checkpoint.com/2025/stealth-falcon-zero-day/

2. FIN6 Uses AWS-Hosted Fake Resumes on LinkedIn to Deliver More_eggs Malware

https://dti.domaintools.com/skeleton-spider-trusted-cloud-malware-delivery/

3. Quasar RAT Delivered Through Bat Files

https://isc.sans.edu/diary/rss/32036

4. Understanding CyberEYE RAT Builder: Capabilities and Implications

https://www.cyfirma.com/research/understanding-cybereye-rat-builder-capabilities-and-implications/

5. BlackSuit Continues Social Engineering Attacks in Wake of Black Basta’s Internal Conflict

https://www.rapid7.com/blog/post/2025/06/10/blacksuit-continues-social-engineering-attacks-in-wake-of-black-bastas-internal-conflict/

6. Counterfeiting Qi'anxin certificates! Targeted attacks against blockchain customers

https://ti.qianxin.com/blog/articles/counterfeiting-qianxin-certificates-targeted-attacks-against-blockchain-customers-en/

7. Unmasking the Infrastructure of a Spearphishing Campaign

https://censys.com/blog/unmasking-the-infrastructure-of-a-spearphishing-campaign

8. Toxic trend: Another malware threat targets DeepSeek

https://securelist.com/browservenom-mimicks-deepseek-to-use-malicious-proxy/115728/

---

𝐓𝐡𝐫𝐞𝐚𝐭 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 / 𝐃𝐢𝐠𝐢𝐭𝐚𝐥 𝐅𝐨𝐫𝐞𝐧𝐬𝐢𝐜𝐬:

1. How Hackers Achieve Invisible Persistence in Active Directory: Shadow Credentials & msDS-KeyCredentialLink Explained

https://infosecwriteups.com/how-hackers-achieve-invisible-persistence-in-active-directory-shadow-credentials-6b53a6c85e74

2. Threat hunting case study: DragonForce

https://intel471.com/blog/threat-hunting-case-study-dragonforce

3. Investigating macOS Endpoints

https://www.youtube.com/watch?v=_D6oHm-371A

4. Another Crack in the Chain of Trust: Uncovering (Yet Another) Secure Boot Bypass

https://www.binarly.io/blog/another-crack-in-the-chain-of-trust

5. Hydroph0bia (CVE-2025-4275) - a trivial SecureBoot bypass for UEFI-compatible firmware based on Insyde H2O, part 1

https://coderush.me/hydroph0bia-part1/

6. "Absurd" 12-step malware dropper spotted in malicious npm packages

https://www.thestack.technology/absurd-12-step-malware-dropper-spotted-in-malicious-npm-packages/

7. Adversaries Leverage DNS over HTTPS (DoH) to Evade Detection

https://www.knowyouradversary.ru/2025/06/161-adversaries-leverage-dns-over-https.html

8. A Look in the Mirror - The Reflective Kerberos Relay Attack

https://blog.redteam-pentesting.de/2025/reflective-kerberos-relay-attack/

---

𝐌𝐚𝐥𝐰𝐚𝐫𝐞:

1. Executing Function(s) Before and After the main function

https://medium.com/@lordshen/executing-function-s-before-and-after-the-main-function-8b98084128d6

2. c2Pac: Prototyping C2 Channels Like a Thug

https://medium.com/@toneillcodes/c2pac-prototyping-c2-channels-like-a-thug-5716f36797c3

3. Unraveling a Multi-Stage Downloader with Binary Refinery

https://www.youtube.com/watch?v=HuLONk0Rt98

---

𝐋𝐢𝐠𝐡𝐭 𝐑𝐞𝐚𝐝𝐢𝐧𝐠:

1. Global analysis of Adversary-in-the-Middle phishing threats

https://blog.sekoia.io/global-analysis-of-adversary-in-the-middle-phishing-threats/

2. Russian Spy Ring Reveals the Reality of Radio Frequency Espionage

https://www.hstoday.us/featured/russian-spy-ring-reveals-the-reality-of-radio-frequency-espionage/

3. The DPRK, Cryptocurrency, and Bombs

https://medium.com/@secondaryyoihen/the-dprk-cryptocurrency-and-bombs-1706704d4f9a

4. Winning the war on ransomware with AI: Four real-world use cases

https://www.theregister.com/2025/06/10/delinea_winning_ai_ransomware_war/

---

🟥 𝐃𝐚𝐢𝐥𝐲 𝐑𝐞𝐩𝐨𝐫𝐭 - 𝟏𝟎 𝐉𝐮𝐧𝐞 𝟐𝟎𝟐𝟓 🟥
(Posts are updated throughout the day)

𝐍𝐞𝐰𝐬:

1. Warning that AI doesn’t replace legal duty in Ireland

https://www.lawsociety.ie/gazette/top-stories/2025/june/ai-doesnt-replace-professional-duty/

2. Qualcom Ireland enhances offering with Microsoft designation for Azure Data & AI

https://irishtechnews.ie/qualcom-enhances-offering-with-microsoft-designation-for-azure-data-ai/

3. France estimates GDPR’s cyber benefits to be worth 1 billion euros, or one Meta fine

https://www.cnil.fr/fr/cybersecurite-les-benefices-economiques-du-rgpd

4. Revolut and Glovo backer Lakestar eyes $300M fund to power Europe’s defence tech

https://techfundingnews.com/lakestar-european-defence-fund/

5. Banks Challenge Treasury on Cybersecurity Failures

https://bpi.com/wp-content/uploads/2025/06/Joint-Trades-Regulator-Data-Security-Letter-June-9-2025.pdf

6. US agencies assessed Chinese telecom hackers likely hit data center and residential internet providers

https://www.nextgov.com/cybersecurity/2025/06/us-agencies-assessed-chinese-telecom-hackers-likely-hit-data-center-and-residential-internet-providers/405920/

7. Businesses fight identity fraud surge with misplaced confidence, lack of insight

https://www.biometricupdate.com/202506/businesses-fight-identity-fraud-surge-with-misplaced-confidence-lack-of-insight

8. Half of workers still can’t spot a phishing scam, even when they think they can

https://cybernews.com/security/business-phishing-scams-detection/

9. FBI veteran Brett Leatherman to lead Cyber division

https://cyberscoop.com/fbi-cyber-division-brett-leatherman-assistant-director/

10. New Salesforce SOQL Injection 0-Day Vulnerability Exposes Millions of Deployments

https://mastersplinter.work/research/salesforce-sqli/

11. Nato needs quantum leap in defence, chief says

https://www.bbc.com/news/articles/cj3j637015jo

12. Cyber extortionist sentenced to eight years in jail

https://www.itweb.co.za/article/cyber-extortionist-sentenced-to-eight-years-in-jail/rW1xL75nWG4MRk6m

13. After 46-day cyberattack pause, M&S resumes online orders

https://www.channelnewsasia.com/business/after-46-day-cyberattack-pause-ms-resumes-online-orders-5172351

---

𝐆𝐥𝐨𝐛𝐚𝐥 𝐁𝐫𝐞𝐚𝐜𝐡 𝐍𝐞𝐰𝐬 𝐚𝐧𝐝 𝐃𝐚𝐭𝐚 𝐋𝐞𝐚𝐤𝐬:

1. North American grocery wholesaler United Natural Foods told regulators that a cyber incident temporarily disrupted operations, including its ability to fulfill customer orders.

https://ir.unfi.com/news/press-release-details/2025/statement/default.aspx

2. S5 Agency World is a global maritime services provider, headquartered in London, has fallen victim to BERT Ransomware.

3. Stormous hacking group claims to have breached the Ministère de l'Éducation Nationale, de l'Enseignement supérieur et de la Recherche in France. According to the post, the cybercriminal group managed to exfiltrate data of more than 40,000 individuals, including email addresses, passwords, dates, login URLs, names, and regions.

4. Play ransomware gang claims to have breached Community Choice Credit Union, based in Commerce City, Colorado. The threat actors claim to be in possession of private and confidential personal data, including client documents, budgets, payroll records, accounting files, tax information, IDs, and other financial data.

---

𝐓𝐚𝐜𝐭𝐢𝐜𝐚𝐥𝐬 𝐑𝐞𝐩𝐨𝐫𝐭𝐬 𝐰𝐢𝐭𝐡 𝐈𝐎𝐂𝐬:

1. Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets

https://www.sentinelone.com/labs/follow-the-smoke-china-nexus-threat-actors-hammer-at-the-doors-of-top-tier-targets/

2. GhostVendors Exposed: Silent Push Uncovers Massive Network of 4000+ Fraudulent Domains Masquerading as Major Brands

https://www.silentpush.com/blog/ghostvendors/?utm_source=rss&utm_medium=rss&utm_campaign=ghostvendors

3. Sleep with one eye open: how Librarian Ghouls steal data by night

https://securelist.com/librarian-ghouls-apt-wakes-up-computers-to-steal-data-and-mine-crypto/116536/

4. APT 41: Threat Intelligence Report and Malware Analysis

https://www.resecurity.com/blog/article/apt-41-threat-intelligence-report-and-malware-analysis

5. APT-C-56 (Transparent Tribe) Analysis of DISGOMOJI variant attack activity for Linux systems

https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247506219&idx=1&sn=b185be5815544f28219876ffd736ddbd&chksm=f9c1ea22ceb66334b0103192526a117ea503869ac7d2fdfb8d20751287a147b0647bab0662e3&scene=178&cur_album_id=1955835290309230595&search_click_id

6. DanaBleed: DanaBot C2 Server Memory Leak Bug

https://www.zscaler.com/blogs/security-research/danableed-danabot-c2-server-memory-leak-bug

7. Iranian threat group AgentSerpens (CharmingKitten) was observed likely using generative AI in a malicious PDF masquerading as a document from U.S.

https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-06-09-IOCs-for-Agent-Serpens-activity.txt

https://x.com/Unit42_Intel/status/1932120671183630453

8. APT36 (TransparentTribe) Samples

https://x.com/JAMESWT_WT/status/1932112495994638551

9. LuckyStrike Agent: Poker bluff by Erudite Mogwai

https://rt-solar.ru/solar-4rays/blog/5603/

---

𝐓𝐡𝐫𝐞𝐚𝐭 𝐇𝐮𝐧𝐭𝐢𝐧𝐠 / 𝐃𝐢𝐠𝐢𝐭𝐚𝐥 𝐅𝐨𝐫𝐞𝐧𝐬𝐢𝐜𝐬:

1. U.S. carrier Spectrum impersonation ClickFix targeting Apple MacOS users 2025.6.8

https://wezard4u.tistory.com/429507

2. Skitnet ("Bossnet") in 2025: Stealthy Malware Powering Sophisticated Ransomware Tactics

https://wardenshield.com/skitnet-bossnet-in-2025-stealthy-malware-powering-sophisticated-ransomware-tactics

3. Update: Dumping Entra Connect Sync Credentials

https://specterops.io/blog/2025/06/09/update-dumping-entra-connect-sync-credentials/

4. Bruteforcing the phone number of any Google user

https://brutecat.com/articles/leaking-google-phones

5. Preventing Prompt Injection Attacks at Scale

https://mazinahmed.net/blog/preventing-prompt-injection-attacks-at-scale/

6. Designing Blue Team playbooks with Wazuh for proactive incident response

https://www.bleepingcomputer.com/news/security/designing-blue-team-playbooks-with-wazuh-for-proactive-incident-response/

7. YARA rule creation tool

https://x.com/fr0gger_/status/1931945340527313372

8. Detecting Recent Kimsuky Campaign

https://www.knowyouradversary.ru/2025/06/160-detecting-recent-kimsuky-campaign.html

9. The Evolution of Linux Binaries in Targeted Cloud Operations

https://infosec.exchange/@LCSC_IE/114658467798464989

---

𝐌𝐚𝐥𝐰𝐚𝐫𝐞:

1. Cobalt Strike: Malware Overview

https://medium.com/@anyrun/cobalt-strike-malware-overview-c53c3b449b30

2. Ghost Files for Inter Process Communication

https://medium.com/@s12deff/ghost-files-for-inter-process-communication-131dd9147450

---

𝐋𝐢𝐠𝐡𝐭 𝐑𝐞𝐚𝐝𝐢𝐧𝐠:

1. Insider Threat Incidents For May 2025

https://nationalinsiderthreatsig.org/pdfs/insider-threat-threats-incidents-report-disgruntled-malicious-employees%205-31-25.pdf

2. The past, present and future of cyber-defence at Infosecurity Europe

https://www.techmonitor.ai/partner-content/infosecurity-europe-2025-past-present-future/?cf-view

3. Bear Meets Dragon: The Escalating Espionage Rivalry Between Russia and China

https://lansinginstitute.org/2025/06/09/bear-meets-dragon-the-escalating-espionage-rivalry-between-russia-and-china/

4. Russia could send "little green men" to test NATO's resolve, German intelligence boss warns

https://www.reuters.com/world/russia-has-plans-test-natos-resolve-german-intelligence-chief-warns-2025-06-09/

5. Bitsight Identifies Thousands of Security Cameras Openly Accessible on the Internet

https://enablement.bitsight.com/sh/570339668395124546/assets/?id=570339016365373055

6. Telegram, the FSB, and the Man in the Middle

https://istories.media/en/stories/2025/06/10/telegram-fsb/

7. Russian Intelligence Says It Collects WeChat Data. What Does That Mean?

https://www.nytimes.com/2025/06/07/world/europe/russia-china-wechat-spying.html?smid=nytcore-android-share

---