Latest CyberSec News by @thecyberpicker

Microsoft has patched two zero days this month, one of which is being exploited in the wild

Microsoft today released security updates to fix at least 67 vulnerabilities in its Windows operating systems and software. Redmond warns that one of the flaws is already under active attack, and that software blueprints showing how to exploit a pervasive…

Microsoft has released its monthly security update for June 2025, which includes 66 vulnerabilities affecting a range of products, including 10 that Microsoft marked as “critical.”

A researcher tells CyberScoop that up to 80% of enterprises could be vulnerable to the zero-day Microsoft patched in its June update.

Mark Green, R-Tenn., has championed legislation on the cyber workforce, renewal of a cyber threat information sharing bill and more.

A vulnerability in the DanaBot malware operation introduced in June 2022 update led to the identification, indictment, and dismantling of their operations in a recent law enforcement action.

ConnectWise is warning customers that it is rotating the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise RMM executables over security concerns.

GirlsDoPorn owner pleaded guilty to sex trafficking through his coercive pornographic websites. He now faces life in prison.

Check Point attributed the attack to a group known as Stealth Falcon — a hacking group with longstanding ties to the UAE that has been implicated in dozens of spyware cases and hacking incidents involving governments across the Middle East and Africa.

CEO Sandy Douglas said the food distributor is helping some customers maintain inventory with assistance from other wholesalers.

Security researchers have disclosed a new Secure Boot bypass tracked as CVE-2025-3052 that can be used to turn off security on PCs and servers and install bootkit malware.

Salesforce Industry Cloud has 20+ config risks exposing sensitive data; customers must fix most issues to avoid compliance and security breaches.

Adobe patched 254 flaws, mostly in Experience Manager, impacting cloud and on-prem users, preventing critical code execution risks.

A House panel approved a fiscal 2026 funding bill Monday that would cut the Cybersecurity and Infrastructure Security Agency by $135 million from fiscal 2025, significantly less than the Trump administration’s proposed $495 million.

Microsoft has released the KB5060533 cumulative update for Windows 10 22H2 and Windows 10 21H2, with seven fixes or changes, including bringing seconds back to the time shown in the Calendar flyout.

Android Enterprise has introduced features for mobile security, device management and user productivity in its latest update

SAP fixed a critical NetWeaver flaw that let attackers bypass auth and escalate privileges. Patch released in June 2025 Security Patch.

Microsoft has released Windows 11 KB5060842 and KB5060999 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues, including 66 flaws.

Today is Microsoft's June 2025 Patch Tuesday, which includes security updates for 66 flaws, including one actively exploited vulnerability and another that was publicly disclosed.

FIN6 uses fake resumes hosted on AWS to deliver More_eggs malware, targeting recruiters to steal credentials and card data

The Texas Department of Transportation (TxDOT) is warning that it suffered a data breach after a threat actor downloaded 300,000 crash records from its database.

Microsoft announced it will expand the list of blocked attachments in Outlook Web and the new Outlook for Windows starting next month.

In a twist on typical hiring-related social engineering attacks, the FIN6 hacking group impersonates job seekers to target recruiters, using convincing resumes and phishing sites to deliver malware.

The scheme is based in Cambodia, where people residing in scam centers contact U.S. victims through phone calls, texts, dating apps and other avenues to promote fake cryptocurrency investments.

Ivanti has released security updates to fix three high-severity hardcoded key vulnerabilities in the company's Workspace Control (IWC) solution.

The department store chain six weeks ago was one of the first targets in an international spree of attacks disrupting retailers.

Rust-based Myth Stealer malware spreads via fake gaming sites, stealing browser data from millions worldwide.

AI acts like Pac-Man—devouring sensitive data across clouds, apps, and copilots. Varonis analyzed 1,000 orgs and found 99% have exposed data AI can access, exposing them to data risks.

Heroku is suffering a widespread outage that has lasted over six hours, preventing developers from logging into the platform and breaking website functionality.

The campaign has affected hundreds of Russian users, particularly targeting industrial enterprises and engineering schools, with additional victims reported in Belarus and Kazakhstan.