IT Security Weekend Catch Up – June 21, 2025

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Scammers hijack websites of Bank of America, Netflix, Microsoft, and more to insert fake phone number
  2. Scania confirms insurance claim data breach in extortion attempt
  3. Iranian crypto exchange Nobitex hacked for over $90 million by pro-Israel group
  4. Europe-wide takedown hits longest-standing dark web drug market

For the more technical

  1. Null Pointer Exceptions: From Java’s pitfalls to Kotlin’s solutions
  2. GreyNoise observes exploit attempts targeting Zyxel CVE-2023-28771
  3. Asus Armoury Crate AsIO3.sys authorization bypass vulnerability
  4. Kali Linux 2025.2 release (Kali menu refresh, BloodHound CE & CARsenal)
  5. “The Grafana Ghost” exposes 36% of public-facing instances to malicious account takeover
  6. SmartAttack: Air-gap attack via smartwatches
  7. Breaking down ‘EchoLeak’, the first zero-click AI vulnerability enabling data exfiltration from Microsoft 365 Copilot
  8. How I hacked accounts using host header injection in password reset link
  9. Critical Langflow vulnerability (CVE-2025-3248) actively exploited to deliver Flodrix botnet
  10. Fake Minecraft mods distributed by the Stargazers Ghost Network to steal gamers’ data
  11. Mocha Manakin delivers custom NodeJS backdoor via paste and run
  12. Clone, compile, compromise: Water Curse’s open-source malware trap on GitHub
  13. A Wretch Client: From ClickFix deception to information stealer deployment
  14. Your mobile app, their playground: The dark side of the virtualization
  15. Vexing and vicious: The eerie relationship between WordPress hackers and an adtech Cabal
  16. Exploring a new KimJongRAT stealer variant and its PowerShell implementation
  17. DanaBleed: DanaBot C2 server memory leak bug
  18. GrayAlpha uses diverse infection vectors to deploy PowerNet Loader and NetSupport RAT
  19. Don’t get caught in the headlights – DeerStealer analysis
  20. Amatera stealer: Rebranded ACR stealer with improved evasion, sophistication
  21. Anubis: A closer look at an emerging ransomware with built-in wiper
  22. Defending the Internet: how Cloudflare blocked a monumental 7.3 Tbps DDoS attack
  23. Threat actor Banana Squad exploits GitHub repos in new campaign
  24. Uncovering a Tor-enabled Docker exploit
  25. Analyzing SerpentineCloud: Threat actors abuse Cloudflare Tunnels to infect systems with stealthy Python-based malware
  26. Same sea, new phish: Russian government-linked social engineering targets app-specific passwords
  27. Follow the smoke: China-nexus threat actors hammer at the doors of top tier targets
  28. Famous Chollima deploying Python version of GolangGhost RAT
  29. Feeling Blue(Noroff): Inside a sophisticated DPRK Web3 intrusion
  30. From SambaSpy to Sorillus: Dancing through a multi-language phishing campaign in Europe
  31. Threat group targets companies in Taiwan

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *