Cyber Security News

  • Apple fixes new iPhone zero-day bug used in Paragon spyware hacks

    June 12, 2025

    Researchers revealed on Thursday that two European journalists had their iPhones hacked with spyware made by Paragon. Apple says it has fixed the bug that was used to hack their phones. The Citizen Lab wrote in its report, shared with TechCrunch ahead of its publication, that Apple had told its researchers that the flaw exploited in ...

  • US airline industry quietly selling flight data to DHS

    June 11, 2025

    A data broker owned by some of America’s biggest airlines has been selling access to customer flight data to the US Department of Homeland Security (DHS). The data, compiled by data broker Airlines Reporting Corporation (ARC), includes names, flight itineraries, and financial details. It also covers flights booked via US travel agencies. ARC makes this data ...

  • MyCert: Malaysia data breaches up 29% in Q1 2025

    June 11, 2025

    The Malaysia Computer Emergency Response Team (MyCert) reported an increase in data breach incidents in Malaysia in the first quarter of the year. “Data breach incidents are growing in Malaysia with a nearly 29% increase this quarter, underscoring the need for better security measures to ensure national security and public trust,” said MyCert. According to its ...

  • US government’s vaccine website defaced with AI-generated content

    June 11, 2025

    A U.S. government website designed to inform the public about vaccines has been defaced and now hosts apparently AI-generated spam. The domain, which belongs to the U.S. Department of Health and Human Services (HHS), appears to have been hosting the same kind of content — mostly gay-themed and LGBTQ+ posts — since at least May 12, ...

  • Toxic trend: Another malware threat targets DeepSeek

    June 11, 2025

    DeepSeek-R1 is one of the most popular LLMs right now. Users of all experience levels look for chatbot websites on search engines, and threat actors have started abusing the popularity of LLMs. kaspersky previously reported attacks with malware being spread under the guise of DeepSeek to attract victims. The malicious domains spread through X posts and ...

  • M&S shares rise as online orders resume after £300m cyberattack

    June 11, 2025

    M&S shares climbed on Tuesday (10 June) after the retailer reopened its website more than six weeks following a cyberattack that forced a near two-month halt to online sales. The group has resumed home delivery of a selection of its best-selling fashion ranges across England, Scotland, and Wales, with plans to add more fashion, home, and ...

  • BlackSuit Continues Social Engineering Attacks in Wake of Black Basta’s Internal Conflict

    June 10, 2025

    There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024. This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid7 has observed sustained social engineering attacks. Evidence now suggests that BlackSuit affiliates have ...

  • UK: Police Federation pays £15m to officers hit by cyber attack

    June 10, 2025

    The Police Federation has paid out £15 million to 19,000 current and former officers who had their personal details compromised and stolen by cyber criminals. Two huge attacks exposed the home addresses of some officers to hackers six years ago, and in March 2022 the federation admitted a breach of the requirements under the GDPR to ...

  • Patch Tuesday – June 2025

    June 10, 2025

    Microsoft is addressing 67 vulnerabilities this June 2025 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation for just one of the vulnerabilities published today, and that is reflected in CISA KEV. Separately, Microsoft is aware of existing public disclosure for one other freshly published vulnerability. Microsoft’s luck holds for a ninth consecutive Patch Tuesday, since neither ...

  • ConnectWise rotating code signing certificates due to security concerns

    June 9, 2025

    ConnectWise is updating the digital signing certificates used in ScreenConnect, ConnectWise Automate, and ConnectWise RMM due to concerns raised by a third-party researcher about how ScreenConnect handled certain configuration data in earlier versions. In addition to issuing new certificates, ConnectWise is releasing an update to improve how this configuration data is managed in ScreenConnect. This issue ...

  • 5 Things Security Leaders Need to Know About Agentic AI

    June 9, 2025

    From writing assistance to intelligent summarization, generative AI has already transformed the way businesses work. But we’re now entering a new phase where AI doesn’t just generate content, but takes independent action on our behalf. This next evolution is called ‘agentic AI’, and it’s moving fast. Amazon recently announced a dedicated R&D group focused on agentic ...