This posting is here to collect cyber security news in June 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in June 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
178 Comments
Tomi Engdahl says:
USA pelkää, että kiinalaiset aurinkokennotkin vakoilevat
https://etn.fi/index.php/13-news/17641-usa-pelkaeae-ettae-kiinalaiset-aurinkokennotkin-vakoilevat
Tomi Engdahl says:
Over 46,000 Grafana instances exposed to account takeover bug
https://www.bleepingcomputer.com/news/security/over-46-000-grafana-instances-exposed-to-account-takeover-bug/
More than 46,000 internet-facing Grafana instances remain unpatched and exposed to a client-side open redirect vulnerability that allows executing a malicious plugin and account takeover.
The flaw is tracked as CVE-2025-4123 and impacts multiple versions of the open-source platform used for monitoring and visualizing infrastructure and application metrics.
The vulnerability was discovered by bug bounty hunter Alvaro Balada and was addressed in security updates that Grafana Labs released on May 21.
Tomi Engdahl says:
Windows SMB Client Zero-Day Vulnerability Exploited Using Reflective Kerberos Relay Attack
https://cybersecuritynews.com/windows-smb-client-zero-day-vulnerability/
Tomi Engdahl says:
/Security software today is worthless. Where did all the hard to find good software go?/ Hackers are using Google.com to deliver malware by bypassing antivirus software. Here’s how to stay safe
Hackers are using Google.com to deliver malware by bypassing antivirus software. Here’s how to stay safe
https://www.techradar.com/pro/security/hackers-are-using-google-com-to-deliver-malware-by-bypassing-antivirus-software-heres-how-to-stay-safe
Google’s OAuth link is being weaponized to launch dynamic attacks
Attackers use real Google URLs to sneak malware past antivirus and into your browser undetected
This malware only activates during checkout, making it a silent threat to online payments
The script opens a WebSocket connection for live control, completely invisible to the average user
A new browser-based malware campaign has surfaced, demonstrating how attackers are now exploiting trusted domains like Google.com to bypass traditional antivirus defenses.
It appears to originate from a legitimate OAuth-related URL, but covertly executes a malicious payload with full access to the user’s browser session.
Malware hidden in plain sight
The attack begins with a script embedded in a compromised Magento-based ecommerce site which references a seemingly harmless Google OAuth logout URL: https://accounts.google.com/o/oauth2/revoke.
However, this URL includes a manipulated callback parameter, which decodes and runs an obfuscated JavaScript payload using eval(atob(…)).
The use of Google’s domain is central to the deception – because the script loads from a trusted source, most content security policies (CSPs) and DNS filters allow it through without question.
This script only activates under specific conditions. If the browser appears automated or the URL includes the word “checkout,” it silently opens a WebSocket connection to a malicious server. This means it can tailor malicious behavior to user actions.
Any payload sent through this channel is base64-encoded, decoded, and executed dynamically using JavaScript’s Function constructor.
The attacker can remotely run code in the browser in real time with this setup.
One of the primary factors influencing this attack’s efficacy is its ability to evade many of the best antivirus programs currently on the market.
The script’s logic is heavily obfuscated and only activates under certain conditions, making it unlikely to be detected by even the best Android antivirus apps and static malware scanners.
Tomi Engdahl says:
Asus Armoury Crate Vulnerability Leads to Full System Compromise
A high-severity authorization bypass vulnerability in Asus Armoury Crate provides attackers with low-level system privileges.
https://www.securityweek.com/asus-armoury-crate-vulnerability-leads-to-full-system-compromise/
Tomi Engdahl says:
Kommentti: Virheiden lista Helsingin kaupungin katastrofissa on jotain täysin absurdia
https://www.is.fi/digitoday/tietoturva/art-2000011307685.html
Tomi Engdahl says:
Cybersecurity takes a big hit in new Trump executive order
Provisions on secure software, quantum–resistant crypto, and more are scrapped.
https://arstechnica.com/security/2025/06/cybersecurity-take-a-big-hit-in-new-trump-executive-order/
Cybersecurity practitioners are voicing concerns over a recent executive order issued by the White House that guts requirements for: securing software the government uses, punishing people who compromise sensitive networks, preparing new encryption schemes that will withstand attacks from quantum computers, and other existing controls.
The executive order (EO), issued on June 6, reverses several key cybersecurity orders put in place by President Joe Biden, some as recently as a few days before his term ended in January. A statement that accompanied Donald Trump’s EO said the Biden directives “attempted to sneak problematic and distracting issues into cybersecurity policy” and amounted to “political football.”
Tomi Engdahl says:
Researchers unearth keyloggers on Outlook login pages
Unknown threat actors have compromised internet-accessible Microsoft Exchange Servers of government organizations and companies around the world, and have injected the organizations’ Outlook on the Web (OWA) login page with browser-based keyloggers, Positive Technologies researchers have warned.
https://www.helpnetsecurity.com/2025/06/17/researchers-unearth-keyloggers-on-outlook-login-pages/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/asus-armoury-crate-bug-lets-attackers-get-windows-admin-privileges/
Tomi Engdahl says:
https://www.axios.com/2025/06/17/iran-bank-sepah-cyberattack-israel
Pro-Israel hackers claim cyberattack on Iranian bank
Tomi Engdahl says:
https://www.forbes.com/sites/daveywinder/2025/06/17/microsoft-confirms-outlook-emails-are-crashing—heres-the-fix/
Tomi Engdahl says:
https://interestingengineering.com/military/mysterious-nuclear-codes-us-air-force
Tomi Engdahl says:
https://cybernews.com/security/phishing-exposes-precise-smartphone-geolocation/
Tomi Engdahl says:
https://cybersecuritynews.com/windows-smb-client-zero-day-vulnerability/
Tomi Engdahl says:
https://arstechnica.com/security/2025/06/millions-of-low-cost-android-devices-turn-home-networks-into-crime-platforms/
Tomi Engdahl says:
Päivänvalossa toimiva järjestäytynyt rikollisuus rehottaa Facebookissa. Ilmiannoilla ei ole vaikutusta, kuten ei ole koskaan ollut. Metaan ei voi saada yhteyttä, oli sitten yksityishenkilö tai ison sanomalehden toimittaja, joka tekee juttua alustalla rehottavasta rikollisuudesta. Tämä meno jatkuu vuosikymmenestä toiseen ja tulee jatkumaan hamaan tulevaisuuteen asti… ellei jotain tapahdu?
Ilmiannoimme 10 Facebook-huijausta – sitten törmäsimme todella vastenmieliseen ilmiöön
https://www.is.fi/digitoday/tietoturva/art-2000010409207.html
Tomi Engdahl says:
https://arstechnica.com/tech-policy/2025/06/man-hid-child-abuse-in-nsfw-nope-dont-open-you-were-warned/
Tomi Engdahl says:
Gazan internetkatkokset huolestuttavat – Järjestön mukaan kyseessä ihmisoikeushätätilanne
EFF uskoo, että Gazan tietokatkokset ovat maailmanlaajuinen ihmisoikeushätätilanne.
https://www.kauppalehti.fi/uutiset/kl/db19c2d6-5c15-4a92-9747-7a367a1f9894?ref=ampparit:3084
Gazan digitaalisen infrastruktuurin romahtaminen voi johtaa vakaviin seurauksiin alueella, varoittaa Electronic Frontier Foundation
Alueella oli viime viikolla tietoliikennekatkos, mikä vaikutti alueen internet- ja puhelinyhteyksiin. Katkos alkoi 11. kesäkuuta ja osittain loppui 14. kesäkuuta, mutta katkos on jatkunut Gazan etelä- ja keskiosissa järjestön mukaan.
Järjestö varoittaa, että tietoliikennekatkokset estävät gazalaisten mahdollisuudet kommunikoida muun maailman kanssa.
EFF on aiemminkin kritisoinut tietoliikennekatkoksia konfliktitilanteissa. Järjestö kritisoi esimerkiksi Iranissa tapahtunutta tietoliikennekatkosta Mahsa Aminin kuolemaa seuranneiden mielenosoitusten aikana.
Tomi Engdahl says:
WithSecure: telemetriatiedot tunnistavat 0-päiväuhkat tehokkaammin
https://etn.fi/index.php/13-news/17658-withsecure-telemetriatiedot-tunnistavat-0-paeivaeuhkat-tehokkaammin
Kyberturvallisuusyhtiö WithSecure on kehittänyt uuden, ennakoivan tavan tunnistaa nollapäivähaavoittuvuuksia hyödyntämällä päätelaitteiden käyttäytymistelemetriaa. Yrityksen mukaan kyseessä on merkittävä läpimurto, joka siirtää haavoittuvuuksien tunnistamisen reaktiivisesta mallista kohti ennakoivaa analytiikkaa – jopa ennen kuin haavoittuvuus on yleisesti tiedossa tai hyväksikäytetty.
Uusi lähestymistapa yhdistää Endpoint Detection and Response (EDR) -ratkaisun tuottamat käyttäytymistiedot altistumisen hallintaan (Exposure Management). Teknologia perustuu siihen, että järjestelmän sisäistä käyttäytymistä – kuten poikkeavaa prosessien toimintaa tai epätavallista tiedostojen käsittelyä – voidaan analysoida mahdollisten hyväksikäyttöpolkujen tunnistamiseksi.
- Tuloksemme osoittavat, että käyttäytymistiedoilla on hyödyntämätöntä potentiaalia, ei vain aktiivisten hyökkäysten havaitsemisessa, vaan myös taustalla olevien ohjelmistojen haavoittuvuuksien paljastamisessa ennen kuin ne ovat laajalti tiedossa, sanoo WithSecuren Principal Researcher Jarno Niemelä.
Tomi Engdahl says:
Pian tietokoneesi tietää, oletko paikalla
https://etn.fi/index.php/13-news/17659-pian-tietokoneesi-tietaeae-oletko-paikalla
STMicroelectronics on esitellyt uudenlaisen Human Presence Detection (HPD) -ratkaisun, joka yhdistää lentoaikaa mittaavia ToF- eli Time-of-Flight-antureita ja tekoälyä parantaakseen kannettavien tietokoneiden käyttökokemusta, akunkestoa ja turvallisuutta. Ratkaisu ei vaadi kameroita tai kuvien tallennusta.
HPD-tekniikka havaitsee käyttäjän läsnäolon, pään asennon ja jopa eleet ainoastaan etäisyysmittauksen perusteella. Tämä mahdollistaa esimerkiksi näytön automaattisen himmennyksen, kun käyttäjä katsoo poispäin, ja tietokoneen automaattisen lukituksen, kun käyttäjä poistuu. Palattaessa kone herää ja voi kirjautua sisään Windows Hello -kasvontunnistuksella täysin ilman manuaalista toimintaa.
STMicroelectronicsin mukaan uusi teknologia voi säästää jopa 20 prosenttia vastaavan käyttäjäntunnistuksen virrankulutuksesta. Jos jokaisen koneessa oli ST:n ratkaisu, energiaa säästyisi vuodessa globaalisti jopa 2,7 terawattituntia. Tällä sähköllä voisi ladata joka päivä 123 000 sähköautoa.
Tomi Engdahl says:
https://etn.fi/index.php/13-news/17660-sudo-vaihtuu-ubuntussa
Tomi Engdahl says:
US critical networks are prime targets for cyberattacks. They’re preparing for Iran to strike.
https://www.politico.com/news/2025/06/17/us-critical-networks-iran-israel-cyber-attack-00411799
Organizations across the country are stepping up their vigilance as the conflict between Iran and Israel widens.
Tomi Engdahl says:
16 Billion Apple, Facebook And Google Passwords Leaked — Change Yours Now
https://www.forbes.com/sites/daveywinder/2025/06/18/16-billion-apple-facebook-google-passwords-leaked—change-yours-now/?utm_campaign=socialflowForbesMainFB&utm_medium=social&utm_source=ForbesMainFacebook&fbclid=IwZXh0bgNhZW0CMTEAAR7VDtlEXTwy_tWlcOH0T7p2CnkxWv6TuwrV-tMpKk85KNWoKgohjAhfUr_o0g_aem_4X6Rs_sVm-ePBVZgIHe9Vw
If you thought that my May 23 report, confirming the leak of login data totaling an astonishing 184 million compromised credentials, was frightening, I hope you are sitting down now. Researchers have just confirmed what is also certainly the largest data breach ever, with an almost incredulous 16 billion login credentials, including passwords, exposed. As part of an ongoing investigation that started at the beginning of the year, the researchers have postulated that the massive password leak is the work of multiple infostealers. Here’s what you need to know and do.
Is This The GOAT When It Comes To Passwords Leaking?
Password compromise is no joke; it leads to account compromise and that leads to, well, the compromise of most everything you hold dear in this technological-centric world we live in. It’s why Google is telling billions of users to replace their passwords with much secure passkeys. It’s why the FBI is warning people not to click on links in SMS messages. It’s why stolen passwords are up for sale, in their millions, on the dark web to anyone with the very little amount of cash required to purchase them. And it’s why this latest revelation is, frankly, so darn concerning for everyone.
The 16 billion strong leak, housed in a number ion supermassive datasets, includes billions of login credentials from social media, VPNs, developer portals and user accounts for all the major vendors.
Remarkably, I am told that none of these datasets have been reported as leaked previously, this is all new data. Well, almost none: the 184 million password database I mentioned at the start of the article is the only exception.
“This is not just a leak – it’s a blueprint for mass exploitation,” the researchers said. And they are right. These credentials are ground zero for phishing attacks and account takeover. “These aren’t just old breaches being recycled,” they warned, “this is fresh, weaponizable intelligence at scale.”
Most of that intelligence was structured in the format of a URL, followed by login details and a password. The information contained, the researchers stated, open the door to “pretty much any online service imaginable, from Apple, Facebook, and Google, to GitHub, Telegram, and various government services.”
Ultimately, this reinforces that cybersecurity is not just a technical challenge but a shared responsibility. “Organisations need to do their part in protecting users,”
To which I would add: change your account passwords, use a password manager and switch to passkeys wherever possible. Now is the time to take this seriously, don’t wait until your passwords show up in these ongoing leak datasets – get on top of your password security right now.
Tomi Engdahl says:
Anubis Ransomware Just Got Deadlier.
Encrypt or destroy, no in-between. The latest variant of the infamous Anubis ransomware doesn’t just lock your files. If it can’t encrypt them, it wipes them permanently.
Cisco Talos researchers say this makes Anubis one of the most dangerous ransomware threats to date.
Pay up or say goodbye to your data, forever.
#CyberSecurity #Ransomware #AnubisMalware #CyberThreat #Infosec #DataSecurity
https://www.facebook.com/share/p/165Gjbwk4s/
Tomi Engdahl says:
The order guts requirements for securing software the government uses, punishing people who compromise sensitive networks, and other existing controls.
Cybersecurity takes a big hit in new Trump executive order
Provisions on secure software, quantum–resistant crypto, and more are scrapped.
https://arstechnica.com/security/2025/06/cybersecurity-take-a-big-hit-in-new-trump-executive-order/?utm_source=facebook&utm_medium=social&utm_campaign=dhfacebook&utm_content=null&fbclid=IwZXh0bgNhZW0CMTEAAR4sBI2LspDV-TME3n_gH37pRCCkKhdT2pKYQGaAyTp9EBo9-prK0FHl7GyKWw_aem_VWEazV9IiMMWuRCsVGXIzA
Cybersecurity practitioners are voicing concerns over a recent executive order issued by the White House that guts requirements for: securing software the government uses, punishing people who compromise sensitive networks, preparing new encryption schemes that will withstand attacks from quantum computers, and other existing controls.
The executive order (EO), issued on June 6, reverses several key cybersecurity orders put in place by President Joe Biden, some as recently as a few days before his term ended in January. A statement that accompanied Donald Trump’s EO said the Biden directives “attempted to sneak problematic and distracting issues into cybersecurity policy” and amounted to “political football.”
Pro-business, anti-regulation
Specific orders Trump dropped or relaxed included ones mandating (1) federal agencies and contractors adopt products with quantum-safe encryption as they become available in the marketplace, (2) a stringent Secure Software Development Framework (SSDF) for software and services used by federal agencies and contractors, (3) the adoption of phishing-resistant regimens such as the WebAuthn standard for logging into networks used by contractors and agencies, (4) the implementation new tools for securing Internet routing through the Border Gateway Protocol, and (5) the encouragement of digital forms of identity.
In many respects, executive orders are at least as much performative displays as they are a vehicle for creating sound policy. Biden’s cybersecurity directives were mostly in this second camp.
The provisions regarding the secure software development framework, for instance, was born out of the devastating consequences of the SolarWinds supply chain attack of 2020. During the event, hackers linked to the Russian government breached the network of a widely used cloud service, SolarWinds. The hackers went on to push a malicious update that distributed a backdoor to more than 18,000 customers, many of whom were contractors and agencies of the federal government.
The departments of Commerce, Treasury, Homeland Security and the National Institutes of Health were all compromised. A large roster of private companies—among them Microsoft, Intel, Cisco, Deloitte, and FireEye—were also breached.
In response, a Biden EO required the Cybersecurity and Infrastructure Security Agency to establish a “common form” for self-attestation that organizations selling critical software to the federal government were complying with the provisions in the SSDF. The attestation had come from a company officer.
Trump’s EO removes that requirement and instead directs National Institute for Standards and Technology (NIST) to create a reference security implementation for the SSDF with no further attestation requirement.
Tomi Engdahl says:
“What we basically ended up with is less firm direction and less guidance where we already didn’t have much,” said Alex Sharpe, who has 30 years of experience in cybersecurity governance. He and other industry experts caution that the transition to quantum-resistant algorithms will be among the biggest technological challenges the government and private industry have ever undertaken. That, in turn, creates friction and resistance to the job of overhauling entire software stacks, databases, and other existing infrastructure that will be necessary.
“Now that the enforcement mechanism was taken off, there are going to be a lot of organizations that are less likely to deal with that,” he said.
Trump also scrapped instructions for the departments of State and Commerce to encourage key foreign allies and overseas industries to adopt NIST’s PQC algorithms.
https://arstechnica.com/security/2025/06/cybersecurity-take-a-big-hit-in-new-trump-executive-order/?utm_source=facebook&utm_medium=social&utm_campaign=dhfacebook&utm_content=null&fbclid=IwZXh0bgNhZW0CMTEAAR4sBI2LspDV-TME3n_gH37pRCCkKhdT2pKYQGaAyTp9EBo9-prK0FHl7GyKWw_aem_VWEazV9IiMMWuRCsVGXIzA
Sharpe said that most of the deleted requirements “made a lot of sense.” Referring to Trump, he added: “He talks about the burden of compliance. What about the burden of noncompliance?”
Tomi Engdahl says:
https://etn.fi/index.php/13-news/17661-luetuimmat-bluetooth-kannattaa-aina-sammuttaa-aelypuhelimet
Tomi Engdahl says:
https://www.securityweek.com/us-insurance-industry-warned-of-scattered-spider-attacks/
Tomi Engdahl says:
Washington Post:
The US State Department restarts student visa interviews and requires all applicants to make their social media accounts public for vetting by US embassies — The new requirements could affect hundreds of thousands of visa applications each year, raising concerns about staffing requirements.
https://www.washingtonpost.com/national-security/2025/06/18/student-visas-social-media-vetting-state-department/
Tomi Engdahl says:
https://www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/kyberturvallisuuskeskuksen-viikkokatsaus-252025?fbclid=IwY2xjawLBCQRleHRuA2FlbQIxMQABHoSKPZw0cq4ifkbDtqDCHPkYgT4clpL4Ge9XOkyDqAPCea8icz_L5XUev7oR_aem_XP3WsmYfbrP6_J226C_Klw#87153-1
Tomi Engdahl says:
VPNs with Chinese military links still available on Google Play and Apple App Store 2 months after being discovered
https://www.tomsguide.com/computing/vpns/vpns-with-chinese-military-links-still-available-on-google-play-and-apple-app-store-2-months-after-being-discovered?fbclid=IwY2xjawLBcsxleHRuA2FlbQIxMQABHmfM53t7PsybrkypKzM6lkG6Wefv0l9glhVILGtQTC3L5JGsr-hDorPv7JsV_aem_zy8zMJqJRAzEPIpsMFM37Q
Back in April, an investigation found several potentially dangerous VPNs listed on the Apple App Store and Google Play Store.
The discovery didn’t concern any of the best VPNs – these providers are reputable and safe – but over 20 VPNs were found to have links to the Chinese military and posed a risk to anyone who downloaded them.
The Tech Transparency Project (TPP) was behind the investigation, with the Financial Times also contributing to the report.
Over 10 VPNs still listed
The true ownership of these VPNs is deliberately confusing. Layers of offshore shell companies obscure the actual owners and hide their Chinese links.
The company Qihoo 360 was revealed as the owner of at least five apps. Qihoo 360 has previously been declared a “Chinese Military Company” and was sanctioned by the US in 2020.
Turbo VPN, VPN Proxy Master, Thunder VPN, Snap VPN, and Signal Secure VPN were at least five of the VPNs that were connected to Qihoo 360.
Why are these VPNs potentially dangerous?
Chinese data laws mean the government can demand companies share data with them. The absence of a verified no-logs policy results in copious amounts of user data being collected and stored by these VPNs.
Data can include IP addresses, browsing activity, device identifiers, and location. The sharing of this data with the Chinese government can pose a serious risk to Americans and, in the worst case, a US national security risk.
Tomi Engdahl says:
It isn’t just Chinese-owned VPNs that are a threat. There are numerous dangerous and fake VPNs out there – owned and operated by countries all over the world.
US-based big tech giants, such as Apple and Google, have equally poor privacy credentials. They collect data from millions of Americans and are more than happy to pass it on to governments.
https://www.tomsguide.com/computing/vpns/vpns-with-chinese-military-links-still-available-on-google-play-and-apple-app-store-2-months-after-being-discovered?fbclid=IwY2xjawLBcsxleHRuA2FlbQIxMQABHmfM53t7PsybrkypKzM6lkG6Wefv0l9glhVILGtQTC3L5JGsr-hDorPv7JsV_aem_zy8zMJqJRAzEPIpsMFM37Q
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/linux/new-linux-udisks-flaw-lets-attackers-get-root-on-major-linux-distros/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/godfather-android-malware-now-uses-virtualization-to-hijack-banking-apps/
Tomi Engdahl says:
Russia detects first SuperCard malware attacks skimming bank data via NFC
Russian cybersecurity researchers have identified the first domestic data-stealing attacks involving a modified version of legitimate near field communication (NFC) software, in what appears to be a test run for a broader campaign.
The report involves SuperCard, a previously identified malicious variant of the legitimate NFCGate program, originally designed to relay NFC data between two devices in close proximity. Cybercriminals have long abused NFC technology in schemes to siphon funds from victims’ bank accounts.
https://therecord.media/supercard-nfc-banking-malware-russia
Tomi Engdahl says:
US offering $10 million for info on Iranian hackers behind IOControl malware
The U.S. State Department said they were seeking information on Iranian hackers who they accused of targeting critical infrastructure using a strain of malware deployed against industrial control systems.
https://therecord.media/us-offers-reward-for-iran-hacker-iocontrol-malware
Tomi Engdahl says:
https://www.theregister.com/2025/06/16/railway_pauses_lowest_tiers/
Tomi Engdahl says:
https://infosecwriteups.com/10-000-authentication-bypass-at-uber-c091c7733662
Tomi Engdahl says:
https://dawn.fi/uutiset/2025/06/17/yli-50-vuotiaat-suomalaiset-eivat-tunnista-huijausmainoksia
Tomi Engdahl says:
https://cybersecuritynews.com/windows-remote-desktop-services-rce-vulnerability/#google_vignette
Tomi Engdahl says:
https://www.forbes.com/sites/daveywinder/2025/06/11/microsoft-issues-windows-10-and-11-update-as-attacks-already-underway/
Tomi Engdahl says:
https://techxplore.com/news/2025-06-flaw-eavesdropping-laptop-smart-speaker.html
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/smartattack-uses-smartwatches-to-steal-data-from-air-gapped-systems/
Tomi Engdahl says:
https://thehackernews.com/2025/06/sinotrack-gps-devices-vulnerable-to.html
Tomi Engdahl says:
https://cybernews.com/security/t-mobile-data-leak-millions-exposed/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/fin6-hackers-pose-as-job-seekers-to-backdoor-recruiters-devices/
Tomi Engdahl says:
https://therecord.media/microsoft-cisa-zero-day-turkish-defense-org
Tomi Engdahl says:
https://www.darkreading.com/threat-intelligence/openai-bans-chatgpt-accounts-nation-state-threat-actors
Tomi Engdahl says:
https://www.forbes.com/sites/zakdoffman/2025/06/10/delete-every-app-on-your-smartphone-thats-on-this-list/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/supply-chain-attack-hits-gluestack-npm-packages-with-960k-weekly-downloads/