This posting is here to collect cyber security news in June 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in June 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
177 Comments
Tomi Engdahl says:
https://thehackernews.com/2025/06/cisa-adds-erlang-ssh-and-roundcube.html
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/new-secure-boot-flaw-lets-attackers-install-bootkit-malware-patch-now/
Tomi Engdahl says:
16 billion passwords exposed in record-breaking data breach, opening access to Facebook, Google, Apple, and any other service imaginable
https://cybernews.com/security/billions-credentials-exposed-infostealers-data-leak/
Tomi Engdahl says:
Peep show: 40K IoT cameras worldwide stream secrets to anyone with a browser
Majority of exposures located in the US, including datacenters, healthcare facilities, factories, and more
https://www.theregister.com/2025/06/10/40000_iot_cameras_exposed/
Tomi Engdahl says:
https://thehackernews.com/2025/06/botnet-wazuh-server-vulnerability.html
Tomi Engdahl says:
Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider
https://thehackernews.com/2025/06/massive-73-tbps-ddos-attack-delivers.html
Cloudflare on Thursday said it autonomously blocked the largest distributed denial-of-service (DDoS) attack ever recorded, which hit a peak of 7.3 terabits per second (Tbps).
The attack, which was detected in mid-May 2025, targeted an unnamed hosting provider.
“Hosting providers and critical Internet infrastructure have increasingly become targets of DDoS attacks,” Cloudflare’s Omer Yoachimik said. “The 7.3 Tbps attack delivered 37.4 terabytes in 45 seconds.”
Earlier this January, the web infrastructure and security company said it had mitigated a 5.6 Tbps DDoS attack aimed at an unnamed internet service provider (ISP) from Eastern Asia. The attack originated from a Mirai-variant botnet in October 2024.
Tomi Engdahl says:
Tonga Ministry of Health hit with cyberattack affecting website, IT systems
Tonga’s top health official warned the island country’s residents that a ransomware attack has taken down its National Health Information System.
https://therecord.media/tonga-ministry-of-health-hit-with-cyberattack
Tomi Engdahl says:
Cyber firms sunset free services meant to counter Russia-linked hacking threats
https://www.nextgov.com/cybersecurity/2025/06/cyber-firms-sunset-free-services-meant-counter-russia-linked-hacking-threats/406225/
The 2022 initiative by Cloudflare, CrowdStrike and Ping Identity provided cybersecurity support to critical infrastructure sectors seen as potential targets of Russia-linked attacks.
A trio of cybersecurity firms quietly ended a program that offered free services to vulnerable critical infrastructure sectors that was first launched in the wake of Russia’s invasion of Ukraine.
The Critical Infrastructure Defense Project — led by Cloudflare, CrowdStrike and Ping Identity — supplied free cybersecurity tools beginning in March 2022 to critical infrastructure owners and operators potentially exposed to digital threats tied to the Russia-Ukraine war. It was designed to help sectors like hospitals, water systems and power utilities.
Since the war broke out in early 2022, Russian military-aligned hacking groups have accelerated reconnaissance and sabotage campaigns against infrastructure systems in the U.S. and other allies in Europe. One of those incursions targeted a water system in Texas.
But the “project has concluded” since the offerings “aligned with a period of initial heightened threats and that its use has since subsided,” according to a statement from a CrowdStrike spokesperson sent to Nextgov/FCW last week when asked about the status of the initiative.
As of a few days ago, the CIDP webpage has been cleared and now directs users to Cloudflare’s homepage.
Prior to the project’s conclusion, eligible clients would get four free months of services, according to an archived version of the CIDP site, though it was never immediately clear whether the four months of free offerings would be made indefinitely available to new applicants. The cybersecurity services were offered “at no cost for a limited time to some vulnerable sectors,” the CrowdStrike spokesperson said.
Tomi Engdahl says:
Iran retaliation fears as hospitals and power plants on high alert for cyberattacks
The Trump administration attacked three main nuclear sites in Iran late Saturday
https://www.independent.co.uk/news/world/americas/us-politics/iran-cyberattack-hospitals-power-plants-b2776766.html
American hospitals, water dams, and power plants are reportedly on high alert for potential Iranian cyberattacks after President Donald Trump attacked the nation’s nuclear sites.
Hospital executives have contacted the FBI about the potential threat level from Iran, while the U.S. power grid’s cyberthreat-sharing center is monitoring the dark web for Iranian-linked activity, CNN reports, citing sources familiar with the situation.
Iranian-backed hackers have previously targeted American hospitals and water facilities, according to CNN.
“Iran’s kinetic retaliation is already in motion, and the digital dimension to that may not be far behind,” said Adam Meyers, senior vice president of cybersecurity firm CrowdStrike. “This cyber element is what lets them extend their reach, and there’s an air of deniability to it.”
Tomi Engdahl says:
Stealthy backdoor found hiding in SOHO devices running Linux
SecurityScorecard’s STRIKE team has uncovered a network of compromised small office and home office (SOHO) devices they’re calling LapDogs. The threat is part of a broader shift in how China-Nexus threat actors are using Operational Relay Box (ORB) networks to hide their operations.
https://www.helpnetsecurity.com/2025/06/23/lapdogs-shortleash-backdoor-linux-soho-devices/
Tomi Engdahl says:
The TSA has issued an urgent warning about criminals using fake USB charging ports, free Wi-Fi honeypots to steal your identity ahead of summer holidays
https://www.techradar.com/pro/security/the-us-transportation-security-administration-issues-an-urgent-warning-about-criminals-using-fake-usb-charging-ports-free-wi-fi-honeypots-to-steal-your-identity-ahead-of-summer-holidays
Tomi Engdahl says:
https://cybersecuritynews.com/critical-sslh-vulnerabilities/
Two critical vulnerabilities in sslh, a popular protocol demultiplexer that allows multiple services to share the same network port.
The flaws tracked as CVE-2025-46807 and CVE-2025-46806 could be exploited remotely to trigger denial-of-service (DoS) attacks.
Tomi Engdahl says:
https://cybersecuritynews.com/ibm-qradar-siem-vulnerability-2/
Tomi Engdahl says:
https://www.windowscentral.com/software-apps/onedrive-user-locked-out-of-30-years-worth-of-photos
Tomi Engdahl says:
https://www.facebook.com/share/p/1Krk7LJrj1/
A 17-year-old high school student in Dayton, Ohio, has been fined and placed under house arrest after authorities discovered he had hacked into the city’s outdated traffic control system and quietly fixed the timing of several major intersections.
Kameron Price, a self-taught coder and robotics club member, reportedly used a Raspberry Pi and a decommissioned school-issued Chromebook to gain access to the municipal traffic grid. Over the course of several weeks, he rewrote the timing logic for at least five major lights along West 3rd Street—drastically reducing backups during rush hour and syncing green lights to reduce stop-and-go congestion.
“He didn’t disable anything or cause danger,” said a traffic engineer speaking on condition of anonymity. “Honestly, his code was more efficient than what we were using.”
But city officials said the changes violated multiple laws, including unauthorized access to a government system and interference with public infrastructure. Kameron was cited under a local ordinance pertaining to unauthorized modification of municipal services—a misdemeanor typically reserved for utility tampering.
According to Kameron’s parents, he initially took it on as a side project after watching his bus get stuck at the same broken intersection every morning for weeks. “It would take longer to go three blocks than it did to get across town,” his mom explained. “He got tired of watching everyone waste gas and time just sitting there.”
Public reaction has been overwhelmingly in Kameron’s favor. A video of the intersection running smoother than it has in years has gone viral, and a local radio host dubbed him the Subway Surfer of traffic flow. Online petitions calling for the fine to be dropped have already surpassed 50,000 signatures.
“Honestly, give the kid a job,” one commenter wrote. “He’s doing more for this city than whoever programmed those lights in 1998.”
Tomi Engdahl says:
Critical OpenVPN Driver Vulnerability Allows Attackers to Crash Windows Systems
https://cybersecuritynews.com/openvpn-driver-vulnerability/
Summary
1. A critical OpenVPN Windows driver flaw (CVE-2025-50054) allowed local attackers to crash systems.
2. The vulnerability enabled denial-of-service attacks but did not expose user data.
3. OpenVPN 2.7_alpha2 fixes the issue and improves Windows support.
4. Users should update promptly and restrict driver access until stable patches are available.
A critical buffer overflow vulnerability in OpenVPN’s data channel offload driver for Windows has been discovered, allowing local attackers to crash Windows systems by sending maliciously crafted control messages.
The vulnerability, identified as CVE-2025-50054, affects the ovpn-dco-win driver versions 1.3.0 and earlier, as well as version 2.5.8 and earlier, which has been the default virtual network adapter in OpenVPN since version 2.6.
Security researchers found that the vulnerability allows unprivileged local user processes to send oversized control message buffers to the kernel driver, triggering a buffer overflow condition that results in a complete system crash.
This represents a significant denial-of-service risk for affected systems, as attackers could repeatedly crash Windows machines running vulnerable OpenVPN installations.
The OpenVPN community project team has responded by releasing OpenVPN 2.7_alpha2, which includes a fix for CVE-2025-50054 among several other enhancements. While this is an alpha release not intended for production use, the security fix addresses the critical vulnerability that affects widely deployed stable versions.
With the 2.7_alpha2 release, OpenVPN has officially removed support for the wintun driver, making win-dco the default with tap-windows6 serving as a fallback for use cases not covered by win-dco.
Tomi Engdahl says:
Nyt tuli varoitus viranomaiselta: Suomesta löytyi vaarallisia älylaitteita
https://www.is.fi/digitoday/tietoturva/art-2000011324771.html
Tomi Engdahl says:
Alle puolet suomalaisista kokee saaneensa työssään riittävän perehdytyksen tietoturva-asioihin
Vain alle kolmannes suomalaisista on saanut työssään koulutusta tietoturvaan viimeisen vuoden aikana. Lisäksi alle puolet (43 %) suomalaisista kokee, että omalla työpaikalla puhutaan riittävästi tietoturvasta, käy ilmi LähiTapiolan kyselystä*. Kybervakuutuksen kehityspäällikkö on luvuista huolissaan. ”Tietoturvasta pitää puhua säännöllisesti johtoportaasta tekijätasolle, jotta se iskostuu osaksi työpaikan kulttuuria.”
https://www.lahitapiola.fi/tietoa-lahitapiolasta/uutishuone/ajankohtaista/alle-puolet-suomalaisista-kokee-saaneensa-tyossaan-riittavan-perehdytyksen/?fbclid=IwZXh0bgNhZW0BMABhZGlkAasgzgiIlCgBHlJy3fb6uh75ruH6yDWkMmHLEGJSjUoASdSWMqjbWdFrQzdfSev3B3MP3O-L_aem_FXUC98BL2inLIrH_7e7JoA&utm_medium=paid&utm_source=fb&utm_id=120214157221490472&utm_content=120225882327360472&utm_term=120225882327300472&utm_campaign=120214157221490472
Tomi Engdahl says:
Microsoft to remove legacy drivers from Windows Update for security boost
https://www.bleepingcomputer.com/news/microsoft/microsoft-to-remove-legacy-drivers-from-windows-update-for-security-boost/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/russian-hackers-bypass-gmail-mfa-using-stolen-app-passwords/
Tomi Engdahl says:
Näin saat vuoden jatkoajan Windows 10:lle ilmaiseksi
https://www.is.fi/digitoday/testit/art-2000011321850.html
Tomi Engdahl says:
Anthropic won’t fix a bug in its SQLite MCP server
Fork that – 5k+ times
iconJessica Lyons
Wed 25 Jun 2025 // 06:30 UTC
Anthropic says it won’t fix an SQL injection vulnerability in its SQLite Model Context Protocol (MCP) server that a researcher says could be used to hijack a support bot and prompt the AI agent to send customer data to an attacker’s email, among other things.
https://www.theregister.com/2025/06/25/anthropic_sql_injection_flaw_unfixed/
Tomi Engdahl says:
The Hidden Risks of SaaS: Why Built-In Protections Aren’t Enough for Modern Data Resilience
https://thehackernews.com/2025/06/the-hidden-risks-of-saas-why-built-in.html
Tomi Engdahl says:
https://thehackernews.com/2025/06/cyber-criminals-exploit-open-source.html
Tomi Engdahl says:
https://cybersecuritynews.com/ncsc-warns-of-umbrella-stand-malware/
Tomi Engdahl says:
https://cybersecuritynews.com/teamviewer-windows-vulnerability/
Tomi Engdahl says:
Suurvaltojen uusi kylmä sota voi levitä Suomeen – professori ihmettelee ministerin ratkaisua: ”Rydman on erehtynyt”
https://www.is.fi/politiikka/art-2000011283681.html