"Palo Alto Networks fixed multiple privilege escalation flaws."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 14 June 2025, 1421 UTC.

Content and Source:  Email subscription via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed

Please check email link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security Affairs

73K followers24 articles per week

#security#tech

13

Yesterday

Palo Alto Networks fixed multiple privilege escalation flaws

4 TTPs

•

by Pierluigi Paganini / 4h

Palo Alto Networks addressed multiple vulnerabilities and included the latest Chrome patches in its solutions. Palo Alto Networks fixed seven privilege escalation vulnerabilities and integrated the latest Chrome security patches into its products. Palo Alto applied 11 Chrome fixes and patched CVE-2025-4233, a cache vulnerability impacting the Prisma Access Browser. The most severe vulnerability,

Unusual toolset used in recent Fog Ransomware attack

by Pierluigi Paganini / 7h

Fog ransomware operators used in a May 2025 attack unusual pentesting and monitoring tools, Symantec researchers warn. In May 2025, attackers hit an Asian financial firm with Fog ransomware , using rare tools like Syteca monitoring software and pentesting tools GC2, Adaptix, and Stowaway. Symantec researchers pointed out that the use of these tools is unusual for ransomware campaigns. Notably, at

A cyberattack on United Natural Foods caused bread shortages and bare shelves

United Natural Foods cyberattack disrupts

•

by Pierluigi Paganini / 15h

Cyberattack on United Natural Foods Inc. (UNFI) disrupts deliveries, causing Whole Foods shortages nationwide after systems were taken offline on June 5. United Natural Foods, Inc. ( UNFI ) is a Providence, Rhode Island–based natural and organic food company. The largest publicly traded wholesale distributor of health and specialty food in the United States and Canada, it is Whole Foods Market ‘s

Paraguay Suffered Data Breach: 7.4 Million Citizen Records Leaked on Dark Web

3 TTPs

•

by Pierluigi Paganini / 20h

•

Paraguay data breach affects millions

Resecurity researchers found 7.4 million records containing personally identifiable information (PII) of Paraguay citizens on the dark web. Resecurity has identified 7.4 million records containing personally identifiable information (PII) of Paraguayan citizens leaked on the dark web today. Last week, cybercriminals have offered information about all citizens of Paraguay for sale, demanding $7.4

Apple confirmed that Messages app flaw was actively exploited in the wild

CVE-2025-43200

•

by Pierluigi Paganini / 1d

Apple confirmed that a security flaw in its Messages app was actively exploited in the wild to target journalists with Paragon’s Graphite spyware. Apple confirmed that a now-patched vulnerability, tracked as CVE-2025-43200, in its Messages app was actively exploited in the wild to target journalists with Paragon’s Graphite spyware . The IT giant addressed the flaw CVE-2025-43200 on February 10, 2

Jun 12, 2025

Trend Micro fixes critical bugs in Apex Central and TMEE PolicyServer

by Pierluigi Paganini / 1d

Trend Micro fixed multiple vulnerabilities that impact its Apex Central and Endpoint Encryption (TMEE) PolicyServer products. Trend Micro address remote code execution and authentication bypass vulnerabilities impacting its Endpoint Encryption (TMEE) PolicyServer and Apex Central solutions. Trend Micro Endpoint Encryption PolicyServer is a centralized management server used in Trend Micro’s Endpo

Paragon Graphite Spyware used a zero-day exploit to hack at least two journalists’ iPhones

CVE-2025-43200

•

by Pierluigi Paganini / 1d

Security researchers at Citizen Lab revealed that Paragon’s Graphite spyware can hack fully updated iPhones via zero-click attacks. Citizen Lab has confirmed that Paragon’s Graphite spyware was used to hack fully updated iPhones, targeting at least two journalists in Europe. The group found forensic evidence showing the phones had communicated with the same spyware server. Apple quietly alerted t

SinoTrack GPS device flaws allow remote vehicle control and location tracking

3 TTPs

•

by Pierluigi Paganini / 2d

Two vulnerabilities in SinoTrack GPS devices can allow remote vehicle control and location tracking by attackers, US CISA warns. U.S. CISA warns of two vulnerabilities in SinoTrack GPS devices that remote attackers can exploit to access a vehicle’s device profile without permission. The researchers warn that potential exploitation could allow attackers to track its location or even cut power to t

U.S. CISA adds Wazuh, and WebDAV flaws to its Known Exploited Vulnerabilities catalog

IoC > 1 IP and 2 domains

•

by Pierluigi Paganini / 2d

•

3 TTPs

•

CVE-2025-24016

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Wazuh, and WebDAV flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added ASUS RT-AX55 devices, Craft CMS, and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog . Below are the descriptions for these flaws: CVE-2025-24016 (CVSS s

Jun 11, 2025

Exposed eyes: 40,000 security cameras vulnerable to remote hacking

4 TTPs

•

by Pierluigi Paganini / 2d

•

Over 40000 security cameras exposed

Over 40,000 internet-exposed security cameras worldwide are vulnerable to remote hacking, posing serious privacy and security risks. Bitsight warns that over 40,000 security cameras worldwide are exposed to remote hacking due to unsecured HTTP or RTSP (Real-Time Streaming Protocol) access. These cameras stream live feeds openly via IP addresses, making them easy targets for spying, cyberattacks,

Operation Secure: INTERPOL dismantles 20,000+ malicious IPs in major cybercrime crackdown

4 TTPs

•

by Pierluigi Paganini / 2d

•

INTERPOL dismantles 20000 malicious IPs

INTERPOL announced that a joint operation code-named Operation Secure took down 20,000+ malicious IPs/domains tied to 69 info-stealers. Between January and April 2025, INTERPOL led Operation Secure, a global effort that took down over 20,000 malicious IPs and domains linked to information-stealing malware. With support from 26 countries and partners like Group-IB, Kaspersky, and Trend Micro, inve

Over 80,000 servers hit as Roundcube RCE bug gets rapidly exploited

IoC > 1 domain

•

by Pierluigi Paganini / 3d

•

2 TTPs

A critical remote code execution (RCE) vulnerability in Roundcube was exploited days after patch, impacting over 80,000 servers. Threat actors exploited a critical remote code execution (RCE) flaw in Roundcube, tracked as CVE-2025-49113 , just days after the patch was released, targeting over 80,000 servers. Roundcube is a popular webmail platform and has been repeatedly targeted by advanced thre

Jun 10, 2025

A flaw could allow recovery of the phone number associated with any Google account

2 TTPs

•

by Pierluigi Paganini / 3d

•

Google fixes phone number vulnerability

A vulnerability could allow recovery of the phone number associated with a Google account by carrying out a brute force attack. The security researcher who goes online with the moniker “brutecat” discovered that it is possible to brute force the phone number of any Google abusing an issue in the company’s account recovery feature. A now-deprecated, JavaScript-disabled version of Google’s username

End of feed