SecurityWeek Briefing

"Grafana patches chromium bugs, including zero-day exploited in the wild."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 07 July 2025, 2120 UTC.

Content and Source:  "SecurityWeek Briefing."

Email subscription via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Ffeeds.feedburner.com%2FSecurityweek

Please check subscription link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

SecurityWeek

89K followers37 articles per week

#security#tech

72

Today

Grafana Patches Chromium Bugs, Including Zero-Day Exploited in the Wild

Execution (Enterprise TA0002)

•

by Ionut Arghire / 2h

•

CVE-2025-6554

CVE-2025-6554 and three other Chromium vulnerabilities could allow attackers to execute code and corrupt memory remotely. The post appeared first on SecurityWeek .

Hunters International Shuts Down, Offers Free Decryptors as It Morphs Into World Leaks

3 TTPs

•

by Ionut Arghire / 7h

•

Hunters International ransomware shuts down

The notorious Hive successor ceases ransomware operations but pivots to pure data extortion under the new World Leaks brand. The post appeared first on SecurityWeek .

Ingram Micro Scrambling to Restore Systems After Ransomware Attack

Collection (Enterprise TA0009)

•

by Ionut Arghire / 8h

The IT products and services giant did not say how the intrusion occurred or whether any data was stolen from its systems. The post appeared first on SecurityWeek .

Police in Brazil Arrest a Suspect Over $100M Banking Hack

Brazil arrests suspects in PIX cyberattacks

•

by Associated Press / 10h

Officials identified the suspect as João Roque, a C&M employee who worked in information technology and allegedly helped others gain unauthorized access to PIX systems. The post appeared first on SecurityWeek .

Jul 4, 2025

In Other News: Hacker Helps Kill Informants, Crylock Developer Sentenced, Ransomware Negotiator Probed

5 TTPs

•

by Mike Lennon / 3d

Noteworthy stories that might have slipped under the radar: drug cartel hires hacker to identify FBI informants, prison time for Russian ransomware developer, ransomware negotiator investigated. The post appeared first on SecurityWeek .

Jul 3, 2025

Undetectable Android Spyware Backfires, Leaks 62,000 User Logins

by Ionut Arghire / 4d

A vulnerability in the Catwatchful spyware allowed a security researcher to retrieve the usernames and passwords of over 62,000 accounts. The post appeared first on SecurityWeek .

Cisco Warns of Hardcoded Credentials in Enterprise Software

3 TTPs

•

by Ionut Arghire / 4d

•

CVE-2025-20309

Hardcoded SSH credentials in Cisco Unified CM and Unified CM SME could allow attackers to execute commands as root. The post appeared first on SecurityWeek .

North Korean Hackers Use Fake Zoom Updates to Install macOS Malware

7 TTPs

•

by Ionut Arghire / 4d

SentinelOne says the fake Zoom update scam delivers ‘NimDoor’, a rare Nim-compiled backdoor. The post North Korean Hackers Use Fake Zoom Updates to Install macOS Malware appeared first on SecurityWeek .

Jul 2, 2025

Like Ransoming a Bike: Organizational Muscle Memory Drives the Most Effective Response

by Trevin Edgeworth / 5d

Ransomware is a major threat to the enterprise. Tools and training help, but survival depends on one thing: your organization’s muscle memory to respond fast and recover stronger. The post appeared first on SecurityWeek .

US Calls Reported Threats by Pro-Iran Hackers to Release Trump-Tied Material a ‘Smear Campaign’

Impact (Enterprise TA0040)

•

by Associated Press / 5d

•

ProIran hackers threaten Trump-related emails

The United States has warned of continued Iranian cyberattacks following American strikes on Iran’s nuclear facilities. The post appeared first on SecurityWeek .

Cybersecurity M&A Roundup: 41 Deals Announced in June 2025

by Eduard Kovacs / 5d

Forty-one cybersecurity merger and acquisition (M&A) deals were announced in June 2025. The post appeared first on SecurityWeek .

Kelly Benefits Data Breach Impacts 550,000 People

Collection (Enterprise TA0009)

•

by Eduard Kovacs / 5d

•

Kelly Benefits data breach impacts 550000

As Kelly Benefits’s investigation into a recent data breach progressed, the number of impacted individuals continued to grow. The post appeared first on SecurityWeek .

Forminator WordPress Plugin Vulnerability Exposes 400,000 Websites to Takeover

CVE-2025-6463 & 1 other

•

by Ionut Arghire / 5d

A vulnerability in the Forminator WordPress plugin allows attackers to delete arbitrary files and take over impacted websites. The post appeared first on SecurityWeek .

Jul 1, 2025

CISA Warns of Two Exploited TeleMessage Vulnerabilities

by Ionut Arghire / 5d

CISA says two more vulnerabilities in the messaging application TeleMessage TM SGNL have been exploited in the wild. The post appeared first on SecurityWeek .

Cyberattack Targets International Criminal Court

ICC targeted by multiple cyberattacks

•

by Ionut Arghire / 5d

The International Criminal Court (ICC) has detected and contained a sophisticated and targeted cyberattack. The post appeared first on SecurityWeek .

Qantas Data Breach Impacts Up to 6 Million Customers

2 TTPs

•

by Ionut Arghire / 5d

•

Qantas suffers major cyber data breach

Australian airline Qantas says personal information stolen from systems hosting the service records of 6 million customers. The post appeared first on SecurityWeek .

Critical Microsens Product Flaws Allow Hackers to Go ‘From Zero to Hero’

Execution (Enterprise TA0002)

•

by Eduard Kovacs / 6d

CISA has informed organizations about critical authentication bypass and remote code execution vulnerabilities in Microsens NMP Web+. The post appeared first on SecurityWeek .

LevelBlue to Acquire Trustwave to Create Major MSSP

by Eduard Kovacs / 6d

LevelBlue has announced plans to acquire Trustwave to create the largest pure-play managed security services provider (MSSP). The post appeared first on SecurityWeek .

Cloudflare Puts a Default Block on AI Web Scraping

by Kevin Townsend / 6d

The move could reshape how LLM developers gather information — and force new deals between creators and AI companies. The post appeared first on SecurityWeek .

263,000 Impacted by Esse Health Data Breach

by Ionut Arghire / 6d

Esse Health says the personal information of over 263,000 individuals was stolen in an April 2025 cyberattack. The post appeared first on SecurityWeek .

Jun 30, 2025

Thousands of Citrix NetScaler Instances Unpatched Against Exploited Vulnerabilities

3 TTPs

•

by Ionut Arghire / 6d

Many Citrix NetScaler systems are exposed to attacks exploiting the vulnerabilities tracked as CVE-2025-5777 and CVE-2025-6543. The post appeared first on SecurityWeek .

Iranian Hackers’ Preferred ICS Targets Left Open Amid Fresh US Attack Warning

7 TTPs

•

by Eduard Kovacs / 6d

•

Iranian cyber threats escalate amid tensions

The US government is again warning about potential Iranian cyberattacks as researchers find that hackers’ favorite ICS targets remain exposed. The post appeared first on SecurityWeek .

US Storms 29 Laptop Farms in Crackdown on North Korean IT Worker Schemes

US dismantles North Korean cyber operations

•

by Ionut Arghire / 6d

The US has made 29 searches of known or suspected laptop farms supporting North Korean individuals posing as US IT workers. The post appeared first on SecurityWeek .

Chrome 138 Update Patches Zero-Day Vulnerability

2 TTPs

•

by Ionut Arghire / 6d

•

CVE-2025-6554

Google has released a Chrome 138 update that patches a high-severity vulnerability with an exploit in the wild. The post appeared first on SecurityWeek .

Cato Networks Raises $359 Million to Expand SASE Business

Cato Networks raises 359M

•

by Mike Lennon / 7d

Founded in 2015, the Tel Aviv based company has now raised more than $1 billion and claims more than 3,500 customers. The post appeared first on SecurityWeek .

NASA Needs Agency-Wide Cybersecurity Risk Assessment: GAO

NASA cybersecurity remains inadequate

•

by Ionut Arghire / 7d

NASA needs to perform an agency-wide cybersecurity risk assessment and to complete important cybersecurity tasks for each of its projects. The post appeared first on SecurityWeek .

Hacker Conversations: Rachel Tobac and the Art of Social Engineering

by Kevin Townsend / 7d

Rachel Tobac is a cyber social engineer. She is skilled at persuading people to do what she wants, rather than what they know they ought to do. The post appeared first on SecurityWeek .

Casie Antalis Named Executive Director of CISA

by Eduard Kovacs / 7d

Casie Antalis is the new executive director of the Cybersecurity and Infrastructure Security Agency after the departure of Bridget Bean. The post appeared first on SecurityWeek .

Airoha Chip Vulnerabilities Expose Headphones to Takeover

Bluetooth vulnerabilities enable eavesdropping

•

by Ionut Arghire / 7d

Vulnerabilities in Airoha Bluetooth SoCs expose headphone and earbud products from multiple vendors to takeover attacks. The post appeared first on SecurityWeek .

Canada Gives Hikvision the Boot on National Security Grounds

by Ionut Arghire / 7d

Canada has ordered Hikvision to cease all operations in the country and prohibited the purchase and use of Hikvision products within government entities. The post appeared first on SecurityWeek .