US critical infrastructure could become casualty of Iran-Israel conflict
Security researchers are warning that the outbreak of direct hostilities between Israel and Iran may soon lead to malicious cyberattacks against critical infrastructure sites in the U.S. from state-linked actors, hacktivist groups and cyber criminals. State-backed and hacktivist cyber threats against Israel and the U.S.'s Middle Eastern allies are escalating, according to researchers at Radware. Experts have seen a spike in pro-Iran threat activity on Telegram and other public channels. READ MORE...
Remorseless extortionists claim to have stolen thousands of files from Freedman HealthCare
An extortion gang claims to have breached Freedman HealthCare, a data and analytics firm whose customers include state agencies, health providers, and insurance companies, and is threatening to dump tens of thousands of sensitive files early Tuesday morning. According to a claim posted Sunday on the shame site belonging to World Leaks, formerly Hunters International, the data thieves alleged to have pilfered 52.4 GB of data containing 42,204 files, which they will release at 4 am EDT on Tuesday. READ MORE...
Washington Post Staffer Emails Targeted in Cyber Breach
The Washington Post is looking into a cyberattack that compromised the email accounts of some of its journalists. Executive editor Matt Murray sent out a memo to Post employees detailing that the breach was discovered on June 12. The following day, all Post employees' passwords were reset as a precaution, and Murray said the breach wasn't likely to impact any additional Post systems or its customers. READ MORE...
Scattered Spider, fresh off retail sector attack spree, pivots to insurance industry
Scattered Spider, the loose-knit cybercrime collective that recently ran roughshod over U.K.- and U.S.-based retailers, has pivoted once again, setting its sites on insurance companies, according to Google Threat Intelligence Group. Google previously warned that the financially motivated threat group, which it tracks as UNC3944, was pivoting to U.S. retailers following a wave of ransomware and extortion attacks on retailers and grocery stores in the U.K. READ MORE...
Smart air fryers ordered to stop invading our digital privacy
In a confirmation that we've gone full Black Mirror, the UK's privacy czar has wagged a finger at air fryer manufacturers and told them to stop playing with our data. New draft guidance from the Information Commissioner's Office (ICO) targets not just air fryer vendors but manufacturers of any smart home products, ranging from smart lighting systems through to internet-connected refrigerators and connected toys. READ MORE...
Organizations Warned of Vulnerability Exploited Against Discontinued TP-Link Routers
The US cybersecurity agency CISA on Monday warned that threat actors are exploiting a two-year-old vulnerability affecting multiple discontinued TP-Link router models. Tracked as CVE-2023-33538 (CVSS score of 8.8), the bug is described as a command injection vulnerability in the /userRpm/WlanNetworkRpm component, and impacts the TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 router models. READ MORE...
Zyxel Firewall Vulnerability Again in Attacker Crosshairs
A Zyxel vulnerability that was exploited in a coordinated attack against Denmark's critical infrastructure two years ago is once again in attackers' crosshairs, threat intelligence company GreyNoise warns. The security defect, tracked as CVE-2023-28771, is an improper error message handling issue that can be exploited to execute OS commands remotely. Attacks targeting the flaw first emerged in May 2023, one month after Zyxel rolled out patches for it, and intensified a month later. READ MORE...
ASUS Armoury Crate bug lets attackers get Windows admin privileges
A high-severity vulnerability in ASUS Armoury Crate software could allow threat actors to escalate their privileges to SYSTEM level on Windows machines. The security issue is tracked as CVE-2025-3464 and received a severity score of 8.8 out of 10. It could be exploited to bypass authorization and affects the AsIO3.sys of the Armoury Crate system management software. Armoury Crate is the official system control software for Windows from ASUS. READ MORE...
Sitecore CMS exploit chain starts with hardcoded 'b' password
A chain of Sitecore Experience Platform (XP) vulnerabilities allows attackers to perform remote code execution (RCE) without authentication to breach and hijack servers. Sitecore is a popular enterprise CMS used by businesses to create and manage content across websites and digital media. Discovered by watchTowr researchers, the pre-auth RCE chain disclosed today consists of three distinct vulnerabilities. READ MORE...
- ...in 1885, the Statue of Liberty arrives in New York Harbor.
- ...in 1898, Dutch artist M.C. Escher, known for his mathematically-inspired illustrations of "impossible" objects and architecture, is born in Leeuwarden, Netherlands.
- ...in 1901, the College Board introduces its first standardized test, the forerunner to the SAT.
- ...in 1948, former Cincinnati Reds shortstop (and key member of the Big Red Machine) Dave Concepcion is born in Ocumare de la Costa, Venezuela.
