CISA Advisory – Ransomware actors exploiting unpatched SimpleHelp Remote Monitoring and Management software.
Posted inCybersecurity News

CISA Advisory – Ransomware actors exploiting unpatched SimpleHelp Remote Monitoring and Management software.

CISA Cybersecurity Advisory AA25-163A, released on June 12, 2025, addresses a significant ransomware threat exploiting unpatched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) software. The advisory was prompted by incidents in which ransomware actors compromised customers of a utility billing software provider by leveraging these vulnerabilities.
New method (SmartAttack) uses ultrasonic transmissions to send stolen data from air-gapped systems to smartwatches.
Posted inCybersecurity News

New method (SmartAttack) uses ultrasonic transmissions to send stolen data from air-gapped systems to smartwatches.

A newly discovered cyberattack method, dubbed SmartAttack, leverages smartwatches and ultrasonic signals to steal data from air-gapped systems—computers physically isolated from external networks. Developed by researchers led by Mordechai Guri at Ben-Gurion University, this technique exploits smartwatch microphones to capture covert ultrasonic transmissions from compromised air-gapped machines.
Paragon’s Graphite spyware used in sophisticated zero-click attack against new iPhones.
Posted inCybersecurity News

Paragon’s Graphite spyware used in sophisticated zero-click attack against new iPhones.

In June 2025, security researchers at Citizen Lab confirmed the first forensic evidence that Paragon’s ‘Graphite’ spyware was used in highly sophisticated zero-click attacks targeting up-to-date iPhones, specifically those running iOS 18.2.1. These attacks required no user interaction and left almost no visible traces, making detection and attribution particularly challenging.
New TokenBreak attack bypasses LLM protective guardrails.
Posted inCybersecurity News

New TokenBreak attack bypasses LLM protective guardrails.

A newly discovered cyber attack technique, called TokenBreak, targets the tokenization process of text classification models, particularly those used as protective guardrails for large language models (LLMs). The attack exploits how certain tokenizers break down and interpret text, allowing adversaries to bypass content moderation, safety, toxicity, and spam detection systems with minimal changes to input text.
Cloudflare notes increase in cyberattacks against journalists.
Posted inCybersecurity News

Cloudflare notes increase in cyberattacks against journalists.

Cloudflare reports a dramatic surge in cyberattacks targeting journalists and independent media organizations over the past year. Between May 2024 and April 2025, Cloudflare blocked nearly 109 billion malicious requests aimed at organizations protected under its Project Galileo, with attacks against journalists and news organizations accounting for 97 billion of those requests—an average of 290 million per day. This marks a 241% increase in attack volume compared to the previous year.
10 Cybercriminals Who Remain on the Lam.
Posted inCybersecurity News

10 Cybercriminals Who Remain on the Lam.

Many high-profile cybercriminals have been arrested and convicted, but several notorious figures remain fugitives, wanted by law enforcement agencies worldwide. Here are ten cybercriminals currently on the run, according to the latest FBI “Most Wanted” lists and other credible sources:
Microsoft Copilot Zero-Click Vulnerability (“EchoLeak”): What Happened and Why It Matters
Posted inCybersecurity News

Microsoft Copilot Zero-Click Vulnerability (“EchoLeak”): What Happened and Why It Matters

A critical security flaw, dubbed “EchoLeak” (CVE-2025-32711), was discovered in Microsoft 365 Copilot, the AI assistant integrated into Office apps like Word, Excel, Outlook, and Teams. This vulnerability allowed attackers to exfiltrate sensitive organizational data through a “zero-click” attack—meaning the victim did not need to interact with any malicious content for the exploit to succeed.
GreyNoise Warning: Coordinated Brute-Force Attacks on Apache Tomcat Manager
Posted inCybersecurity News

GreyNoise Warning: Coordinated Brute-Force Attacks on Apache Tomcat Manager

On June 5, 2025, GreyNoise observed a significant and coordinated surge in brute-force and login attempts targeting Apache Tomcat Manager interfaces exposed to the internet. This activity marked a sharp deviation from typical background noise, with two GreyNoise tags—Tomcat Manager Brute Force Attempt and Tomcat Manager Login Attempt—registering volumes well above their usual baselines.
United Natural Foods Inc. (UNFI), the primary distributor for Whole Foods hit with cyberattack beginning on June 5, 2025.
Posted inCybersecurity News

United Natural Foods Inc. (UNFI), the primary distributor for Whole Foods hit with cyberattack beginning on June 5, 2025.

United Natural Foods Inc. (UNFI), the primary distributor for Whole Foods and a major supplier to over 30,000 retailers across North America, experienced a significant cybersecurity incident beginning on June 5, 2025. The attack led to widespread disruptions in its operations, particularly affecting its ability to fulfill and distribute customer orders, including those to Whole Foods.