Cybersecurity News

Bitsight, a cybersecurity ratings company, has issued a stark warning after its TRACE research team discovered over 40,000 internet-connected security cameras streaming live footage openly on the internet, with no passwords or meaningful security protections in place. These cameras, intended for use in homes, businesses, factories, hospitals, and even public transportation, are inadvertently providing public access to sensitive locations and information.

Microsoft’s June 2025 Patch Tuesday addressed a total of 66–67 vulnerabilities across its product suite, including Windows, Microsoft Office, and related components. The update is notable for patching a critical zero-day vulnerability in the Web Distributed Authoring and Versioning (WEBDAV) protocol that was actively exploited in the wild.

On Wednesday, INTERPOL announced the successful dismantling of more than 20,000 malicious IP addresses and domains linked to 69 different information-stealing malware variants. This operation, codenamed Operation Secure, was conducted between January and April 2025 and involved law enforcement agencies from 26 countries across the Asia-Pacific region.

FIN6 (aka Camouflage Tempest, Gold Franklin, or Skeleton Spider) is a financially motivated cybercrime group active since 2012, initially targeting point-of-sale systems to steal payment card data. Recently, they’ve adopted a novel attack vector using AWS-hosted fake resumes on LinkedIn to deliver More_eggs malware, specifically targeting corporate recruiters.

The database consisted of numerous collections, ranging from half a million to over 800 million records gathered from various sources. One research team believes the dataset was meticulously compiled and maintained to build comprehensive behavioral, economic, and social profiles of nearly any Chinese citizen. The exposed instance was quickly taken down, preventing the team from disclosing the identity of the database’s owners.

A new variant of the Mirai malware botnet is exploiting a little-known command injection vulnerability in TBK digital video recording devices, specifically models DVR-4104 and DVR-4216, to take control of them. This vulnerability, identified as CVE-2024-3721, was disclosed by security researcher "netsecfish" in April 2024 but has just now been spotted in the wild.

India's Central Bureau of Investigation (CBI) has announced the arrest of six individuals and the dismantling of two illegal call centers that were engaging in a sophisticated transnational tech support scam targeting Japanese citizens.

Less than 24 hours after President Trump’s public dispute with Elon Musk, a new cybersecurity executive order was issued on June 6, 2025. This order introduces major changes to the Biden administration’s final cybersecurity guidelines. It not only modifies key aspects of Biden’s January 2025 framework but also signals a broader shift in federal cybersecurity priorities. The focus has moved away from federal digital identity initiatives and has revised software security mandates that previously relied heavily on compliance.

Microsoft and CrowdStrike announced on Monday that they are spearheading an industry initiative to map threat actor names. Their objective is to simplify the process for the cybersecurity community to align intelligence effectively.

Honeywell, a prominent industrial giant, released its 2025 Cybersecurity Threat Report on Wednesday. The report reveals a significant increase in ransomware and other malware attacks within the industrial sector.