• Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit
• Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails
• Pen Testing for Compliance Only? It's Time to Change Your Approach
• New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy
• 5 BCDR Essentials for Effective Ransomware Defense
• Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers
• Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper
• Samsung Patches CVE-2025-4632 Used to Deploy Mirai Botnet via MagicINFO 9 Exploit
• BianLian and RansomExx Exploit SAP NetWeaver Flaw to Deploy PipeMagic Trojan
• Xinbi Telegram Market Tied to $8.4B in Crypto Crime, Romance Scams, North Korea Laundering
• CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users
• Earth Ammit Breached Drone Supply Chains via ERP in VENOM, TIDRONE Campaigns
• Learning How to Hack: Why Offensive Security Training Benefits Your Entire Security Team
• Horabot Malware Targets 6 Latin American Nations Using Invoice-Themed Phishing Emails
• Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server
• Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems
• Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks
• China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide
• Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads
• Deepfake Defense in the Age of AI

• Leak confirms OpenAI's ChatGPT will integrate MCP
• ChatGPT will soon record, transcribe, and summarize your meetings
• Windows 10 KB5058379 update triggers BitLocker recovery on some devices
• Government webmail hacked via XSS bugs in global spy campaign
• FBI: US officials targeted in voice deepfake attacks since April
• Nova Scotia Power confirms hackers stole customer data in cyberattack
• Windows 11 and Red Hat Linux hacked on first day of Pwn2Own
• New Tor Oniux tool anonymizes any Linux app's network traffic
• Malicious NPM package uses Unicode steganography to evade detection
• Coinbase data breach exposes customer info and government IDs
• Google fixes high severity Chrome flaw with public exploit
• Google Chrome to block admin-level browser launches for better security
• Hackers behind UK retail attacks now targeting US companies

• Cyber fiends battering UK retailers now turn to US stores
• Coinbase extorted for $20M. Support staff bribed. Customers scammed. One hell of a SNAFU
• Socket buys Coana to tell you which security alerts you can ignore
• Snowflake CISO on the power of 'shared destiny' and 'yes and'
• Here's what we know about the DragonForce ransomware that hit Marks & Spencer
• Metal maker meltdown: Nucor stops production after cyber-intrusion
• Why CVSS is failing us and what we can do about it
• Uncle Sam pulls $2.4B Leidos deal to support CISA after rival alleges foul play
• Ivanti patches two zero-days under active attack as intel agency warns customers
• Meta's still violating GDPR rules with latest plan to train AI on EU user data, says noyb
• VPN Secure parent company CEO explains why he had to axe thousands of 'lifetime' deals
• Go ahead and ignore Patch Tuesday – it might improve your security
• Everyone's deploying AI, but no one's securing it – what could go wrong?
• Ransomware scum have put a target on the no man's land between IT and operations
• Apple patched one first, but Microsoft’s blasted five exploited flaws this Pa-Tu
• Intel's data-leaking Spectre defenses scared off yet again
• Qatar’s $400M jet for Trump is a gold-plated security nightmare
• Commvault fixes critical Command Center issue after flaw finder alert
• 'We still have embeds in CISA': CTO of Brit cyber agency talks post-Trump relationship with US counterpart
• Marks & Spencer admits cybercrooks made off with customer info

• Proofpoint buying Hornetsecurity in a play to expand email security scope
• After helping Russia on the ground North Korea targets Ukraine with cyberespionage
• Google patches Chrome vulnerability used for account takeover and MFA bypass
• Stealth RAT uses a PowerShell loader for fileless attacks
• Alternatives to Microsoft Outlook webmail come under attack in Europe
• Data on sale: Trump administration withdraws data broker oversight proposal
• The most effective phishing QR code is a new drug and alcohol policy supposedly from HR
• ‘Aggressive, creative’ hackers behind UK breaches now eyeing US retailers
• Hacker nehmen Rüstungslieferanten der Ukraine ins Visier
• How phones get hacked: 7 common attack methods explained

• AI-Generated Law
• Upcoming Speaking Engagements
• Google’s Advanced Protection Now on Android
• Court Rules Against NSO Group
• Florida Backdoor Bill Fails
• Friday Squid Blogging: Japanese Divers Video Giant Squid
• Chinese AI Submersible
• Fake Student Fraud in Community Colleges
• Another Move in the Deepfake Creation/Detection Arms Race
• Friday Squid Blogging: Pyjama Squid

• Threat landscape for industrial automation systems in Q1 2025 – Source: securelist.com
• Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit – Source:thehackernews.com
• Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails – Source:thehackernews.com
• Pen Testing for Compliance Only? It’s Time to Change Your Approach – Source:thehackernews.com
• 5 BCDR Essentials for Effective Ransomware Defense – Source:thehackernews.com
• Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail Servers – Source:thehackernews.com
• Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper – Source:thehackernews.com
• Sophos MDR: New analyst response actions for Microsoft 365 – Source: news.sophos.com
• Beyond the kill chain: What cybercriminals do with their money (Part 5) – Source: news.sophos.com
• Beyond the kill chain: What cybercriminals do with their money (Part 4) – Source: news.sophos.com