An AI bot named 'Xbow' reached the top of the U.S. HackerOne leaderboard, outperforming human hackers by identifying vulnerabilities in major companies and submitting nearly 1,060 vulnerabilities.

Cybercriminals are increasingly using large language models (LLMs) to boost hacking operations, including creating malicious content and exploiting vulnerabilities.

AT&T reached a $177 million settlement over 2019 and 2024 data breaches, potentially paying affected customers up to $5,000 each, with payments expected in early 2026.

On June 27, 2025, CYFIRMA discovered the Odyssey Stealer malware campaign targeting macOS users via Clickfix tactics, stealing sensitive data and impacting over 70 organizations in the US.

Guardare's CEO, Lars Letonoff, introduced their AI-powered platform on June 27, 2025, designed to help SMBs address cybersecurity gaps by providing risk and compliance support.

The hacking collective Scattered Spider is targeting the aviation sector, causing system disruptions, with recent incidents affecting Hawaiian Airlines and WestJet.

The GIFTEDCROOK malware has evolved into an intelligence-gathering tool, exfiltrating sensitive documents and browser secrets from targeted individuals in recent campaigns in June 2025.

A Chinese hacking group, identified as Silver Fox (Void Arachne), is distributing malware through fake websites that mimic popular software like WPS Office, Sogou, and DeepSeek, targeting Chinese speakers.

On June 28, 2025, GBHackers reported on the malicious Python package psslib, which typosquats the passlib library and forces an immediate system shutdown on Windows systems when incorrect passwords are entered.

A cyber attack targeting critical national infrastructure in the Middle East reveals threat actors are using Windows Task Scheduler for persistent access, employing a malicious Havoc framework variant.

Criminals are impersonating PayPal via phone calls, claiming high transfers are pending, in an attempt to obtain personal data or initiate money transfers.

IT security researchers report increasing demands in sextortion scams, with scammers now requesting 1650 US dollars in Litecoin.

Nikhil Sarnot's article, published on June 26, 2025, discusses the evolution of Governance, Risk, and Compliance (GRC) in the age of generative AI, emphasizing the need for GRC professionals to develop skills in areas like ethical reasoning and AI-human workflow design.

Effective governance of non-human identities begins with understanding an agency's mission, according to Dan Wilkins, CISO of Arizona Department of Economic Security.

A Bloomberg article reports that the US is falling behind China in exploit production and may be eight years behind in developing offensive cyber capabilities.

The 5th Cyber Africa Forum in Cotonou focused on digital resilience and transformation, highlighting human error as a major cybersecurity vulnerability, with IBM reporting over 95% of breaches stem from human actions.

The Hacker News published an article on June 26, 2025, highlighting the hidden risks of SaaS platforms, emphasizing that built-in protections are insufficient for modern data resilience due to factors like human error and evolving cyber threats.

At Cisco Live 2025, networking professionals discussed the need for drastic changes in network security to keep up with AI, recommending using AI to fight AI and expanding zero-trust capabilities.

Published on June 26, 2025, the article by Kyle Wickert discusses the limitations of security convergence, noting that while 89% of organizations have unified security teams, the tools remain isolated, leading to policy inconsistencies and increased risk.

ISMG editors discussed the challenges of building frontier AI models that behave ethically, India's new data protection law, and securing operational technology environments.

On June 27-28, 2025, European authorities demanded Apple and Google remove the Chinese AI app DeepSeek from their stores due to illegal data transfers to China, violating GDPR.

The data protection authority is investigating security vulnerabilities on hundreds of restaurant websites, following a report by the Chaos Computer Club (CCC) that revealed flaws on over 400 restaurant websites in Germany.

Help Net Security published a roundup of infosec products for June 2025, featuring releases from companies including Akamai, Fortinet, and Malwarebytes.

Embed Security unveiled its agentic security platform that autonomously triages and investigates alerts, saving approximately 155 analyst hours per month for Spencer Fane.

Extreme Networks has developed AI agents on its Platform One to simplify network and security operations, reducing manual tasks by 90% and resolution times by up to 98%.

This article, published on June 28, 2025, provides a guide on how to deal with smartphone viruses, detailing symptoms and suggesting immediate actions like disconnecting from the internet and running antivirus scans.

SBOMs inventory software components to enhance security by tracking vulnerabilities, with enterprises choosing from three standard formats: CycloneDX, SPDX, and SWID tags.

RevEng.ai, a British startup, has raised $4.15 million in seed funding for its AI-powered software supply chain security platform, which discovers malicious code and vulnerabilities.

On June 27, 2025, Jonathan Evans, Security Analyst at GitHub, published insights on the GitHub Advisory Database, highlighting known security vulnerabilities and offering guidance on automating software security to protect projects.

Cybersecurity experts warn about the dangers of canceling subscriptions through email, as malicious unsubscribe links can lead to phishing, malware installation, or redirection to fake login pages.

On June 27, 2025, Cybercrime Magazine reported that threat actors are using AI to deploy phishing kits, with the projected global economic impact of cybercrime set to reach $10.5 trillion annually by the close of 2025.

A podcast on heise online, published on June 26, 2025, discusses the increasing concern over cyberattacks on critical infrastructure, prompted by the US attack on Iran's nuclear program.

On June 26, 2025, Help Net Security published an interview with Dr. Tim Sattler, CISO at Jungheinrich, discussing cybersecurity risks in smart warehouses and industrial control systems, including the expanded attack surface from technologies like PLCs and IoT-enabled forklifts.

Microsoft is warning of a large-scale Secure Boot certificate update needed by June 2026, impacting Windows, Linux, and macOS systems, with failure to update resulting in systems losing the ability to install Secure Boot security updates.

Claroty's research indicates that 75% of organizations have building management systems (BMS) affected by Known Exploited Vulnerabilities (KEVs), highlighting widespread cyber risks.

Cybersecurity researchers developed a C++ program to demonstrate Windows Registry manipulation techniques, highlighting vulnerabilities in Windows systems that enable persistent access and privilege escalation.

On June 27, 2025, GBHackers reported a critical vulnerability, CVE-2025-6561, in Hunt Electronics’ hybrid DVRs, allowing unauthenticated remote attackers to retrieve administrator credentials in plaintext.