Massive 16 Billion Credential Compilation Not a New Data Breach, Experts Clarify

https://cybernews.com/security/billions-credentials-exposed-infostealers-data-leak/

Hackers Exploit Gmail App Passwords to Bypass Multi-Factor Authentication

https://citizenlab.ca/2025/06/russian-government-linked-social-engineering-targets-app-specific-passwords/

https://cloud.google.com/blog/topics/threat-intelligence/creative-phishing-academics-critics-of-russia

China's Military Adopts Generative AI for Intelligence Operations

https://www.recordedfuture.com/research/artificial-eyes-generative-ai-chinas-military-intelligence

Hackers Compromise Over 70 Microsoft Exchange Servers with Keylogger Attacks

https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/exchange-mutations-malicious-code-in-outlook-pages

US House Bans WhatsApp on Government Devices Over Security Concerns

https://www.axios.com/2025/06/23/whatsapp-house-congress-staffers-messaging-app

* Australian Regulator Orders Superannuation Funds to Strengthen Authentication After Cyber Attacks

* Researchers Expose Massive Dark Advertising Network Using Fake CAPTCHAs to Spread Disinformation and Malware

* Apple Patches Zero-Click Messaging Vulnerability Exploited to Target European Journalists with Israeli Spyware

* Scattered Spider Cybercrime Group Shifts Focus to US Insurance Industry After Retail Attacks

* Massive JavaScript Malware Campaign Infects Over 269,000 Websites Using Novel Obfuscation Technique

* Extortion Group Briefly Resells Old Ticketmaster Data Stolen in 2024 Snowflake Attacks

* OpenAI Shuts Down 10 Malicious Operations Using ChatGPT for Cyber Attacks and Disinformation

* Single Threat Actor Behind 100+ Backdoored GitHub Repositories Targeting Cybercriminals

* Over 84,000 Roundcube Webmail Instances Exposed to Critical Remote Code Execution Flaw

* Massive Supply Chain Attack Targets npm and PyPI Ecosystems, Affecting Nearly One Million Weekly Downloads

Australia Implements Mandatory Ransomware Payment Disclosure Rules Under New Cyber Security Framework

Phishing Campaign Targets CFOs Globally Using Legitimate NetBird Remote Access Tool

Critical Vulnerability in GitHub MCP Integration Allows Private Repository Data Theft

Critical Flaws Discovered in Popular Software Bill of Materials Generation Tools

Microsoft Authenticator Begins Warning Users to Export Passwords Before July Deadline

Special thanks to Justin Butterfield and J A Zien for contributing to this week’s articles

* Dozens of Malicious NPM Packages Discovered Harvesting System and Network Intelligence

* TikTok Becomes New Vector for ClickFix Malware Campaign Targeting User Credentials

* Australian Cyber Agency Warns of Russian GRU Targeting Western Logistics and Tech Companies

* Apple Blocks Record $9 Billion in Fraudulent Transactions Across Five-Year Security Crackdown

https://socket.dev/blog/60-malicious-npm-packages-leak-network-and-host-data

https://www.trendmicro.com/en_us/research/25/e/tiktok-videos-infostealers.html

https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/russian-gru-targeting-western-logistics-entities-and-technology-companies

https://www.apple.com/newsroom/2025/05/the-app-store-prevented-more-than-9-billion-usd-in-fraudulent-transactions/

* Australian Healthcare Sector Leads in Data Breach Notifications as Human Error Remains a Major Threat

* Verizon DBIR Reveals Alarming Surge in Third-Party Breaches and Vulnerability Exploitation

* Australian Human Rights Commission Exposes Sensitive Documents Through Search Engine Indexing Blunder

* Deceptive KeePass Clone Delivers ESXi Ransomware in Sophisticated Supply Chain Attack

* Printer Manufacturer ProColored Unwittingly Distributed Malware-Infected Drivers for Months

https://www.oaic.gov.au/privacy/notifiable-data-breaches/notifiable-data-breaches-publications/notifiable-data-breaches-report-july-to-december-2024

https://www.verizon.com/business/resources/reports/dbir/

https://humanrights.gov.au/our-work/commission-general/data-breach-notification

https://labs.withsecure.com/content/dam/labs/docs/W_Intel_Research_KeePass_Trojanised_Malware_Campaign.pdf

https://www.bleepingcomputer.com/news/security/printer-maker-procolored-offered-malware-laced-drivers-for-months/

Pearson Educational Giant Suffers Major Cyberattack Through Exposed GitLab Token

https://plc.pearson.com/en-GB/news-and-insights/news/cyber-security-incident

https://www.bleepingcomputer.com/news/security/education-giant-pearson-hit-by-cyberattack-exposing-customer-data/

Malicious npm Packages Target Cursor Editor Users, Affecting Over 3,200 Developers

https://socket.dev/blog/malicious-npm-packages-hijack-cursor-editor-on-macos

Cyber Scammers Deploy Fake AI Creation Tools to Spread Noodlophile Malware via Facebook

https://www.morphisec.com/blog/new-noodlophile-stealer-fake-ai-video-generation-platforms/

Google Deploys On-Device AI to Combat Scams Across Chrome, Search, and Android

https://blog.google/technology/safety-security/how-were-using-ai-to-combat-the-latest-scams/

New Investment Scams Employ Sophisticated Techniques to Target Victims

https://blogs.infoblox.com/threat-intelligence/uncovering-actor-ttp-patterns-and-the-role-of-dns-in-investment-scams/