Infosec bits for 2025 week 24

Maajied Moos | June 17, 2025, 9:17 a.m.

New Tools:

fiddleitm: Open-source mitmproxy add-on identifies malicious web traffic [Mirko Zorz, Help Net Security]

OWASP Nettacker: Open-source scanner for recon and vulnerability assessment [Mirko Zorz, Help Net Security]

Cybersecurity Insights:

SIEMs Missing the Mark on MITRE ATT&CK Techniques [Kristina Beek, Dark Reading]

Employees repeatedly fall for vendor email compromise attacks [Help Net Security, Help Net Security]

Cloud and AI drive efficiency, but open doors for attackers [Help Net Security, Help Net Security]

Ransomware:

Ransomware Disguised as Password Cracker (Extension Changed to .NS1419) [ATCP, ASEC]

Vulnerabilities & Patches:

PayU Plugin Flaw Allows Account Takeover on 5000 WordPress Sites [Alessandro Mascellino, Info Security Magazine]

Roundcube RCE: Dark web activity signals imminent attacks (CVE-2025-49113) [Zeljka Zorz, Help Net Security]

New Secure Boot flaw lets attackers install bootkit malware, patch now [Lawrence Abrams, Bleeping Computer]

Code Execution Flaws Haunt Adobe Acrobat Reader, Adobe Commerce [Ryan Naraine, Security Week]

SmartAttack uses smartwatches to steal data from air-gapped systems [Bill Toulas, Bleeping Computer]

Malware:

Critical Fortinet flaws now exploited in Qilin ransomware attacks [Sergiu Gatlan, Bleeping Computer]

Over 20 Malicious Apps on Google Play Target Users for Seed Phrases [WAQAS, Hack Read]

New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally [Ravie Lakshmanan, The Hacker news]

Cyberattacks:

Largest ever data leak exposes over 4 billion user records [Vilius Petkauskas, Cyber News]

Limited Canva Creator Data Exposed Via AI Chatbot Database [WAQAS, Hack Read]

Peep show: 40K IoT cameras worldwide stream secrets to anyone with a browser [Connor Jones, The Register]