Security Bulletin

T-Mobile had 64 million records purportedly stolen from its systems exposed on a data leak site, Cybernews reports.

Malicious actors could exploit the novel TokenBreak attack technique to compromise large language models' tokenization strategy and evade implemented safety and content moderation protections, reports The Hacker News.

Cybersecurity threats, including distributed denial-of-service attacks and web exploits, against public interest organizations averted by Cloudflare's Project Galileo reached 108.9 billion between May 2024 and March 2025, which was 241% higher than...

BleepingComputer reports that at least two journalists in Europe, including Italian Ciro Pellegrino, had their iPhones subjected to zero-click attacks exploiting the zero-day flaw, tracked as CVE-2025-43200, to deploy Paragon's Graphite spyware...

New Predator spyware activity identified Intellexa's Predator spyware has reemerged with advanced obfuscation capabilities in multiple locations following public exposure and sanctions last year, reports CyberScoop.

These groups suffered three times the cyberattacks as the year previous, with DDoS attacks dominating and vulnerability scans and SQL injection also more common.

A 2025. 24. hetére vonatkozó hírválogatás, amely az NBSZ NKI által 2025.06.06. és 2025.06.12. között kezelt incidensek statisztikai adatait is tartalmazza.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

[This is a Guest Diary by Michal Ambrozkiewicz, an ISC intern as part of the SANS.edu Bachelor's Degree in Applied Cybersecurity (BACS) program [1].]

The JavaScript obfuscation method produces working code using only six ASCII characters.

Researchers at Aim Security disclosed a Microsoft Copilot vulnerability of critical severity this week that could have enabled sensitive data exfiltration via prompt injection attacks.