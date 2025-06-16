Some of the biggest security problems start quietly. No alerts. No warnings. Just small actions that seem normal but aren't. Attackers now know how to stay hidden by blending in, and that makes it hard to tell when something's wrong.

This week's stories aren't just about what was attacked—but how easily it happened. If we're only looking for the obvious signs, what are we missing right in front of us?

Here's a look at the tactics and mistakes that show how much can go unnoticed.

⚡ Threat of the Week

Apple Zero-Click Flaw in Messages Exploited to Deliver Paragon Spyware — Apple disclosed that a security flaw in its Messages app was actively exploited in the wild to target civil society members in sophisticated cyber attacks. The vulnerability, CVE-2025-43200, was addressed by the company in February as part of iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, watchOS 11.3.1, and visionOS 2.3.1. The Citizen Lab said it uncovered forensic evidence that the flaw was weaponized to target Italian journalist Ciro Pellegrino and an unnamed prominent European journalist and infect them with Paragon's Graphite mercenary spyware.

🔔 Top News

Microsoft Fixes WebDAV 0-Day Exploited in Targeted Attacks — Microsoft addressed a zero-day bug in Web Distributed Authoring and Versioning (WebDAV) that was exploited by a threat actor known as Stealth Falcon (aka FruityArmor) as part of highly targeted attacks to deliver Horus Agent, a custom implant built for the Mythic command-and-control (C2) framework. Horus Agent is believed to be an evolution of the customized Apollo implant, an open-source .NET agent for Mythic framework, that was previously put to use by Stealth Falcon between 2022 and 2023. "The new Horus Agent appears to be written from scratch," according to Check Point. "In addition to adding custom commands, the threat actors placed additional emphasis on the agent's and its loader's anti-analysis protections and counter-defensive measures. This suggests that they have deep knowledge of both their victims and/or the security solutions in use."

‎️‍🔥 Trending CVEs

Attackers love software vulnerabilities – they're easy doors into your systems. Every week brings fresh flaws, and waiting too long to patch can turn a minor oversight into a major breach. Below are this week's critical vulnerabilities you need to know about. Take a look, update your software promptly, and keep attackers locked out.

This week's list includes — CVE-2025-43200 (Apple), CVE-2025-32711 (Microsoft 365 Copilot), CVE-2025-33053 (Microsoft Windows), CVE-2025-47110 (Adobe Commerce and Magento Open Source), CVE-2025-43697, CVE-2025-43698, CVE-2025-43699, CVE-2025-43700, CVE-2025-43701 (Salesforce), CVE-2025-24016 (Wazuh), CVE-2025-5484, CVE-2025-5485 (SinoTrack), CVE-2025-31022 (PayU CommercePro plugin), CVE-2025-3835 (ManageEngine Exchange Reporter Plus), CVE-2025-42989 (SAP NetWeaver), CVE-2025-5353, CVE-2025-22463, CVE-2025-22455 (Ivanti Workspace Control), CVE-2025-5958 (Google Chrome), CVE-2025-3052 (DT Research DTBios and BiosFlashShell), CVE-2025-2884 (TCG TPM2.0 reference implementation), CVE-2025-26521 (Apache CloudStack), CVE-2025-47950 (CoreDNS), CVE-2025-4230, CVE-2025-4232 (Palo Alto Networks PAN-OS), CVE-2025-4278, CVE-2025-2254, CVE-2025-5121, CVE-2025-0673 (GitLab), CVE-2025-47934 (OpenPGP.js), CVE-2025-49219, CVE-2025-49220 (Trend Micro Apex Central), CVE-2025-49212, CVE-2025-49213, CVE-2025-49216, CVE-2025-49217 (Trend Micro Endpoint Encryption PolicyServer), CVE-2025-4922 (HashiCorp Nomad), CVE-2025-36631, CVE-2025-36632, CVE-2025-36633 (Tenable Nessus Agent), CVE-2025-33108 (IBM Backup, Recovery, and Media Services), CVE-2025-6029 (KIA-branded Aftermarket Generic Smart Keyless Entry System), and a patch bypass for CVE-2024-41713 (Mitel MiCollab).

📰 Around the Cyber World

Kazakh and Singapore Authorities Disrupt Criminal Networks — Kazakh authorities said they dismantled a network that was using Telegram to illegally sell citizens' personal data extracted from government databases. More than 140 suspects were arrested in connection with the scheme, including business owners and alleged administrators of Telegram channels used to peddle the stolen information, according to officials. If convicted, the suspects could face up to five years in prison and a fine. The development came as the Singapore Police Force (SPF), in partnership with authorities from Hong Kong, Macao, Malaysia, Maldives, South Korea, and Thailand, announced the arrests of 1,800 subjects between April 28 and May 28 for their involvement in various online scams. The cross-border anti-scam initiative has been codenamed Operation FRONTIER+. "The subjects, aged between 14 and 81, are believed to be involved in more than 9,200 scam cases, comprising mainly government official impersonation scams, investment scams, rental scams, internet love scams, friend impersonation scams, job scams, and e-commerce scams, where victims reportedly lost over S$289 million (approximately USD225 million)," the SPF said. "More than 32,600 bank accounts suspected to be linked to scams were detected and frozen by the participating law enforcement agencies, with more than S$26.2 million (approximately USD20 million) seized in these bank accounts." Singapore officials said they arrested 106 people locally who were responsible for 1,300 scams that netted them about $30 million.

🎥 Cybersecurity Webinars

AI Agents Are Leaking Data — Learn How to Fix It Fast ➝ AI tools often connect to platforms like Google Drive and SharePoint—but without the right settings, they can accidentally expose sensitive data. In this webinar, experts from Sentra will show simple, real-world ways these leaks happen and how to stop them. If you're using AI in your business, don't miss this fast, clear guide to securing it before something goes wrong.

AI tools often connect to platforms like Google Drive and SharePoint—but without the right settings, they can accidentally expose sensitive data. In this webinar, experts from Sentra will show simple, real-world ways these leaks happen and how to stop them. If you're using AI in your business, don't miss this fast, clear guide to securing it before something goes wrong. They're Faking Your Brand—Stop AI Impersonation Before It Spreads ➝ AI-driven attackers are mimicking brands, execs, and employees in real-time. Join this session to see how Doppel detects and blocks impersonation across email, social media, and deepfakes—before damage is done. Fast, adaptive protection for your reputation.

🔧 Cybersecurity Tools

CRADLE ➝ It is an open-source web platform built for cyber threat intelligence (CTI) analysts. It simplifies threat investigation workflows by enabling teams to collaborate in real-time, map relationships between threat actors and indicators, and generate detailed intelligence reports. Designed with modular architecture, CRADLE is easy to extend and runs locally using Docker for quick setup and testing.

It is an open-source web platform built for cyber threat intelligence (CTI) analysts. It simplifies threat investigation workflows by enabling teams to collaborate in real-time, map relationships between threat actors and indicators, and generate detailed intelligence reports. Designed with modular architecture, CRADLE is easy to extend and runs locally using Docker for quick setup and testing. Newtowner ➝ It is a security testing tool that helps identify weaknesses in network trust boundaries by simulating traffic from different global cloud providers and CI/CD environments. It allows you to detect misconfigurations—such as overly permissive access from specific data centers—by comparing HTTP responses from multiple sources like GitHub Actions, AWS, and EC2. This is especially useful in modern cloud setups where implicit trust between internal services can lead to serious security gaps.

🔒 Tip of the Week

4 Hidden Ways You're Tracked (and How to Fight Back) ➝ Most people know about cookies and ads, but companies now use sneaky technical tricks to track you—even if you're using a VPN, private mode, or a hardened browser. One method gaining attention is localhost tracking: apps like Facebook and Instagram silently run a web server inside your phone. When you visit a website with a hidden code, it can ping this server to see if the app is installed—leaking your activity back to the app, without your permission.

Another trick is port probing. Some websites scan your device to check if developer tools or apps are running on certain ports (like 3000 or 9222). This reveals what software you use or whether you're running a specific company's tool—leaking clues about your job, device, or activity. Sites may even detect browser extensions this way.

On mobile, some websites silently test if apps like Twitter, PayPal, or your banking app are installed by triggering invisible deep links. If the app opens or responds, they learn what apps you use. That's often used for profiling or targeted phishing. Also, browser cache abuse (using things like ETags or service workers) can fingerprint your browser—even across private tabs—keeping you identifiable even when you think you're clean.

How to protect yourself:

Uninstall apps you rarely use, especially ones from big platforms.

Use browsers like Firefox with uBlock Origin and enable "Block outsider intrusion into LAN."

On mobile, use hardened browsers like Bromite or Firefox Focus, and block background data for apps using tools like NetGuard.

Clear browser storage often, and use temporary containers or incognito containers to isolate sessions.

These aren't tinfoil hat ideas—they're real-world methods used by major tech firms and trackers today. Staying private means going beyond ad blockers and learning how the web really works behind the scenes.

Conclusion

What goes undetected often isn't invisible—it's just misclassified, minimized, or misunderstood. Human error isn't always a technical failure. Sometimes it's a story we tell ourselves about what shouldn't happen.

Review your recent alerts. Which ones were ignored because they didn't "feel right" for the threat profile? The cost of dismissal is rising—especially when adversaries bank on it.