Gentlemen RaaS Unifies HexKiller, ThrottleBlood, and HavocKiller in New Evasion Suite
The Gentlemen RaaS operation has integrated HexKiller, ThrottleBlood, and HavocKiller into a unified EDR evasion suite to neutralize security solutions globally. This framework utilizes a standardized defense evasion layer and rapid BYOVD weaponization to support its aggressive double-extortion campaigns.
MDR Provider Comparison: Time to Discover and Respond to Threats
MDR Provider Comparison: Time to Discover and Respond to Threats evaluates how leading MDR providers optimize Mean Time to Respond (MTTR) to minimize the impact of security breaches. By benchmarking against the Verizon 2025 Data Breach Investigations Report, the guide highlights that providers like ESET, CrowdStrike, and Sophos utilize varying combinations of automation and analyst oversight to achieve distinct response speeds.
France and Germany Boost Digital Sovereignty Push
France and Germany are strengthening digital sovereignty by establishing a common framework and launching a 13 billion euro investment fund to support European tech innovation. This initiative aims to reduce reliance on non-European providers and enhance cybersecurity in response to growing geopolitical risks.
Microsoft links Mastra AI supply chain attack to North Korean hackers
Microsoft has attributed the Mastra AI supply chain attack, which compromised over 140 npm packages, to the North Korean threat actor Sapphire Sleet. The hackers hijacked a maintainer account to deploy malware designed to steal cryptocurrency and sensitive developer credentials.
New Prinz Eugen ransomware prioritizes recent files for encryption
The Prinz Eugen ransomware prioritizes the encryption of recently modified files to maximize operational impact and business disruption. This Go-based malware operates without a ransom note to reduce its forensic footprint, instead relying on out-of-band communication for extortion.
Inside GentleKiller: The EDR-Killer Powering The Gentlemen
The Gentlemen ransomware group provides its affiliates with a centralized, standardized EDR-killer suite called GentleKiller to disable security tools via BYOVD exploits. This framework allows the group to rapidly weaponize new vulnerabilities and lower the operational entry barrier for their affiliates.
CyberSentinel AI with 33 Security Tools, Including Nmap, SQLMap, ZAP, and uses Claude, GPT
CyberSentinel AI v3.0 is an open-source, autonomous cybersecurity platform that integrates 33 penetration testing tools within an isolated Kali Linux Docker sandbox. It utilizes a provider-agnostic AI engine to execute scans and perform real-time analysis while supporting local inference via Ollama for complete data privacy.
User Scanner is a powerful 2-in-1 OSINT suite designed for deep email and username intelligence across over 285 platforms. It enables users to map digital footprints, extract profile metadata, and perform data breach checks via integration with Hudson Rock.
TD Bank informed some employees in its financial crimes and risk management team that it will use software to monitor their work. The software, provided by ActiveOps, will track time spent on various applications to help managers manage workflows and performance. While TD claims the software is standard industry practice and safeguards privacy, employees raised concerns about consent, privacy, and potential use for performance management.
Canadian dollar hits 14-month low as core retail sales decline | Reuters
The Canadian dollar weakened to a 14-month low against the US dollar, influenced by declining oil prices and subdued retail sales data. The loonie traded at 1.4180 per US dollar, down 0.3% for the day and 1.3% for the week. Analysts attribute the decline to the war premium draining out of oil and easing concerns about broader de-escalation in the Middle East.
Maine breach portal abused to publish fake data breach disclosures
Maine breach portal abused to publish fake data breach disclosures is a report detailing how scammers are exploiting the Maine Attorney General’s breach portal by submitting unverified, fraudulent notifications. Because the portal lacks independent verification, companies like VRChat and Discord have been falsely linked to data breaches, highlighting the urgent need for users to confirm such claims directly with the affected organizations.
Judge allows Canadian spy agency to disinfect Canadian devices
The Canadian Security Intelligence Service has obtained a court warrant to proactively remove malware from infected Canadian devices associated with an unnamed proxy botnet. This operation aims to disinfect compromised servers, home routers, and smart devices used by threat actors to disguise their malicious traffic.
A data breach at the Texas Parks & Wildlife department has exposed the driver’s license and passport information of over 3 million individuals. Hackers gained access through a third-party vendor that manages the state’s hunting and fishing license system.
24 Billion Stolen Credentials Exposed in Massive Data Leak - Security Affairs
A massive data leak involving 24 billion stolen credentials was recently discovered in an exposed Elasticsearch cluster, posing a significant risk of account takeovers. Experts warn that users should prioritize multi-factor authentication and avoid password reuse to mitigate the dangers of this exposure.
These Popular Snacks Contain High Levels of Additives - Consumer Reports
An investigation by Consumer Reports and Yuka found that over a third of tested popular processed snacks contain additives or contaminants at levels exceeding safe daily intake recommendations. These findings highlight significant risks associated with the current U.S. regulatory system, which often permits substances linked to cancer, DNA damage, and neurobehavioral issues.
AMD has quietly removed Transparent Secure Memory Encryption (TSME) from consumer Ryzen CPUs via a recent AGESA firmware update, leaving users vulnerable to physical memory attacks. The company has not provided a clear explanation for this change, though it appears to be a deliberate effort to restrict the security feature exclusively to its Pro lineup.
UAE sets minimum social media age at 15, mandates age checks | Reuters
The UAE has set a minimum age of 15 for social media use and mandated age checks.
Apple’s A12 and A13 Chips Facing New Unpatchable Exploit - MacRumors
Apple’s A12 and A13 chips are affected by a new, unpatchable BootROM exploit called usbliter8 that leverages a hardware bug in the USB controller. Because this vulnerability exists within the chip’s permanent hardware, it cannot be fixed via software updates and leaves affected devices permanently susceptible to unauthorized code execution.
A widespread cybercrime campaign dubbed FortiBleed has compromised tens of thousands of Fortinet firewalls and VPNs globally by exploiting known passwords rather than software vulnerabilities. Hackers are using these compromised devices as listening posts to harvest additional credentials and expand their reach across major corporate and government networks.
Peter Thiel’s Secret Club Exposed After Records Leak | Times Now
Peter Thiel’s Secret Club Exposed After Records Leak reports that a massive data breach revealed the membership and private agendas of Dialog, an exclusive, invitation-only retreat for high-profile figures. The leaked documents exposed sensitive personal information and revealed that members gather to discuss controversial geopolitical and philosophical topics away from public scrutiny.
Authorities investigating cyberattack on Singapore-based Global Schools Foundation - CNA
Singaporean authorities are investigating a cyberattack on the Global Schools Foundation after the hacking group FulcrumSec allegedly stole 4.8TB of sensitive data. The organization has confirmed a security incident and is currently working with regulators to assess the impact on students, staff, and parents.
New Data: Three Outages and Customers Will Look Elsewhere
New Data: Three Outages and Customers Will Look Elsewhere reveals that 60% of consumers will switch providers after three service outages due to eroding customer trust. To mitigate revenue and reputation risks, organizations must prioritize permanent resolutions and improved communication over temporary fixes.
The Government of Canada has strengthened cyber security and critical infrastructure through the Royal Assent of Bill C-8, which amends the Telecommunications Act and introduces the Critical Cyber Systems Protection Act. This legislation mandates stricter security measures for operators in the finance, telecommunications, energy, and transportation sectors to defend against evolving digital threats.
ShinyHunters claims Kodak hack | Cybernews
The ShinyHunters ransomware group claims to have stolen over 2.2 million Eastman Kodak records and has threatened to leak the data if the company does not respond by June 18th. Kodak has not publicly confirmed the data breach or the validity of the extortion claim.
5.4 million Swedes listed in alleged data breach | Cybernews
A data breach involving 5.4 million Swedes has been claimed by hackers, though experts suggest the information may simply be compiled from publicly available records. While the legitimacy of the hack is unverified, the aggregation of this personal data increases the risk of phishing and social engineering attacks.