Cybercriminals are rapidly evolving their tactics, employing advanced tools and unconventional methods to breach systems, steal data, and exploit unsuspecting users, ranging from the UNK_SneakyStrike campaign targeting Microsoft Entra ID accounts using TeamFiltration to SmartAttack, which covertly extracts data from air-gapped systems via smartwatch-received ultrasonic signals. Adding to the threat landscape, over 39,000 travel-related websites were created in May 2025 alone, with many mimicking trusted platforms like Airbnb and Booking.com to scam vacationers. Continue reading for more cybersecurity news from the last 24 hours.
01
An active account takeover campaign, UNK_SneakyStrike, has been leveraging the TeamFiltration pentesting tool to target Microsoft Entra ID accounts.
02
A novel attack technique known as SmartAttack has been exploiting smartwatches to covertly receive ultrasonic signals and extract data from air-gapped systems, bypassing physical isolation barriers.
03
A recent cyber campaign has been identified that injects obfuscated JavaScript, known as JSFireTruck, into legitimate websites, redirecting users to malicious content such as malware and phishing pages.
04
A significant coordinated attack on Apache Tomcat Manager has been discovered that involves nearly 400 unique IP addresses.
05
Researchers have discovered a sophisticated MaaS botnet for sale on hacking forums, leveraging blockchain-based C2, Ethereum smart contracts, and Node.js runtime.
06
As per a report, in May 2025, over 39,000 vacation-related websites were created, with many used in scams targeting travelers by faking sites like Airbnb and Booking.com.
07
A vulnerability in the Insyde H2O UEFI firmware application allows attackers to inject digital certificates via an unprotected NVRAM variable.
08
A critical zero-click AI vulnerability named EchoLeak was discovered in Microsoft 365 Copilot, allowing attackers to exfiltrate sensitive data without user interaction.
09
Israeli cybersecurity startup Hirundo secured $8 million in a seed funding round led by Maverick Ventures Israel, with participation from AI.FUND, Alpha Intelligence Capital, and others.
10
LevelBlue, a cloud-based, AI-driven Managed Security Service Provider (MSSP), has acquired Aon’s cybersecurity division, Stroz Friedberg.
