* Google Gemini Vulnerability Enables Email Summary Phishing Attacks

* McDonald's AI Hiring Platform Exposes 64 Million Job Applications Through Weak Password Security

* Critical eSIM Vulnerability Exposes Over 2 Billion IoT Devices to Malicious Attacks

* Small Businesses Face Disproportionate Cyber Threats, Should Big Tech Do More?

* Organisation Increasingly Adopting AI Tools for Cybersecurity

* Ingram Micro Suffers Global Outage Following SafePay Ransomware Attack

* Critical Sudo Vulnerabilities Enable Local Users to Gain Root Access Across Major Linux Distributions

* Over 40 Fake Cryptocurrency Wallet Extensions Infiltrate Firefox Store to Steal Digital Assets

* Let's Encrypt Introduces Free IP Address Certificates, Challenging Traditional Domain Name Model

* ChatGPT URL Errors Create New Phishing Opportunities for Cybercriminals

* CommBank Deploys AI Bot Army with Australian Accents to Trap Scammers

* Former Student Charged Over Extensive Western Sydney University Cyber Attack Campaign

* NSW Public Hospitals Face Critical Cybersecurity Gaps Despite $40 Million Annual Investment

* APRA Warns Labor Government That Cyberattacks on Super Funds Could Threaten Banking System

* Qantas Confirms Major Cyber Incident Exposing Six Million Customer Records

Massive 16 Billion Credential Compilation Not a New Data Breach, Experts Clarify

https://cybernews.com/security/billions-credentials-exposed-infostealers-data-leak/

Hackers Exploit Gmail App Passwords to Bypass Multi-Factor Authentication

https://citizenlab.ca/2025/06/russian-government-linked-social-engineering-targets-app-specific-passwords/

https://cloud.google.com/blog/topics/threat-intelligence/creative-phishing-academics-critics-of-russia

China's Military Adopts Generative AI for Intelligence Operations

https://www.recordedfuture.com/research/artificial-eyes-generative-ai-chinas-military-intelligence

Hackers Compromise Over 70 Microsoft Exchange Servers with Keylogger Attacks

https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/exchange-mutations-malicious-code-in-outlook-pages

US House Bans WhatsApp on Government Devices Over Security Concerns

https://www.axios.com/2025/06/23/whatsapp-house-congress-staffers-messaging-app

* Australian Regulator Orders Superannuation Funds to Strengthen Authentication After Cyber Attacks

* Researchers Expose Massive Dark Advertising Network Using Fake CAPTCHAs to Spread Disinformation and Malware

* Apple Patches Zero-Click Messaging Vulnerability Exploited to Target European Journalists with Israeli Spyware

* Scattered Spider Cybercrime Group Shifts Focus to US Insurance Industry After Retail Attacks

* Massive JavaScript Malware Campaign Infects Over 269,000 Websites Using Novel Obfuscation Technique

* Extortion Group Briefly Resells Old Ticketmaster Data Stolen in 2024 Snowflake Attacks

* OpenAI Shuts Down 10 Malicious Operations Using ChatGPT for Cyber Attacks and Disinformation

* Single Threat Actor Behind 100+ Backdoored GitHub Repositories Targeting Cybercriminals

* Over 84,000 Roundcube Webmail Instances Exposed to Critical Remote Code Execution Flaw

* Massive Supply Chain Attack Targets npm and PyPI Ecosystems, Affecting Nearly One Million Weekly Downloads

Australia Implements Mandatory Ransomware Payment Disclosure Rules Under New Cyber Security Framework

Phishing Campaign Targets CFOs Globally Using Legitimate NetBird Remote Access Tool

Critical Vulnerability in GitHub MCP Integration Allows Private Repository Data Theft

Critical Flaws Discovered in Popular Software Bill of Materials Generation Tools

Microsoft Authenticator Begins Warning Users to Export Passwords Before July Deadline

Special thanks to Justin Butterfield and J A Zien for contributing to this week’s articles

* Dozens of Malicious NPM Packages Discovered Harvesting System and Network Intelligence

* TikTok Becomes New Vector for ClickFix Malware Campaign Targeting User Credentials

* Australian Cyber Agency Warns of Russian GRU Targeting Western Logistics and Tech Companies

* Apple Blocks Record $9 Billion in Fraudulent Transactions Across Five-Year Security Crackdown

https://socket.dev/blog/60-malicious-npm-packages-leak-network-and-host-data

https://www.trendmicro.com/en_us/research/25/e/tiktok-videos-infostealers.html

https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/russian-gru-targeting-western-logistics-entities-and-technology-companies

https://www.apple.com/newsroom/2025/05/the-app-store-prevented-more-than-9-billion-usd-in-fraudulent-transactions/