Hear from top cybersecurity leaders at Pentera, AWS, Armis, Recorded Future, and SecurityScorecard. Featured keynotes include Jen Easterly, Former Director of the Cybersecurity and Infrastructure Security Agency, and Erik Nost, Senior Analyst at Forrester. Don’t miss this chance to learn how to reduce cyber risk exposure. Register now and earn up to 3.5 CPE credits!
Digital forensics is shifting from reactive to strategic. Join CyberWire Daily host Dave Bittner this Wednesday, June 11 at 1:00pm ET for a live discussion with experts from Magnet Forensics on key insights from the State of Enterprise DFIR Report. Learn how top teams are evolving their tools, workflows, and talent to reduce risk and respond faster to complex incidents. Register now to join live or access it on-demand.
President Trump signed an Executive Order on Friday revising cybersecurity-related orders from the Obama and Biden administrations (13694 and 14144, respectively). Notably, the new order "limits the application of cyber sanctions only to foreign malicious actors, preventing misuse against domestic political opponents and clarifying that sanctions do not apply to election-related activities." The EO also removes Biden-era digital identity mandates, which the White House claims "risked widespread abuse by enabling illegal immigrants to improperly access public benefits."
POLITICO notes that the order includes a number of "less controversial directives" related to secure software development, encryption protocols, post-quantum cryptography, and AI-assisted vulnerability management.
ThreatLocker helps organizations reduce risk by allowing trusted applications to run while limiting their access to only the resources they need. It’s a straightforward, default deny approach that gives you more control and visibility—without slowing down operations. Explore how ThreatLocker can help simplify your security strategy.
Researchers at PRODAFT warn that the Qilin ransomware gang is targeting unpatched FortiGate appliances to gain initial access, exploiting critical vulnerabilities including CVE-2024-21762 and CVE-2024-55591, Security Affairs reports. These vulnerabilities received patches last year, and organizations are urged to ensure their Fortinet software is up-to-date.
PRODAFT states, "The attack is fully automated, with only victim selection done manually." The researchers added, "Our observations indicate a particular interest in Spanish-speaking countries, as reflected in the data presented in the table below. However, despite this regional focus, we assess that the group continues to select its targets opportunistically, rather than following a strict geographical or sector-based targeting pattern."
Rhode Island-based United Natural Foods, the largest publicly traded wholesale food distributor in the US and Canada, has disclosed a cyberattack that forced it to shut down some systems, BleepingComputer reports. The company said the incident, which occurred on June 5th, has affected its ability to fulfill customer orders.
The company said in an SEC filing, "The incident has caused, and is expected to continue to cause, temporary disruptions to the Company’s business operations. The Company is working actively to assess, mitigate, and remediate the incident with the assistance of third-party cybersecurity professionals and has notified law enforcement. Pursuant to its business continuity plans, the Company has implemented workarounds for certain operations in order to continue servicing its customers where possible. The Company is continuing to work to restore its systems to safely bring them back online."
Today's issue includes events affecting , and the United States.
iMessage Zero-Click Attacks Suspected in Targeting of High-Value Individuals (SecurityWeek) iVerify links iPhone crashes to sophisticated zero-click attacks via iMessage targeting individuals involved in politics in the EU and US.
Newspaper giant Lee Enterprises says nearly 40,000 Social Security numbers leaked in ransomware attack (The Record) Lee Enterprises notified regulators in Maine of the impact on customer data after a ransomware attack in February that caused significant disruptions.
Security Compass Acquires Devici to Expand Threat Modeling Capabilities (BusinessWire) Strategic acquisition enhances Security Compass’s threat modeling capabilities
Europe arms itself against cyber catastrophe (Politico) EU to train with militaries, industry, and NATO to better fend off large-scale cyberattacks.
For a complete running list of events, please visit the Event Tracker.
2025 Space Regulatory Bootcamp (Albuquerque and Virtual, New Mexico, USA, Jun 10 - 11, 2025) ACSP's Bootcamps educate new and established space professionals on must-know fundamentals and arm them for success. The 2025 Space Regulatory Bootcamp, hosted in Albuquerque, New Mexico, is a two day comprehensive industry deep dive with advanced training and meaningful networking. Learn directly from leading subject matter experts on topics including space law, export controls, space telecommunications, government contracting, and more.
AWS re:Inforce 2025 (Philadelphia, Pennsylvania, USA, Jun 16 - 18, 2025) AWS re:Inforce is our annual, immersive, cloud-security learning event delivering hands-on training and collaboration with AWS experts. It’s your opportunity to learn about the latest AWS security innovations, get direct access to the AWS teams and partners who build the security tools you rely on, and connect with cloud security peers from around the world. You’ll leave with actionable next steps to raise your security posture.
