Hear from top cybersecurity leaders at Pentera, AWS, Armis, Recorded Future, and SecurityScorecard. Featured keynotes include Jen Easterly, Former Director of the Cybersecurity and Infrastructure Security Agency, and Erik Nost, Senior Analyst at Forrester. Don’t miss this chance to learn how to reduce cyber risk exposure. Register now and earn up to 3.5 CPE credits!
Digital forensics is shifting from reactive to strategic. Join CyberWire Daily host Dave Bittner this Wednesday, June 11 at 1:00pm ET for a live discussion with experts from Magnet Forensics on key insights from the State of Enterprise DFIR Report. Learn how top teams are evolving their tools, workflows, and talent to reduce risk and respond faster to complex incidents. Register now to join live or access it on-demand.
Microsoft yesterday issued fixes for 67 Windows vulnerabilities, including one actively exploited zero-day, KrebsOnSecurity reports. The zero-day (CVE-2025-33053) affects the Windows implementation of Web Distributed Authoring and Versioning (WebDAV), and can lead to remote code execution. WebDAV is not enabled by default on Windows systems. The Register notes that Microsoft is throttling the Patch Tuesday update for Windows 11 24H2 after identifying "a compatibility issue affecting a limited set of these devices."
Adobe released patches for 259 vulnerabilities across six of its products. The majority of the fixes involved the Experience Manager CMS.
Google and Mozilla have issued new versions of their respective browsers, fixing several high-severity vulnerabilities in Chrome and Firefox.
SecurityWeek has a roundup of patches issued by ICS vendors, including Siemens, Schneider Electric, and Aveva.
ThreatLocker helps organizations reduce risk by allowing trusted applications to run while limiting their access to only the resources they need. It’s a straightforward, default deny approach that gives you more control and visibility—without slowing down operations. Explore how ThreatLocker can help simplify your security strategy.
An Interpol-led law enforcement operation dubbed "Operation Secure" resulted in the seizure of 20,000 IP addresses and 41 servers used by infostealers. The effort, which involved law enforcement agencies in 26 countries, led to the arrests of 32 individuals in Vietnam, Sri Lanka, and Nauru. Interpol added, "Following the operation, authorities notified over 216,000 victims and potential victims so they could take immediate action - such as changing passwords, freezing accounts, or removing unauthorized access."
The Texas Department of Transportation (TxDOT) has disclosed a data breach stemming from an account compromise in its Crash Records Information System (CRIS). The incident, which was discovered on May 12th, allowed a threat actor to download nearly 300,000 crash reports.
TxDOT stated, "Personal information included in crash records may contain: first and last name, mailing and/or physical address, driver license number, license plate number, car insurance policy number and other information." The Department is sending notification letters to affected individuals.
BleepingComputer notes that no ransomware gangs have taken credit for the breach.
Today's issue includes events affecting Nauru, Sri Lanka, the United States, and Vietnam.
Whole Foods warns of shortages after cyberattack at its primary distributor UNFI (TechCrunch) The retail giant described the food shortages as "temporary supply challenges" following the cyberattack at its primary distributor, UNFI.
ConnectWise rotating code signing certificates over security concerns (BleepingComputer) ConnectWise is warning customers that it is rotating the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise RMM executables over security concerns.
CISO who helped unmask Badbox warns: Version 3 is coming (The Register) : The botnet’s still alive and evolving
WhatsApp moves to join Apple’s encryption fight with UK government (The Record) Apple could have a new ally in its fight with the British government over whether it can be forced to retain access to the content of people's iCloud accounts in order to comply with legal warrants.
For a complete running list of events, please visit the Event Tracker.
2025 Space Regulatory Bootcamp (Albuquerque and Virtual, New Mexico, USA, Jun 10 - 11, 2025) ACSP's Bootcamps educate new and established space professionals on must-know fundamentals and arm them for success. The 2025 Space Regulatory Bootcamp, hosted in Albuquerque, New Mexico, is a two day comprehensive industry deep dive with advanced training and meaningful networking. Learn directly from leading subject matter experts on topics including space law, export controls, space telecommunications, government contracting, and more.
AWS re:Inforce 2025 (Philadelphia, Pennsylvania, USA, Jun 16 - 18, 2025) AWS re:Inforce is our annual, immersive, cloud-security learning event delivering hands-on training and collaboration with AWS experts. It’s your opportunity to learn about the latest AWS security innovations, get direct access to the AWS teams and partners who build the security tools you rely on, and connect with cloud security peers from around the world. You’ll leave with actionable next steps to raise your security posture.
