June 13, 2025 • By info@thehackernews.com (The Hacker News)

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that ransomware actors are targeting unpatched SimpleHelp Remote Monitoring and Management (RMM) instances to compromise customers of a utility billing software provider. The agency noted that this incident reflects a broader pattern of ransomware actors targeting organizations through unpatched versions of SimpleHelp RMM since January 2025. SimpleHelp had previously disclosed a set of flaws that could result in information disclosure, privilege escalation, and remote code execution. These vulnerabilities have been exploited in the wild, including by ransomware groups like DragonForce, to breach targets of interest. CISA outlined mitigations that organizations can implement to better respond to the ransomware activity, including patching SimpleHelp instances and not paying ransoms. The agency warned that paying ransoms may embolden adversaries to target additional organizations and fund illicit activities. Additionally, Broadcom-owned Symantec detailed a Fog ransomware attack targeting a financial institution in Asia, which used a combination of dual-use and open-source pentesting tools. The Fog ransomware variant is capable of targeting both Windows and Linux endpoints and has claimed 100 victims since the start of the year. The attacks are characterized by the use of advanced techniques to escalate privileges and evade detection, including deploying malicious code directly in memory and disabling security tools. The threat actors also used legitimate employee monitoring software and open-source pen-testing tools to deliver the ransomware. The incident highlights the complex and evolving nature of ransomware attacks, with threat actors using various tactics and techniques to compromise organizations and extort money. It also underscores the importance of patching vulnerabilities, implementing robust security measures, and not paying ransoms to prevent and respond to ransomware attacks.

June 13, 2025 • By Catherine Brock, Contributor, Catherine Brock, Contributor https://www.forbes.com/sites/wealth-planning-insights/people/catherinebrock/

The article discusses six AI stocks to buy now for future growth. These companies are: 1. Upstart Holdings: An AI-powered lending marketplace that streamlines loan applications and improves access to affordable debt. 2. Snowflake: A cloud-based data warehouse and platform for AI and analytics applications. 3. CrowdStrike: A cybersecurity solution that uses AI to detect and block malware and digital threats. 4. Ambarella: A designer and seller of low-power vision processors for edge AI applications. 5. Arm Holdings: A company that designs and licenses high-performance, energy-efficient CPUs and GPUs. 6. The Trade Desk: An ad-buying platform that uses AI to analyze and identify valuable ad placements. These companies have strong market opportunities, projected growth, and competitive positioning, making them potential future stars in the AI industry. The article advises investors to opt for companies using their competitive advantages to establish leadership positions in big markets and to be patient but ready to adjust their portfolios as the industry evolves.

June 13, 2025 • By Tammy Homegardner, Forbes Councils Member, Tammy Homegardner, Forbes Councils Member https://www.forbes.com/councils/forbescoachescouncil/people/tammyhomegardner/

The article discusses the current job market, which may seem chaotic due to layoffs, AI taking over, and companies freezing hiring. However, the author argues that there are still plenty of opportunities available, and the key is to adjust one's strategy to match today's reality. Some industries are contracting, such as large tech firms and media companies, but others are actively hiring, including those in AI, cybersecurity, healthcare support, clean energy, and logistics. These industries are not always hiring for traditional roles and may use unconventional methods. The author suggests that the job market feels bleak because people are more likely to share their job hunt frustrations on social media, while successes are less often celebrated. Additionally, job seekers are applying to many roles through online boards and hearing nothing back, which can be discouraging. To succeed in this market, the author recommends the following strategies: 1. Tailor your resume for each role and highlight how you solve problems. 2. Stop relying solely on job boards and tap into the hidden job market. 3. Use LinkedIn wisely to connect with others in your field and make your profile searchable. 4. Highlight results and accomplishments rather than just responsibilities. 5. Close skill gaps by taking short courses to stay sharp. 6. Be patient and strategic, as hiring may take longer in 2025. The author predicts that hiring will remain cautious but steady, with a focus on skills-based hiring and more "bridge" opportunities like contract-to-hire roles. Candidates who are agile, proactive, and ready to show how they solve problems will rise to the top. By adjusting one's approach and embracing a mindset of strategy over speed, quality over quantity, and value over buzzwords, job seekers can find their place in the evolving job market.

June 13, 2025 • By Eric Giesecke, Forbes Councils Member, Eric Giesecke, Forbes Councils Member https://www.forbes.com/councils/forbestechcouncil/people/ericgiesecke/

The article discusses the true cost of legacy software and how it can be detrimental to businesses. Legacy software systems can be costly to maintain, with expenses including infrastructure investment, software licenses, maintenance, and support. Additionally, these systems can create knowledge dependency, IT complexity, and security risks. The article highlights the benefits of modern cloud-based platforms, including scalability, integration, and access to emerging innovations. It also notes that cloud solutions can unlock significant value, with McKinsey estimating that companies that strategically integrate cloud across their operations could unlock up to $3 trillion in value globally. The article provides guidance on how to transition from legacy software to cloud-based solutions, including securing team buy-in, preparing for short-term disruption, and starting with core operations. Overall, the article emphasizes the importance of understanding the true cost of legacy software and considering modernization to improve agility, security, and long-term value creation.

June 13, 2025 • By Robex Resources Inc.

Robex Resources Inc, a West African gold producer, has provided a construction update for its Kiniero Gold Project in Guinea. The project is on track to deliver first gold in Q4 2025, with construction activities progressing well against the schedule. The majority of concrete for the process plant has been completed, and structural steel erection is underway. The company has ordered all necessary materials, and deliveries are arriving on site regularly. Robex's Managing Director, Matthew Wilcox, expressed satisfaction with the progress, citing the company's ability to execute its plans and maintain its schedule. The company remains well-positioned to advance the construction of Kiniero and realize first gold production by Q4 2025.

June 13, 2025 • By Pierluigi Paganini

Here is a concise summary of the news article, within the 8173 token limit: **Multiple Cybersecurity Threats and Breaches Reported** Recent cybersecurity news includes: * Palo Alto Networks fixed multiple privilege escalation flaws. * A cyberattack on United Natural Foods caused bread shortages. * Paraguay suffered a data breach, leaking 7.4 million citizen records. * Apple confirmed a Messages app flaw was actively exploited. * Trend Micro fixed critical bugs in Apex Central and TMEE PolicyServer. * Other reported breaches and threats include: + Roundcube RCE bug exploitation + SinoTrack GPS device flaws + U.S. CISA adding various flaws to its Known Exploited Vulnerabilities catalog + Operation Secure: INTERPOL dismantling malicious IPs + China-linked threat actors targeting organizations worldwide + Various ransomware attacks, including LockBit and Medusa + Exploitation of vulnerabilities in Cisco, Fortinet, and other products **New Threats and Techniques Emerge** * New botnets, such as BadBox 2.0 and HTTPBot, have been discovered. * Threat actors are using fake AI tools and CSS to create evasive phishing messages. * Researchers have found one-click RCE in ASUS's pre-installed software DriverHub. * A critical flaw in OpenPGP.js allows attackers to spoof message signatures. **Law Enforcement and Regulatory Actions** * U.S. CISA has added various flaws to its Known Exploited Vulnerabilities catalog. * The U.S. Treasury has sanctioned a firm for facilitating cyber scams. * Police have taken down counter-antivirus services and arrested individuals involved in cybercrime. * Regulatory actions include fines and warnings issued to companies for cybersecurity failures.

June 13, 2025 • By Ellen Jennings-Trace

A cyberattack on NHS Professionals, a private company owned by the Department of Health and Social Care, resulted in the theft of its Active Directory data in May 2024. The attack, which was not publicly disclosed, used a compromised Citrix account to gain initial access. The attackers then stole a valuable file and moved laterally inside the organization's network, but no data or information was compromised. A lack of multi-factor authentication and endpoint detection and response solutions were cited as primary reasons for the breach. NHS Professionals worked with partners to investigate the incident and remains committed to high standards of cybersecurity. The attack is suspected to be tied to the Scattered Spider group, which has carried out similar ransomware attacks in the past.

June 13, 2025 • By Chris Tozzi

A risk appetite statement is a document that outlines the level of risk an organization is willing to take to achieve its goals. It helps establish a foundation for managing risk and provides room for innovation and growth. The statement specifies the amount and types of risk the organization is willing to accept and defines the extent to which it will accept potential negative business outcomes. Writing a risk appetite statement involves several steps, including: 1. Identifying the types of risk the organization needs to manage 2. Evaluating strategic objectives to inform the risk appetite statement 3. Assessing the relationship between identified business risks and goals 4. Defining an acceptable risk level for each risk domain 5. Writing the risk appetite statement in clear and unambiguous wording The statement should be communicated to the entire organization and incorporated into the risk management process. It's typically led by the risk management team and overseen by the chief risk officer. Business stakeholders from across the organization should be involved in the process to ensure the statement reflects the appropriate risk appetite levels. Examples of risk appetite statements for companies in specific industries, such as financial services, healthcare, and technology, can be found online. A downloadable template can be used to create a simple and concise risk appetite statement. The template includes a table that can be expanded or reduced based on the number of risk domains included in the statement. Risk appetite statements should be updated regularly to keep them current with business objectives and priorities. There are two basic approaches for reviewing and updating risk appetite statements: reviewing at regular intervals and revisiting when a major development occurs. Using both approaches in tandem is the best way to ensure the statement remains relevant and effective.

June 13, 2025 • By James Coker

A vulnerability in the SimpleHelp Remote Monitoring and Management (RMM) tool has been exploited by ransomware actors to compromise customers of a utility software billing provider. The Cybersecurity and Infrastructure Security Agency (CISA) warned that this incident is part of a broader pattern of ransomware attacks targeting organizations through unpatched SimpleHelp RMM versions since January 2025. The vulnerability, CVE-2024-57727, allows unauthenticated remote attackers to download arbitrary files, including server configuration files and hashed user passwords. CISA urges software vendors, downstream customers, and end users to determine if they have been compromised and apply mitigations, including upgrading to the latest SimpleHelp version or applying workarounds.

June 13, 2025 • By Alatas, Kenzu

There is no news article provided. Please provide the article you would like me to summarize.

June 13, 2025 • By Editorial Team

The provided text is not a news article, but rather a list of authors and their affiliations, along with a disclaimer and links to Finextra's policies. There is no news content to summarize.

June 13, 2025 • By semafor.com

Bipul Sinha, CEO of Rubrik, a Palo Alto cybersecurity company, has an unconventional approach to leadership. He founded the company with three friends in 2014 and has implemented unique strategies, such as allowing staff to attend board meetings and reorganizing the 3,000-plus employees into two groups. Sinha emphasizes the importance of staying ahead of change, stating "there is no sustenance mode" for CEOs, implying that comfort and complacency are not options in today's fast-paced business environment.

June 13, 2025 • By kevinokemwa@outlook.com (Kevin Okemwa) , Kevin Okemwa

Researchers from Aim Labs discovered a critical vulnerability, dubbed 'EchoLeak', in Microsoft 365 Copilot, allowing bad actors to access sensitive user data without interaction. Microsoft has since patched the issue, assigning it the identifier CVE-2025-32711, and stated that no user data was compromised. The vulnerability, an LLM scope violation, could have allowed attackers to access chat histories, OneDrive documents, and more. Microsoft has updated its products to mitigate the issue and integrated defense mechanisms to bolster security. The company appreciates Aim Labs for responsibly reporting the issue, which was fixed before any customers were impacted.

June 13, 2025 • By JUNAID IBRAHIM

MCA president Datuk Seri Dr Wee Ka Siong expressed concerns over the government's Mobile Phone Data collection exercise, citing potential for abuse and invasion of privacy. He proposed seven measures to address these concerns, including transparent anonymisation protocols, independent audits, and reform of the Personal Data Protection Act. Dr Wee questioned the need for collecting detailed phone call and internet logs, warning of risks of misuse and surveillance. He urged the government to call off the exercise, citing instances of dissenting voices being targeted by authorities. Instead, he suggested focusing on pressing issues like cybersecurity and online scams.

June 13, 2025 • By Christopher Pappas

The article discusses the benefits of simulation training for employee performance and highlights the top companies providing simulation training services. Simulation training allows employees to practice and make decisions in a safe, controlled environment, which improves retention and confidence. The article features companies such as SweetRush, CommLab India, ELB Learning, and others that offer immersive simulation training experiences. These companies use advanced technologies like Virtual Reality, AI, and XR to create realistic scenarios for various industries, including healthcare, aviation, and corporate training. The article also provides guidance on selecting the right simulation training company, considering factors like specialization, industry experience, and customer reviews. Overall, simulation training is a proven method for improving employee performance, and the featured companies are at the forefront of this innovative approach to learning and development.

June 13, 2025 • By James Bickerton

A 29-year-old Donald Trump supporter, Jake Lang, who spent four years in prison for alleged involvement in the January 6, 2021, Capitol Hill riot, has announced his bid for the Florida Senate seat. Lang was never convicted of any offenses and had charges dropped against him after Trump pardoned around 1,500 people convicted over their involvement in the riot. Lang denies any wrongdoing, claiming he acted in self-defense, and blames law enforcement for the violence. He is running for the Senate seat vacated by Marco Rubio and currently occupied by Republican Senator Ashlee Moody, with the goal of advancing Trump's "Make America Great Again" agenda. Lang has deep ties to Florida, with both his grandparents and mother living in the state, and he has lived there himself for different spans. He believes that those imprisoned over the January 6 riot should receive compensation for lost livelihoods and damages. Lang's campaign has connections to Trump's team, although the former president has not commented on his bid.

June 13, 2025 • By MarketBeat News

Harbor Capital Advisors Inc. increased its stake in CrowdStrike Holdings, Inc. (NASDAQ:CRWD) by 43.5% in the 1st quarter, owning 4,396 shares worth $1,550,000. Other institutional investors also adjusted their stakes, with FPC Investment Advisory Inc. increasing its position by 811.1% and ST Germain D J Co. Inc. by 426.3%. Insiders, including Director Sameer K. Gandhi and CAO Anurag Saha, sold shares valued at $106,359,058 over the last 90 days. CrowdStrike reported $0.73 EPS for the quarter, beating estimates, with revenue up 19.8% year-over-year. Analysts forecast $0.55 EPS for the current fiscal year. The company provides cybersecurity solutions, offering a unified platform for endpoint, cloud workload, identity, and data protection.