OWASP 2025 conference, KEV and RCE.
Attending the OWASP 2025 conference last week offered a valuable glimpse into the local application security landscape, providing a clear picture of current trends and market direction. Over the years, we've seen many technologies and methodologies emerge. These include cloud-native architectures to APIs, agile development, and shift-left security — each reshaping how we build and protect software. But this time, something felt fundamentally different. The software has reached a tipping point! AI is here.
Meanwhile, in the real world, active exploitations are causing tangible damage to businesses and users, with patches being deployed globally to address vulnerabilities. Yet another RCE vulnerability has surfaced in the wild—what a start to the first week of June.
Will AI save us?
Until next time, keep it safe!
Lior
United Natural Foods Hit by Cyberattack
Grocery wholesale giant United Natural Foods (UNFI) revealed a cyberattack that disrupted operations and forced the invocation of business continuity plans. The firm engaged law enforcement and external cybersecurity experts to investigate. They implemented workarounds to maintain services while bringing systems back online. An investigation is ongoing to determine the extent of the breach and theft of customer or supplier data.
bleepingcomputer.com
Old AT&T Data Leak Repackaged
Data from a 2021 AT&T breach—previously split into separate datasets—has resurfaced in a combined file linking 49 million phone numbers to SSNs and DOBs. The threat actor republished this merged data on June 5, raising alarm over the re‑exposure of sensitive personal information. Security experts stress that even old breaches can resurface with renewed risk. AT&T has not yet issued a public notice regarding the repackaged leak.
bleepingcomputer.com
Critical Fortinet Flaws Exploited by Qilin Ransomware
A coordinated Qilin ransomware campaign, dubbed “Phantom Mantis,” has exploited multiple FortiGate vulnerabilities (e.g., CVE‑2024‑21762, CVE‑2024‑55591) since late May. PRODAFT intelligence confirms that these critical weaknesses paved the way for initial access and ransomware deployment across sectors. Affected organizations are urged to apply Fortinet patches immediately to stop the active intrusions.
bleepingcomputer.com
CISA Adds Five KEV Vulnerabilities
On June 2, CISA updated its Known Exploited Vulnerabilities (KEV) catalog with five new CVEs under active attack. This includes two ASUS router flaws, two affecting Craft CMS, and one in ConnectWise ScreenConnect. Federal agencies and critical infrastructure operators must remediate these within 21 days under BOD 22‑01 guidelines. The addition underscores the increasing exploitation of widely deployed systems.
cisa.gov
PathWiper Malware Disrupts Ukraine’s Critical Infrastructure
Russia-linked actors deployed “PathWiper,” a destructive malware aimed at Ukrainian critical systems in early June. The attack overwrote data on target infrastructure, causing permanent damage. SecurityWeek reports the campaign reflects escalating cyber tactics used in geopolitical conflicts. The public revelation raises alarm over targeted ransomware-like actions beyond extortion.
securityweek.com
Cisco ISE/CCP Flaws with Public Exploits
On June 4, Cisco released patches for three vulnerabilities in its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP) that already have public exploit code. These flaws could allow attackers to escalate privileges or disrupt services. Cisco recommends emergency patching and disabling affected modules until updates are deployed.
bleepingcomputer.com
New Supply‑Chain Malware Hits npm and PyPI
On June 6, “Aikido” malware tainted multiple open-source packages on npm and PyPI repositories. Attackers injected malicious code, enabling cryptomining, data theft, and service disruption. Users are advised to audit dependencies and remove compromised packages to prevent infection spread. The incident highlights persistent risks in open‑source supply chains.
thehackernews.com
