Cyberattack Sunday; June 15th to 21st, 2025
As geopolitical tensions rise, so do the geopolitical cyberattacks.
This week’s Cyberattack Sunday Rundown covers major breaches, advanced malware campaigns and escalating geopolitical hacks ranging from AI-powered deepfakes to record-breaking DDoS attacks.
Anubis Ransomware Adds Wiper to Destroy Files Beyond Recovery
The Anubis ransomware-as-a-service (RaaS) operation has introduced a wiper module that permanently deletes targeted files, making recovery impossible even if the ransom is paid. This tactic increases pressure on victims to comply with ransom demands and marks Anubis as a growing threat in the ransomware landscape.
Sources: https://www.bleepingcomputer.com/news/security/anubis-ransomware-adds-wiper-to-destroy-files-beyond-recovery/
https://www.infosecurity-magazine.com/news/anubis-ransomware-file-wiping/
https://www.securityweek.com/anubis-ransomware-packs-a-wiper-to-permanently-delete-files/
https://thehackernews.com/2025/06/anubis-ransomware-encrypts-and-wipes.html
WestJet Investigates Cyberattack Disrupting Internal Systems
Canadian airline WestJet is investigating a cybersecurity incident that began on June 13, disrupting access to internal systems, its website, and mobile app. The incident may also impact customers, although full scope details are still pending.
Sources: https://www.bleepingcomputer.com/news/security/westjet-investigates-cyberattack-disrupting-internal-systems/
https://www.infosecurity-magazine.com/news/westjet-investigates-cyberattack/
https://www.securityweek.com/canadian-airline-westjet-hit-by-cyberattack/
Over 46,000 Grafana Instances Exposed to Account Takeover Bug
A client-side open redirect vulnerability in Grafana exposes over 46,000 internet-facing instances to account takeover via plugin injection. Known as “Grafana Ghost,” this vulnerability enables attackers to load rogue plugins without admin rights, escalating to full account compromise. Despite available patches, many instances remain unpatched.
Sources: https://www.bleepingcomputer.com/news/security/over-46-000-grafana-instances-exposed-to-account-takeover-bug/
https://www.csoonline.com/article/4007522/grafana-ghost-xss-flaw-exposes-47000-servers-to-account-takeover.html
Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data
Researchers discovered a malicious PyPI package named chimera-sandbox-extensions that impersonated a legitimate Chimera module. The package harvested sensitive credentials, config files, and environment variables from targeted developers, especially those working with AWS and CI/CD pipelines. It was downloaded 143 times before removal.
Sources: https://thehackernews.com/2025/06/malicious-pypi-package-masquerades-as.html
Police Seize Archetyp Market Drug Marketplace, Arrest Admin
Authorities from six countries collaborated to dismantle the Archetyp Market, a darknet marketplace active since May 2020. The platform was known for distributing narcotics and was a major hub in the cybercriminal ecosystem.
Sources: https://www.bleepingcomputer.com/news/security/police-seizes-archetyp-market-drug-marketplace-arrests-admin/
https://www.securityweek.com/archetyp-dark-web-market-shut-down-by-law-enforcement/
https://www.infosecurity-magazine.com/news/archetyp-market-shut-europe/
https://www.csoonline.com/article/4008038/krimineller-online-marktplatz-abgeschaltet.html
Zoomcar Says Hackers Accessed Data of 8.4 Million Users
Indian car-sharing platform Zoomcar disclosed a data breach affecting 8.4 million users. The breach was confirmed after hackers contacted company employees, raising serious concerns about data privacy and internal security measures.
Sources: https://www.securityweek.com/zoomcar-says-hackers-accessed-data-of-8-4-million-users/
https://www.bleepingcomputer.com/news/security/zoomcar-discloses-security-breach-impacting-84-million-users/
https://techcrunch.com/2025/06/16/car-sharing-giant-zoomcar-says-hacker-accessed-personal-data-of-8-4-million-users/
Asheville Eye Associates Says 147,000 Impacted by Data Breach
Asheville Eye Associates revealed a data breach that exposed the personal information of 147,000 individuals. The attack occurred in November 2024 and included data theft that could potentially be exploited for fraud or identity theft.
Sources: https://www.securityweek.com/asheville-eye-associates-says-147000-impacted-by-data-breach/
Washington Post's Email System Hacked, Journalists' Accounts Compromised
The Washington Post suffered a cyberattack that compromised the email accounts of several journalists. The attack is suspected to be the work of a foreign government aiming to surveil or gather intelligence from the newsroom.
Sources: https://www.bleepingcomputer.com/news/security/washington-posts-email-system-hacked-journalists-accounts-compromised/
UNFI Says It’s Recovering from Cyberattack as Grocery Shortages Persist
Food distributor UNFI is recovering from a cyberattack that disrupted supply chains and caused shortages in major grocery outlets including Whole Foods. The attack highlights the fragility of food distribution networks under digital threats.
Sources: https://techcrunch.com/2025/06/16/food-distributor-unfi-says-its-recovering-from-cyberattack-as-grocery-shortages-persist/
https://techcrunch.com/2025/06/17/food-distributor-unfi-says-its-recovering-from-cyberattack-as-grocery-shortages-persist/
Threat Actors Target Victims with HijackLoader and DeerStealer
Cybercriminals are deploying HijackLoader and DeerStealer malware through phishing campaigns using ClickFix lures. These tools are designed to steal credentials and deploy payloads, posing a serious threat to businesses and individuals alike.
Sources: https://www.infosecurity-magazine.com/news/hijackloader-deerstealer-target/
US Seizes $7.74M in Crypto Tied to North Korea’s Global Fake IT Worker Network
The US Department of Justice seized over $7.74 million in crypto assets linked to a global scheme in which North Korean nationals posed as freelance IT workers to funnel money back to the regime. The action disrupts one of North Korea’s covert funding channels.
Sources: https://thehackernews.com/2025/06/us-seizes-774m-in-crypto-tied-to-north.html
Hackers Switch to Targeting US Insurance Companies
Researchers warn that hackers resembling the Scattered Spider group are now breaching US insurance companies. These attacks utilize sophisticated tactics such as SIM swapping, social engineering, and lateral movement within corporate networks.
Sources: https://www.bleepingcomputer.com/news/security/google-warns-scattered-spider-hackers-now-target-us-insurance-companies/
https://www.securityweek.com/us-insurance-industry-warned-of-scattered-spider-attacks/
https://thehackernews.com/2025/06/google-warns-of-scattered-spider.html
Minnesota Shooting Suspect Allegedly Used Data Broker Sites to Find Targets’ Addresses
Authorities allege that a Minnesota shooting suspect used data broker platforms to locate the home addresses of intended victims, underscoring the dangers of publicly accessible personal data and the need for stronger privacy protections.
Sources: https://www.wired.com/story/minnesota-lawmaker-shootings-people-search-data-brokers/
Cyber Threat to Internet Users Remains at Record High
A new study from “Deutschland sicher im Netz” finds that one-third of German internet users experienced phishing attacks in the past year, while the overall digital security index remains at its lowest since 2014. Despite rising threats, user awareness is declining, exacerbating risk across demographic lines.
Sources: https://www.csoonline.com/article/4008028/cyberbedrohung-fur-internet-user-weiter-auf-rekordhoch.html
TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert
A critical command injection vulnerability in TP-Link routers is under active exploitation and has been added to CISA’s Known Exploited Vulnerabilities list. The flaw enables remote code execution and has a CVSS score of 8.8.
Sources: https://thehackernews.com/2025/06/tp-link-router-flaw-cve-2023-33538.html
Recent Langflow Vulnerability Exploited by Flodrix Botnet
Threat actors have exploited CVE-2025-3248, a Langflow server vulnerability, to deploy the Flodrix botnet, turning compromised devices into tools for distributed denial-of-service (DDoS) attacks.
Sources: https://www.securityweek.com/recent-langflow-vulnerability-exploited-by-flodrix-botnet/
https://thehackernews.com/2025/06/new-flodrix-botnet-variant-exploits.html
Asus Armoury Crate Vulnerability Leads to Full System Compromise
A high-severity authorization bypass flaw in Asus Armoury Crate can grant attackers privileged access, potentially allowing them to fully compromise affected systems.
Sources: https://www.securityweek.com/asus-armoury-crate-vulnerability-leads-to-full-system-compromise/
Malicious PyPI Package Targets Chimera Users to Steal AWS Tokens, CI/CD Secrets
A malicious PyPI package named chimera-sandbox-extensions was found harvesting AWS tokens, JAMF and CI/CD variables from developers using the Chimera ML sandbox. It employed a domain generation algorithm and multi-stage payloads to exfiltrate sensitive data.
Sources: https://www.csoonline.com/article/4008240/malicious-pypi-package-targets-chimera-users-to-steal-aws-tokens-ci-cd-secrets.html
Taiwan Hit by Sophisticated Phishing Campaign
A coordinated phishing campaign targeting Taiwanese organizations used tax-themed lures to deliver malware strains like Winos and HoldingHands, reflecting a high degree of targeting and custom payload delivery.
Sources: https://www.infosecurity-magazine.com/news/taiwan-hit-phishing-campaign/
Zyxel Firewall Vulnerability Again in Attacker Crosshairs
Cybercriminals have resumed widespread exploitation of a long-standing vulnerability in Zyxel firewalls, with spikes in activity detected by GreyNoise. The flaw remains unpatched in many exposed systems.
Sources: https://www.securityweek.com/zyxel-firewall-vulnerability-again-in-attacker-crosshairs/
Silver Fox APT Targets Taiwan with Complex Gh0stCringe and HoldingHands RAT Malware
A new phishing campaign attributed to the Silver Fox APT group is targeting Taiwanese users with malware strains like HoldingHands RAT and Gh0stCringe. Fortinet reports this operation is a continuation of earlier attacks using the Winos 4.0 malware framework delivered via fake tax authority messages.
Sources: https://thehackernews.com/2025/06/silver-fox-apt-targets-taiwan-with.html
Hacker Steals 1 Million Cock.li User Records in Webmail Data Breach
Email service Cock.li confirmed a breach after attackers exploited outdated Roundcube webmail software, compromising over 1 million user records. The stolen data includes email addresses, hashed passwords, and possibly IP logs.
Sources: https://www.bleepingcomputer.com/news/security/hacker-steals-1-million-cockli-user-records-in-webmail-data-breach/
Hacklink Marketplace Fuels Surge in Covert SEO Poisoning Attacks
Threat actors are using the Hacklink underground marketplace to conduct covert SEO poisoning attacks. The scheme injects malicious links into legitimate sites to manipulate search rankings and distribute malware.
Sources: https://www.infosecurity-magazine.com/news/hacklink-marketplace-fuels-seo/
New Veeam RCE Flaw Lets Domain Users Hack Backup Servers
Veeam has patched a critical remote code execution (RCE) vulnerability in its Backup & Replication software. The flaw allows domain-authenticated users to compromise backup servers and manipulate stored data.
Sources: https://www.bleepingcomputer.com/news/security/new-veeam-rce-flaw-lets-domain-users-hack-backup-servers/
Instagram 'BMO' Ads Use AI Deepfakes to Scam Banking Customers
Malicious Instagram ads are impersonating major Canadian banks using AI-generated deepfakes to execute phishing campaigns. The ads lure victims to fraudulent sites to harvest financial credentials and personal data.
Sources: https://www.bleepingcomputer.com/news/security/instagram-bmo-ads-use-ai-deepfakes-to-scam-banking-customers/
Pro-Israel Hacktivist Group Claims Responsibility for Alleged Iranian Bank Hack
A hacktivist group aligned with Israel claimed responsibility for a cyberattack on an Iranian bank amid rising geopolitical tensions. The breach appears politically motivated and comes during heightened military activity.
Sources: https://techcrunch.com/2025/06/17/pro-israel-hacktivist-group-claims-responsibility-for-alleged-iranian-bank-hack/
New ClickFix Malware Variant ‘LightPerlGirl’ Targets Users in Stealthy Hack
A new variant of the ClickFix malware dubbed “LightPerlGirl” has been discovered hijacking clipboards and exploiting PowerShell to deliver the Lumma info-stealer. The campaign used a compromised travel site as its vector.
Sources: https://www.securityweek.com/new-clickfix-malware-variant-lightperlgirl-targets-users-in-stealthy-hack/
Paddle Settles for $5 Million Over Facilitating Tech Support Scams
Paddle.com agreed to a $5 million FTC settlement for knowingly enabling fraudulent tech support scams. The scammers used Paddle’s payment platform to extract money from victims, many of whom were older adults.
Sources: https://www.bleepingcomputer.com/news/security/paddle-settles-for-5-million-over-facilitating-tech-support-scams/
Iran Slows Internet to Prevent Cyber Attacks Amid Escalating Regional Conflict
Iran has intentionally throttled nationwide internet speeds to obstruct cyberattacks, particularly those believed to originate from Israel. Officials say the slowdown is a defensive measure in response to increased digital hostilities.
Sources: https://thehackernews.com/2025/06/iran-restricts-internet-access-to.html
Data Breach at Healthcare Services Firm Episource Impacts 5.4 Million People
Hackers stole sensitive health and personal data from Episource, a healthcare SaaS provider serving insurers and providers. The breach affected 5.4 million individuals and was traced back to a January cyberattack.
Sources: https://www.securityweek.com/data-breach-at-healthcare-services-firm-episource-impacts-5-4-million-people/
https://www.bleepingcomputer.com/news/security/episource-says-data-breach-impacts-54-million-patients/
Cybercrime: Fast 800 Illegale Betrugs-Websites Beschlagnahmt
German authorities, in cooperation with Europol and Bulgarian police, seized nearly 800 fraudulent trading websites. The sites lured users with fake crypto investment schemes and were responsible for over 1,000 cases of cyber fraud.
Source: https://www.csoonline.com/article/4008723/cybercrime-fast-800-illegale-betrugs-websites-beschlagnahmt.html
New Linux udisks Flaw Lets Attackers Get Root on Major Linux Distros
Two local privilege escalation vulnerabilities in udisks, used in major Linux distributions, allow attackers to gain root access. Exploits are reportedly simple and may impact thousands of systems.
Source: https://www.bleepingcomputer.com/news/linux/new-linux-udisks-flaw-lets-attackers-get-root-on-major-linux-distros/
Ransomware Group Qilin Offers Legal Counsel to Affiliates
The Qilin ransomware gang now provides legal and negotiation services to its affiliates. Analysts describe Qilin as a “full-service cybercrime platform,” reflecting growing professionalism in ransomware operations.
Source: https://www.infosecurity-magazine.com/news/ransomware-qilin-offers-legal/
Water Curse Employs 76 GitHub Accounts to Deliver Multi-Stage Malware Campaign
Threat group Water Curse has hijacked dozens of GitHub accounts to host malware loaders. The attack chain enables credential theft, session hijacking, and remote persistence via staged payloads.
Source: https://thehackernews.com/2025/06/water-curse-hijacks-76-github-accounts.html
WormGPT Returns: New Malicious AI Variants Built on Grok and Mixtral Uncovered
Two newly discovered WormGPT variants use jailbreaks on Grok and Mixtral LLMs to generate phishing scripts, infostealers, and malware. Distributed via Telegram bots, they circumvent model safety guardrails to aid cybercriminals.
Source: https://www.csoonline.com/article/4008912/wormgpt-returns-new-malicious-ai-variants-built-on-grok-and-mixtral-uncovered.html
Scania Suffers Data Breach in Insurance Claim Extortion Attempt
Scania confirmed threat actors used stolen partner credentials to access its financial systems and steal insurance documents. The data was later leaked on hacking forums in an extortion campaign.
Source: https://www.csoonline.com/article/4008960/scania-von-datenleck-betroffen.html
https://www.bleepingcomputer.com/news/security/scania-confirms-insurance-claim-data-breach-in-extortion-attempt/
40,000 Cameras, From Bird Feeders to Baby Monitors, Exposed to the Internet
A new investigation revealed over 40,000 IP-connected cameras from security CCTV to smart baby monitors were exposed online without protections, leaving them vulnerable to hijacking and spying by cybercriminals.
Source: https://www.404media.co/cameras-exposed-to-the-internet-report/
1,500+ Minecraft Players Infected by Java Malware Masquerading as Game Mods on GitHub
A malware campaign dubbed Stargazers Ghost Network is infecting Minecraft players via fake Java-based mods hosted on GitHub. The multi-stage attack chain steals passwords, crypto wallets, and session tokens.
Sources: https://thehackernews.com/2025/06/1500-minecraft-players-infected-by-java.html
https://www.bleepingcomputer.com/news/security/stargazers-use-fake-minecraft-mods-to-steal-player-passwords/
Hackers Steal and Destroy Millions From Iran’s Largest Crypto Exchange
Iran's crypto exchange Nobitex suffered a politically motivated cyberattack allegedly led by a pro-Israeli hacking group. The attackers reportedly destroyed tens of millions in user funds.
Sources: https://techcrunch.com/2025/06/18/hackers-steal-and-destroy-millions-from-irans-largest-crypto-exchange/
https://www.wired.com/story/israels-predatory-sparrow-hackers-are-waging-cyberwar-on-irans-financial-system/
https://www.bleepingcomputer.com/news/security/pro-israel-hackers-hit-irans-nobitex-exchange-burn-90m-in-crypto/
https://www.infosecurity-magazine.com/news/israeli-hacktivists-steal-burn-90m/
https://www.securityweek.com/predatory-sparrow-burns-90-million-on-iranian-crypto-exchange-in-cyber-shadow-war/
Critical Linux Flaws Discovered Allowing Root Access Exploits
Two critical Linux vulnerabilities allow attackers to escalate privileges to root on major distributions. Researchers warn these flaws are easily exploitable and require urgent patching.
Source: https://www.infosecurity-magazine.com/news/linux-flaws-allowing-root-access/
New Malware Campaign Uses Cloudflare Tunnels to Deliver RATs via Phishing Chains
The SERPENTINE#CLOUD campaign uses Cloudflare Tunnel subdomains and obfuscated Python loaders to distribute memory-injected remote access trojans through phishing attachments and malicious shortcut files.
Source: https://thehackernews.com/2025/06/new-malware-campaign-uses-cloudflare.html
https://www.csoonline.com/article/4009636/phishing-campaign-abuses-cloudflare-tunnels-to-sneak-malware-past-firewalls.html
Gerrit Misconfiguration Exposed Google Projects to Malicious Code Injection
A misconfigured Gerrit instance at Google could have allowed attackers to inject malicious code into projects like ChromiumOS. The issue has been resolved, but it exposed a critical gap in CI/CD access control.
Source: https://www.securityweek.com/gerrit-misconfiguration-exposed-google-projects-to-code-injection/
Russian Hackers Bypass Gmail MFA with App-Specific Password Ruse
Russian threat actors impersonated US State Department officials to trick victims into generating Google app-specific passwords, bypassing multi-factor authentication and gaining account access.
Source: https://www.securityweek.com/russian-hackers-bypass-gmail-mfa-with-app-specific-password-ruse/
North Korean Hackers Deepfake Execs in Zoom Call to Spread Mac Malware
APT group BlueNoroff used deepfaked executives in fake Zoom meetings to distribute macOS malware targeting finance-related employees. The malware was tailored to circumvent Mac security mechanisms.
Source: https://www.bleepingcomputer.com/news/security/north-korean-hackers-deepfake-execs-in-zoom-call-to-spread-mac-malware/
https://thehackernews.com/2025/06/bluenoroff-deepfake-zoom-scam-hits.html
https://www.csoonline.com/article/4009603/north-koreas-bluenoroff-uses-ai-deepfakes-to-push-mac-malware-in-fake-zoom-calls.html
Ryuk Ransomware’s Initial Access Expert Extradited to the US
A key Ryuk ransomware affiliate known for gaining initial access to enterprise networks has been extradited to the US, marking a significant move in law enforcement’s effort to dismantle the group.
Source: https://www.bleepingcomputer.com/news/security/ryuk-ransomwares-initial-access-expert-extradited-to-the-us/
Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign
Google and Citizen Lab revealed a phishing campaign by Russian state-aligned group APT29, which exploited Google’s app-specific password feature to bypass two-factor authentication and access victim inboxes.
Source: https://thehackernews.com/2025/06/russian-apt29-exploits-gmail-app.html
Krispy Kreme Says November Data Breach Impacts Over 160,000 People
Krispy Kreme confirmed that a ransomware attack in November 2024 led to the theft of personal data for more than 160,000 individuals, including names, addresses and health benefit details.
Sources: https://www.bleepingcomputer.com/news/security/krispy-kreme-says-november-data-breach-impacts-over-160-000-people/
https://www.securityweek.com/krispy-kreme-confirms-data-breach-after-ransomware-attack/
Researchers Warn of 'Living off AI' Attacks After PoC Exploits Atlassian's AI Agent Protocol
Security researchers from Cato Networks demonstrated how attackers could abuse Atlassian’s AI agent MCP framework to initiate covert attacks via legitimate AI communications infrastructure.
Source: https://www.infosecurity-magazine.com/news/atlassian-ai-agent-mcp-attack/
Chain IQ, UBS Data Stolen in Ransomware Attack
Procurement firm Chain IQ and up to 19 partner organizations, including UBS, were hit by a ransomware attack resulting in the theft of millions of files. The attackers are now demanding ransom for the data.
Source: https://www.securityweek.com/chain-iq-ubs-data-stolen-in-ransomware-attack/
https://www.infosecurity-magazine.com/news/ubs-employee-data-exposed-third/
https://www.csoonline.com/article/4009662/chain-iq-data-theft-highlights-need-to-oversee-third-party-suppliers.html
Telecom Giant Viasat Breached by China's Salt Typhoon Hackers
Chinese state-sponsored threat group Salt Typhoon infiltrated satellite telecom provider Viasat in an espionage operation that also targeted multiple other U.S. and global telecoms.
Source: https://www.bleepingcomputer.com/news/security/telecom-giant-viasat-breached-by-chinas-salt-typhoon-hackers/
New Campaigns Distribute Malware via Open Source Hacking Tools
Researchers discovered over 100 GitHub accounts spreading malware through open source hacking tools, marking a major campaign aimed at developers and security researchers.
Source: https://www.securityweek.com/new-campaigns-distribute-malware-via-open-source-hacking-tools/
North Korean Hackers Deploy Python-Based Trojan Targeting Crypto
The APT group Famous Chollima used fake job platforms to lure crypto professionals and infect them with a Python-based remote access trojan known as PylangGhost.
Source: https://www.infosecurity-magazine.com/news/north-korean-hackers-python-trojan/
Banana Squad’s Stealthy GitHub Malware Campaign Targets Devs
Threat actors dubbed Banana Squad used GitHub to distribute obfuscated Python malware disguised as legitimate developer tools, targeting unsuspecting programmers.
Source: https://www.infosecurity-magazine.com/news/banana-squads-github-malware/
https://www.csoonline.com/article/4010125/github-hit-by-a-sophisticated-malware-campaign-as-banana-squad-mimics-popular-repos.html
Godfather Android Malware Now Uses Virtualization to Hijack Banking Apps
The Godfather malware creates isolated virtual environments on Android devices to impersonate and manipulate legitimate banking apps, stealing sensitive data and transaction access.
Sources: https://www.bleepingcomputer.com/news/security/godfather-android-malware-now-uses-virtualization-to-hijack-banking-apps/, https://www.securityweek.com/godfather-android-trojan-creates-sandbox-on-infected-devices/
https://thehackernews.com/2025/06/new-android-malware-surge-hits-devices.html
Hackers Access Legacy Systems in Oxford City Council Cyberattack
A cyberattack on Oxford City Council exposed personal data of current and former staff, including election workers, through compromised legacy systems.
Source: https://www.securityweek.com/hackers-access-legacy-systems-in-oxford-city-council-cyberattack/
200+ Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
Over 200 malicious GitHub repos were found masquerading as game cheats and hacking tools, delivering Python-based infostealers in a continuation of the “Banana Squad” malware campaign.
Source: https://thehackernews.com/2025/06/67-trojanized-github-repositories-found.html
Russia Expert Falls Prey to Elite Hackers Disguised as U.S. Officials
A leading Russian disinformation expert was targeted by elite hackers, likely Russian state actors, using impersonated US government officials in a spear phishing campaign.
Source: https://www.infosecurity-magazine.com/news/russia-expert-elite-hackers-us/
Cloudflare Tunnels Abused in New Malware Campaign
Attackers are increasingly abusing Cloudflare Tunnels to deploy malware like Python loaders in stealthy campaigns, bypassing traditional firewall and domain-blocking defenses.
Source: https://www.securityweek.com/cloudflare-tunnels-abused-in-new-malware-campaign/
Hackers Shut Down German Hardware Chain Leymann Baustoffe
A cyberattack forced the closure of all 14 locations of Leymann Baustoffe in Germany, with full IT systems disabled and operations running only by cash or invoice to known customers.
Source: https://www.csoonline.com/article/4009949/hacker-legen-leymann-baustoffe-lahm.html
Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider
Cloudflare thwarted the largest-ever recorded DDoS attack, which peaked at 7.3 Tbps and delivered 37.4 TB of data in under a minute, targeting an unnamed hosting provider.
Source: https://thehackernews.com/2025/06/massive-73-tbps-ddos-attack-delivers.html
FreeType Zero-Day Found by Meta Exploited in Paragon Spyware Attacks
Meta and WhatsApp identified a FreeType zero-day (CVE-2025-27363) exploited in Paragon spyware attacks, used to infiltrate devices via messaging services.
Source: https://www.securityweek.com/freetype-zero-day-found-by-meta-exploited-in-paragon-spyware-attacks/
Motors Theme Vulnerability Exploited to Hack WordPress Websites
Threat actors exploited a critical bug in the WordPress Motors theme to reset user passwords, potentially allowing site takeovers and credential theft.
Source: https://www.securityweek.com/motors-theme-vulnerability-exploited-to-hack-wordpress-websites/
Iran's State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions
Iran's state-owned broadcaster was interrupted to show protest messages calling for civil unrest. While the attacker’s identity remains unconfirmed, Iran suspects Israeli involvement. The incident follows recent cyber tensions involving crypto infrastructure attacks.
Source: https://thehackernews.com/2025/06/irans-state-tv-hijacked-mid-broadcast.html
‘Martyrdom or Bust:’ Texas Man Caught Plotting Terror Attack Through Roblox Chats
A Texas man was arrested after using Roblox to discuss plans for a terror attack, including targeting Christians and researching suicide bombings. FBI agents discovered his intentions through intercepted messages and internet search history.
Source: https://www.404media.co/martyrdom-or-bust-texas-man-caught-plotting-terror-attack-through-roblox-chats/
M&S and Co-op Hacks Classified as Single Cyber Event
The UK Cyber Monitoring Centre has labeled recent attacks on Marks & Spencer and Co-op as a Category 2 systemic event, citing significant economic disruption. Scattered Spider has claimed responsibility for both incidents.
Source: https://www.infosecurity-magazine.com/news/ms-coop-hacks-single-event/
Aflac Discloses Breach Amidst Scattered Spider Insurance Attacks
Insurance firm Aflac confirmed a breach amid broader attacks on US insurers attributed to Scattered Spider. The attackers may have accessed sensitive personal and health data, including Social Security numbers.
Sources: https://www.bleepingcomputer.com/news/security/aflac-discloses-breach-amidst-scattered-spider-insurance-attacks/, https://www.securityweek.com/aflac-finds-suspicious-activity-on-us-network-that-may-impact-social-security-numbers-other-data/
Alrighty… did I miss anything?