This posting is here to collect cyber security news in June 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in June 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
178 Comments
Tomi Engdahl says:
Vulnerabilities Exposed Phone Number of Any Google User
Google has awarded $5,000 to a researcher who found security holes that enabled brute-forcing the phone number of any user.
https://www.securityweek.com/vulnerabilities-exposed-phone-number-of-any-google-user/
Google recently patched a series of vulnerabilities that could have been exploited to obtain the phone number of any user.
Details of the exploit were made public on Monday by the Singapore-based researcher who reported it to the tech giant.
The researcher, who uses the online monikers Brutecat and Skull, said he came across the vulnerabilities after disabling JavaScript in his browser in an effort to determine whether any Google services still worked without JavaScript.
He found that account recovery forms still worked, and they also allowed him to check — using two HTTP requests — whether a recovery email address or phone number was associated with a specified account display name.
Further tests showed that he could also obtain the actual phone number associated with a specified display name through a brute-force attack. Google’s rate limiting protections were bypassed by using different IPv6 addresses for each request and a BotGuard token obtained from Google.
Bruteforcing the phone number of any Google user
https://brutecat.com/articles/leaking-google-phones
Tomi Engdahl says:
Chinese Hackers and User Lapses Turn Smartphones Into a ‘Mobile Security Crisis’
Foreign hackers have increasingly identified smartphones, other mobile devices and the apps they use as a weak link in U.S. cyberdefenses.
https://www.securityweek.com/chinese-hackers-and-user-lapses-turn-smartphones-into-a-mobile-security-crisis/
Tomi Engdahl says:
Artificial Intelligence
Going Into the Deep End: Social Engineering and the AI Flood
AI is transforming the cybersecurity landscape—empowering attackers with powerful new tools while offering defenders a chance to fight back. But without stronger awareness and strategy, organizations risk falling behind.
By
Trevin Edgeworth
| June 4, 2025 (9:05 AM ET)
Flipboard
Reddit
Whatsapp
Email
Deepfake AI Threat
It should come as no surprise that the vast majority of data breaches involve the “human element.” The 2025 Verizon Data Breach Investigations Report cites that human compromise held relatively steady year over year at nearly 70% of breaches. Human emotions and tendencies – and the massive variation in what influences each individual – are a massively dynamic vulnerability. Most equate Social Engineering with vague promises of riches to be had, or urgent or even threatening missives that require immediate action to avoid consequences. On the plus side, increased awareness has brought about a healthy skepticism in individuals and organizations toward something unexpected from a not completely familiar source.
Unfortunately, with the rapid rise and advancement of Artificial Intelligence (AI), criminals have powerful new tools to boost not only the believability of scams, but also the volume of humans they can attack quickly – and as they say, the bad guys only need to be right once. However, AI can also be an equally potent ally for defenders in accelerating their ability to identify and blunt the impact of human targeting and compromise. While this may look like the age old, “cat and mouse” game between attackers and defenders, we’ve reached another crossroads, where an exponential jump in attack capability needs to be met with an equal jump in defensive response to at least keep pace.
Let’s look at the AI “pool” of capabilities and challenges available to attackers and defenders, and the AI development representing a springboard that can launch the bad guys onto a new level – Deepfakes.
“Learning” to Sink or Swim
Systems that can learn “autonomously” have not only been a staple of Hollywood for decades, but also a capability touted by security vendors for many years. Unfortunately, as with any new capability, there are many that overstate the capabilities to ride the wave of popularity and profitability. So, while in the early days anti-virus vendors effectively leveraged machine learning to continuously improve and iterate on malware detection signatures, it of course wasn’t long before any learning capabilities were termed “AI.”
While early AI capabilities may have more accurately been described as “Artificially Inflated”, the speed at which we’ve moved from more basic machine learning to AI based on powerful Large Language Models (LLMs), cannot be overstated, or underestimated.
To put it bluntly, with today’s LLMs everything can be better, faster, bigger, and more precise. For attackers, they ae already aggressively leveraging AI for better attack lure crafting and automating attacks at scale. They’ve even begun to use gen-AI for malware adaptation/evasion. While not seen widely in the wild yet, these advancements portend an inevitable trend toward autonomous ransomware and malware in the not too distant future.
But fear not, or at least not yet, because AI can be a powerful tool for defensive purposes. LLMs enable defensive “needle” hunting at much greater scale. The speed at which LLMs can analyze massive “haystacks” of data and activity and find the anomalies has become exponentially more efficient. Additionally, by drawing from the attackers’ own playbooks, Red Teams can and are using AI to craft and conduct more effective simulations and training. However, there is something emerging quickly from the depths that warrants a healthy dose of fear, both of what’s already possible, and what will likely soon breach the surface in spectacular fashion.
Advertisement. Scroll to continue reading.
Zero Trust + AI
In over our heads
The “White Whale” we have already begun to face are Deepfakes and real-time human imitation that represent a transformational change for attacks and attackers. Attackers have already proven the unsettling effectiveness of pre-recorded deepfakes to more easily override the default skepticism by projecting not only the appearance of validity in a request, but cloning the complete likeness of a known requestor.
Deepfakes are in the proof-of-concept stage where the majority of attacks are still more along the traditional lines. But just an inventory of this year, we’ve seen:
Criminals net $25 million convincingly posing as a company CFO
Malicious actors livestream deepfakes of Tim Cook pushing cryptocurrencies during the most recent Apple launch event.
Actors try to dupe a top Senator into commenting on a political position and candidate regarding Ukraine
Criminals – thankfully unsuccessfully – attempt to impersonate the CEO of Ferrari
From an end-user security perspective, the challenge of Deepfakes are not unlike the move to the cloud. We moved from high control and visibility over “infrastructure and assets” — with enforceable guardrails in both tech and process – to wild west deployment of new assets where we were forced to rely too much on policy as the primary guardrail. With regards to Deepfakes, the relative “rough around the edges” quality of current real-time deepfakes are like managing a hybrid cloud model, but full cloud native is on the horizon.
What’s most concerning about this is that defensive AI seems to be getting bogged down in automation and filtering, and inordinately focusing on indicators of compromise, not indicators of vulnerability. To keep pace and hope to blunt the coming deepfake tsunami, we need more defensive AI development that is about human analysis and augmentation – with regards to both defensive and offensive testing of end user communications.
No lifeguard on duty – yet
To get right to the point, the bad guys have a major hand up in this race. They have a range of easily accessible, open-source tools to choose from, and with which they can begin to act today and with minimal investment.
Conversely, the good guys have lost control of what were once foundational verification inputs in voice and image, and there are no reliable technical countermeasures that are widely available. There are for sure efforts underway that show promise, such as the DARPA SemaFor project. They are working furiously to train detections and remove workarounds. But perfecting that will take time, and then broad deployment will take more.
Until reliable and repeatable tech is available, the best weapon in the defensive arsenal is situational awareness and continuous vigilance. Organizations need to be having discussions about this now and reorienting people and processes to create barriers to human exploitation. I live in Arizona, and we are neighbors – and sometimes unwitting houseguests – with the Bark Scorpion, the most venomous scorpion in North America. They are nocturnal, so when they are most active is when you are least likely to see them. However, they have a natural “tell” that exposes their presence. UV light, even at a safe distance, causes them to glow. Why do I bring this up? Because organizations can expose multiple “tells” associated with deepfakes, including:
Just as in the Ferrari case, require multi-factor interactions thatgo beyond voice and image, and include elements like presence verification (e.g call back numbers), unique knowledge (e.g. shared personal details/experiences) and/or verbal queues (e.g. passphrases) for sensitive communications and tasks.
In the same vein, something I’ll call “Egoless” Verification. Educate on and promote/encourage a more aggressive culture of skepticism and confirmation of requestors and requested actions. If everyone – from administrative to the C-Suite – is subject to extra steps, no one can feel pressured to act faster than necessary.
Undertaking Open Source Intelligence (OSINT) to inventory content that could serve to train deepfake models (public videos, live presentations, investor calls, podcasts, etc.) to understand those individuals in the organization who are most susceptible to deepfake creation.
Investing time and resources more heavily in crisis management tools such as tabletop exercises to train both individual and team “muscle memory” in identification, escalation and response with regards to anomalous acts.
Learn More at the AI Risk Summit
Related: How Hackers Manipulate Agentic AI With Prompt Engineering
Related: How Agentic AI will be Weaponized for Social Engineering Attacks
Written By Trevin Edgeworth
Trevin Edgeworth is the Red Team Practice Director at Bishop Fox, where he focuses on building and leading adversary emulation services to help customers strengthen their defenses against current and emerging threats. With over 20 years of security experience, he has built and overseen red team programs for several Fortune 500 companies, including American Express, Capital One Financial, and Symantec. Trevin has led a variety of security functions in his career, including cyber threat intelligence, hunt, deception, insider threat, and others.
More from Trevin Edgeworth
How Do You Know If You’re Ready for a Red Team Partnership?
Zero to Hero – A “Measured” Approach to Building a World-Class Offensive Security Program
Failure, Rinse, Repeat: Why do Both History and Security Seem Doomed to Repeat Themselves?
DORA’s Deadline Looms: Navigating the EU’s Mandate for Threat Led Penetration Testing
Latest News
Exploited Vulnerability Impacts Over 80,000 Roundcube Servers
Vulnerabilities Exposed Phone Number of Any Google User
Whole Foods Distributor United Natural Foods Hit by Cyberattack
Chinese Hackers and User Lapses Turn Smartphones Into a ‘Mobile Security Crisis’
Chinese Espionage Crews Circle SentinelOne in Year-Long Reconnaissance Campaign
Guardz Banks $56M Series B for All-in-One SMB Security
Mirai Botnets Exploiting Wazuh Security Platform Vulnerability
React Native Aria Packages Backdoored in Supply Chain Attack
Trending
Trump Cybersecurity Executive Order Targets Digital Identity, Sanctions Policies
iMessage Zero-Click Attacks Suspected in Targeting of High-Value Individuals
Misconfigured HMIs Expose US Water Systems to Anyone With a Browser
Chinese Espionage Crews Circle SentinelOne in Year-Long Reconnaissance Campaign
HPE Says Personal Information Stolen in 2023 Russian Hack
US Seeks Forfeiture of $7.74M in Cryptocurrency Tied to North Korean IT Workers
React Native Aria Packages Backdoored in Supply Chain Attack
Google Warns of Vishing, Extortion Campaign Targeting Salesforce Customers
Daily Briefing Newsletter
Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Webinar: Rethinking Endpoint Hardening for Today’s Attack Landscape
June 11, 2025
Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.
Register
Virtual Event: Cloud & Data Security Summit
July 16, 2025
Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.
Register
People on the Move
Orchid Security has appointed a new Chief Product Officer and three advisors.
Kaseya has appointed Rania Succar as Chief Executive Officer.
Identity security company Silverfort has appointed Howard Greenfield as President and Chief Revenue Officer.
More People On The Move
Expert Insights
Beyond GenAI: Why Agentic AI Was the Real Conversation at RSA 2025
Agentic AI can be a great tool for many of the ‘gray area’ tasks that SOC analysts undertake. (Marc Solomon)
Security Theater or Real Defense? The KPIs That Tell the Truth
In the end, cybersecurity isn’t just about collecting data. It’s about proving that your defenses actually work. (Torsten George)
Taming the Hacker Storm: Why Millions in Cybersecurity Spending Isn’t Enough
Despite massive investment, the explosion of sophisticated malware and deepfake attacks persists because organizations struggle to verify digital identities and establish fundamental trust. (Stu Sjouwerman)
Is AI Use in the Workplace Out of Control?
Trying to block AI tools outright is a losing strategy. SaaS and AI are increasingly inseparable, and AI isn’t limited to tools like ChatGPT or Copilot anymore. (Alastair Paterson)
Sharing Intelligence Beyond CTI Teams, Across Wider Functions and Departments
CTI, digital brand protection and other cyber risk initiatives shouldn’t only be utilized by security and cyber teams. (Marc Solomon)
Flipboard
Reddit
Whatsapp
Email
SecurityWeek
Popular Topics
Cybersecurity News
Industrial Cybersecurity
Security Community
Virtual Cybersecurity Events
Webcast Library
CISO Forum
AI Risk Summit
ICS Cybersecurity Conference
Cybersecurity Newsletters
Stay Intouch
Cyber Weapon Discussion Group
RSS Feed
Security Intelligence Group
Follow SecurityWeek on LinkedIn
About SecurityWeek
Advertising
Event Sponsorships
Writing Opportunities
Feedback/Contact Us
News Tips
Got a confidential news tip? We want to hear from you.
Submit Tip
Advertising
Reach a large audience of enterprise cybersecurity professionals
Contact Us
Daily Briefing Newsletter
Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.
Privacy Policy
Copyright © 2025 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.
Daily Briefing Newsletter
https://www.securityweek.com/going-into-the-deep-end-social-engineering-and-the-ai-flood/
Tomi Engdahl says:
Exploited Vulnerability Impacts Over 80,000 Roundcube Servers
Exploitation of a critical-severity RCE vulnerability in Roundcube started only days after a patch was released.
https://www.securityweek.com/exploited-vulnerability-impacts-over-80000-roundcube-servers/
More than 80,000 Roundcube webmail servers are affected by a critical-severity remote code execution (RCE) vulnerability that has already been exploited in attacks.
Tracked as CVE-2025-49113 (CVSS score of 9.9), the flaw is described as a post-authentication RCE via PHP Object Deserialization and impacts all Roundcube versions released over the past decade (1.1.0 through 1.6.10).
According to security researcher Kirill Firsov, who reported the security defect, the root cause is a flawed logic incorrectly evaluating variable names that begin with an exclamation mark (!), which leads to session corruption and PHP Object Injection.
Tomi Engdahl says:
Laura Onita / Financial Times:
UK retailer M&S begins accepting online orders again, seven weeks after disclosing a sustained cyberattack that cost it up to £300M in this financial year
https://www.ft.com/content/82861589-ea5c-44f1-a1ce-cb3907e84eee
Tomi Engdahl says:
Joseph Cox / 404 Media:
Researcher brutecat finds a vulnerability that revealed the phone number linked to any Google account via brute forcing phone numbers; Google fixed the issue
A Researcher Figured Out How to Reveal Any Phone Number Linked to a Google Account
Joseph Cox Joseph Cox
·
Jun 9, 2025 at 10:00 AM
Phone numbers are a goldmine for SIM swappers. A researcher found how to get this precious piece of information from any Google account.
https://www.404media.co/a-researcher-figured-out-how-to-reveal-any-phone-number-linked-to-a-google-account/
Tomi Engdahl says:
Matthew Green / Cryptographic Engineering:
An analysis of X’s new XChat features shows that X can probably decrypt users’ messages, as it holds users’ private keys on its servers
A bit more on Twitter/X’s new encrypted messaging
https://blog.cryptographyengineering.com/2025/06/09/a-bit-more-on-twitter-xs-new-encrypted-messaging/
Matthew Garrett has a nice post about Twitter (uh, X)’s new end-to-end encryption messaging protocol, which is now called XChat. The TL;DR of Matthew’s post is that from a cryptographic perspective, XChat isn’t great. The details are all contained within Matthew’s post, but here’s a quick TL;DR:
There’s no forward secrecy. Unlike Signal protocol, which uses a double-ratchet to continuously update the user’s secret keys, the XChat cryptography just encrypts each message under a recipient’s long-term public key. The actual encryption mechanism is based on an encryption scheme from libsodium.
User private keys are stored at X. XChat stores user private keys at its own servers. To obtain your private keys, you first log into X’s key-storage system using a password such as PIN. This is needed to support stateless clients like web browsers, and in fairness it’s not dissimilar to what Meta has done with its encryption for Facebook Messenger and Instagram. Of course, those services use Hardware Security Modules (HSMs.)
X’s key storage is based on “Juicebox.” To implement their secret-storage system, XChat uses a protocol called Juicebox. Juicebox “shards” your key material across three servers, so that in principle the loss or compromise of one server won’t hurt you.
Tomi Engdahl says:
ChatGPT:llä ei mene hyvin juuri nyt
Vikailmoitusten määrä räjähti iltapäivällä.
https://www.is.fi/digitoday/art-2000011291048.html
Tunnetuin tekoälychatbot ChatGPT kärsii parhaillaan teknisistä ongelmista.
ChatGPT:n tilannesivun mukaan palvelussa on ongelmia ainakin kolmella osa-alueella: itse ChatGPT-chatbotissa, videota tekstistä luovassa Sora-tekoälymallissa sekä rajapinnoissa, joiden avulla muut palvelut käyttävät OpenAI:n tekoälymalleja.
Palvelun mukaan ongelmiin kuuluvat lisääntyneet virheet sekä merkittävät viiveet. Virhealttiuden vuoksi palvelun vastauksiin kannattanee luottaa tavallista vähemmän juuri nyt.
OpenAI:n mukaan ongelmat ovat kestäneet noin 5 tuntia.
ChatGPT:hen perustuva Microsoftin Copilot-chatbot vaikuttaa toimivan normaalisti.
Tomi Engdahl says:
Sam Tabahriti / Reuters:
Ofcom launches nine Online Safety Act investigations, including into 4chan over alleged illegal content and into seven file-sharing services over possible CSAM
UK regulator investigates possible online safety breaches at 4chan and other platforms
https://www.reuters.com/business/media-telecom/uk-regulator-investigates-possible-online-safety-breaches-4chan-other-platforms-2025-06-10/
Tomi Engdahl says:
https://www.techradar.com/news/live/chatgpt-down-june-10?fbclid=IwY2xjawK1RHxleHRuA2FlbQIxMQABHpcdhx_YUlCdy_CcrzNJDkcYp-n3kyF7ZGFQUu8fdVZw-HYkRIZr494liE7O_aem_gQAOLPCDxb0TWH5FGApBjQ
Tomi Engdahl says:
How Scammers Are Using AI to Steal College Financial Aid
https://www.securityweek.com/how-scammers-are-using-ai-to-steal-college-financial-aid/
Fake college enrollments have been surging as crime rings deploy “ghost students” — chatbots that join online classrooms and stay just long enough to collect a financial aid check.
It was an unusual question coming from a police officer. Heather Brady was napping at home in San Francisco on a Sunday afternoon when the officer knocked on her door to ask: Had she applied to Arizona Western College?
She had not, and as the officer suspected, somebody else had applied to Arizona community colleges in her name to scam the government into paying out financial aid money.
When she checked her student loan servicer account, Brady saw the scammers hadn’t stopped there. A loan for over $9,000 had been paid out in her name — but to another person — for coursework at a California college.
“I just can’t imagine how many people this is happening to that have no idea,” Brady said.
The rise of artificial intelligence and the popularity of online classes have led to an explosion of financial aid fraud. Fake college enrollments have been surging as crime rings deploy “ghost students” — chatbots that join online classrooms and stay just long enough to collect a financial aid check.
In some cases, professors discover almost no one in their class is real. Students get locked out of the classes they need to graduate as bots push courses over their enrollment limits. And victims of identity theft who discover loans fraudulently taken out in their names must go through months of calling colleges, the Federal Student Aid office and loan servicers to try to get the debt erased.
Tomi Engdahl says:
Microsoft Patch Tuesday Covers WebDAV Flaw Marked as ‘Already Exploited’
Redmond warns that external control of a file name or path in WebDAV “allows an unauthorized attacker to execute code over a network.”
https://www.securityweek.com/microsoft-patch-tuesday-covers-webdav-flaw-marked-as-already-exploited/
Microsoft on Tuesday pushed out patches for at least 66 security defects across the Windows ecosystem and called urgent attention to a WebDAV remote code execution bug that’s already been exploited in the wild.
The WebDAV (Web Distributed Authoring and Versioning) flaw, marked as ‘important’ with a CVSS score of 8.8/10, allows browser-based drive-by downloads if a target clicks on a rigged website.
“External control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network,” Microsoft said in a barebones bulletin.
As is customary, Redmond has not disclosed who is abusing the CVE-2025-33053 software defect or whether exploitation is widespread. The company has not provided IOCs (indicators of compromise) or other telemetry to help defenders hunt for signs of infections.
Tomi Engdahl says:
Code Execution Flaws Haunt Adobe Acrobat Reader, Adobe Commerce
Patch Tuesday: Adobe documents hundreds of bugs across multiple products and warns of code execution, feature bypass risks.
https://www.securityweek.com/code-execution-flaws-haunt-adobe-acrobat-reader-adobe-commerce/
Tomi Engdahl says:
https://www.securityweek.com/hackers-stole-300000-crash-reports-from-texas-department-of-transportation/
Tomi Engdahl says:
Malware & Threats
Destructive ‘PathWiper’ Targeting Ukraine’s Critical Infrastructure
A Russia-linked threat actor has used the destructive malware dubbed PathWiper against a critical infrastructure organization in Ukraine.
https://www.securityweek.com/destructive-pathwiper-targeting-ukraines-critical-infrastructure/
Tomi Engdahl says:
Beyond GenAI: Why Agentic AI Was the Real Conversation at RSA 2025
Agentic AI can be a great tool for many of the ‘gray area’ tasks that SOC analysts undertake.
https://www.securityweek.com/beyond-genai-why-agentic-ai-was-the-real-conversation-at-rsa-2025/
Having just returned from the RSA Conference 2025, without a doubt the word on everyone’s lips and the dominant theme on every vendor stand was – you’ve guessed it – AI. AI is a phenomenon that just keeps evolving. Today analysts are predicting a $632B+ AI spend by 2028.
What was interesting is that the conversation has also evolved and moved from GenAI to SynthAI and agentic AI.
Not All AI is the Same
It is interesting how easily the different AI-related buzzwords get bandied around and are often used interchangeably. However, the reality is that GenAI, SynthAI and agentic AI are very different.
GenAI, or Generative AI: GenAI refers to artificial intelligence that can create original content, such as text, images, videos, audio, or code, based on patterns learned from vast amounts of data.
SynthAI: Contrary to GenAI, that primarily focuses on the divergence of information, generating new content based on specific instructions, SynthAI developments emphasize the convergence of information, presenting less but more pertinent content by synthesizing available data. SynthAI will enhance the quality and speed of decision-making, potentially making decisions autonomously. The most evident application lies in summarizing large volumes of information that humans would be unable to thoroughly examine and comprehend independently. SynthAI’s true value will be in aiding humans to make more informed decisions efficiently. A real world example is how SynthAI is helping Siemens accelerate AI adoption in industrial automation, robotics, and manufacturing by streamlining data generation and training processes.
Agentic AI: Agentic AI refers to autonomous AI agents that can make decisions, take actions, and adapt to new information with minimal human oversight. Unlike GenAI, which follows predefined rules, agentic AI operates dynamically, solving complex problems and executing tasks independently. When making decisions and taking action, these agents will rely on synthesizing and analyzing data to make said decisions (including SynthAI).
Trust in AI also needs to evolve. This isn’t a surprise as AI, like all technologies, is going through the hype cycle and in the same way that cloud and automation suffered with issues around trust in the early stages of maturity, so AI is following a very similar pattern. It will be some time before trust and confidence are in balance with AI.
The Rise of Agentic AI
Agentic AI was front and center of the conversation at RSA. This year we witnessed a flurry of announcements around agentic AI. Google announced AI-driven security agents for automated rule creation, malware analysis, and alert triage, integrating Mandiant services into its security platforms making it easier to build AI agents. These multi-agent AI systems are designed to revolutionize enterprise workflows and transform businesses. SentinelOne unveiled agentic AI functionality that mimics advanced SOC analysts, automating investigations and orchestrating multi-step threat responses. Likewise, ArmorCode launched Anya, an agentic AI solution for AppSec and product security teams, designed to reduce alert fatigue and accelerate security decision-making. This list goes on.
Is AI Use in the Workplace Out of Control?
https://www.securityweek.com/is-ai-use-in-the-workplace-out-of-control/
Trying to block AI tools outright is a losing strategy. SaaS and AI are increasingly inseparable, and AI isn’t limited to tools like ChatGPT or Copilot anymore.
Tomi Engdahl says:
Sitkeä huijaus riivaa suomalaisia: Tämän ilmoituksen on syytä soittaa hälytyskelloja
https://www.is.fi/digitoday/tietoturva/art-2000011290275.html
Lue tiivistelmä
FakeUpdates arvioidaan Suomen yleisimmäksi haittaohjelmaksi toukokuussa.
FakeUpdates huijaa käyttäjiä asentamaan valeselainpäivityksiä ja levittää muita haittaohjelmia.
Selainta ei pidä päivittää ponnahdusikkunoiden kautta vaan Chromen omista asetuksista.
Check Point varoittaa myös muista yleisistä haittaohjelmista, kuten Remcos ja Androxgh0st.
Tomi Engdahl says:
Nordea: Vanha valkoinen korvataan uudella mustalla
Nordean tunnuslukulaitteet poistuvat käytöstä. Laitteen voi korvata mobiilisovelluksella tai vaihtoehtoisesti uudemmalla ID-laitteella.
https://www.iltalehti.fi/digiuutiset/a/ba693fdb-9df0-4244-b6ce-84769bcf3193
Tomi Engdahl says:
With Retail Cyberattacks on the Rise, Customers Find Orders Blocked and Shelves Empty
Beyond potentially halting sales of physical goods, breaches can expose customers’ personal data to future phishing or fraud attempts.
https://www.securityweek.com/with-retail-cyberattacks-on-the-rise-customers-find-orders-blocked-and-shelves-empty/
A string of recent cyberattacks and data breaches involving the systems of major retailers have started affecting shoppers.
United Natural Foods, a wholesale distributor that supplies Whole Foods and other grocers, said this week that a breach of its systems was disrupting its ability to fulfill orders — leaving many stores without certain items.
In the U.K., consumers could not order from the website of Marks & Spencer for more than six weeks — and found fewer in-store options after hackers targeted the British clothing, home goods and food retailer. A cyberattack on Co-op, a U.K. grocery chain, also led to empty shelves in some stores.
Cyberattacks have been on the rise across industries. But infiltrations of corporate technology carry their own set of implications when the target is a consumer-facing business.
Tomi Engdahl says:
Flaw in Industrial Computer Maker’s UEFI Apps Enables Secure Boot Bypass on Many Devices
Vulnerable DTResearch UEFI firmware applications can be used in BYOVD attacks to bypass Secure Boot.
https://www.securityweek.com/flaw-in-industrial-computer-makers-uefi-apps-enables-secure-boot-bypass-on-many-devices/
Tomi Engdahl says:
Fortinet, Ivanti Patch High-Severity Vulnerabilities
Patches released by Fortinet and Ivanti resolve over a dozen vulnerabilities, including high-severity flaws leading to code execution, credential leaks.
https://www.securityweek.com/fortinet-ivanti-patch-high-severity-vulnerabilities/
Tomi Engdahl says:
IoT Security
40,000 Security Cameras Exposed to Remote Hacking
Bitsight has identified over 40,000 security cameras that can be easily hacked for spying or other types of malicious activity.
https://www.securityweek.com/40000-unprotected-security-cameras-found-on-internet/
Tomi Engdahl says:
Recently Disrupted DanaBot Leaked Valuable Data for 3 Years
Investigators leveraged a vulnerability dubbed DanaBleed to obtain insights into the internal operations of the DanaBot botnet.
https://www.securityweek.com/recently-disrupted-danabot-leaked-valuable-data-for-3-years/
Tomi Engdahl says:
Management & Strategy
Rethinking Success in Security: Why Climbing the Corporate Ladder Isn’t Always the Goal
Many security professionals feel pressured to pursue leadership roles, but success can also mean going deeper, not just higher.
https://www.securityweek.com/rethinking-success-in-security-why-climbing-the-corporate-ladder-isnt-always-the-goal/
Tomi Engdahl says:
Bill Toulas / BleepingComputer:
An Interpol-led law enforcement action in 26 countries disrupted infostealer operations, leading to takedowns of 20K+ malicious IPs and domains and 32 arrests — An international law enforcement action codenamed “Operation Secure” targeted infostealer malware infrastructure …
Operation Secure disrupts global infostealer malware operations
https://www.bleepingcomputer.com/news/security/operation-secure-disrupts-global-infostealer-malware-operations/
Tomi Engdahl says:
Sharon Goldman / Fortune:
Researchers find the first known “zero-click” attack on an AI agent; the now-fixed flaw in Microsoft 365 Copilot would let a hacker attack a user via an email — Microsoft 365 Copilot, the AI tool built into Microsoft Office workplace applications including Word, Excel, Outlook …
Exclusive: New Microsoft Copilot flaw signals broader risk of AI agents being hacked—‘I would be terrified’
https://fortune.com/2025/06/11/microsoft-copilot-vulnerability-ai-agents-echoleak-hacking/
Tomi Engdahl says:
Ricardo Brito / Reuters:
A majority of six of the 11 judges on Brazil’s Supreme Court have voted to hold social media companies liable for some types of users’ content seen as illegal — Brazil’s Supreme Court formed a majority on Wednesday to hold social media companies accountable for some types of content published …
Brazil’s top court votes to hold social media platforms accountable for user posts
https://www.reuters.com/world/americas/brazils-top-court-forms-majority-hold-social-media-platforms-accountable-users-2025-06-11/
Tomi Engdahl says:
Zoe Kleinman / BBC:
Will Cathcart says WhatsApp plans to support Apple’s legal case against the UK Home Office over an encryption backdoor, which “could set a dangerous precedent”
WhatsApp tells BBC it backs Apple in legal row with UK over user data
https://www.bbc.com/news/articles/cgmjrn42wdwo
WhatsApp has told the BBC it is supporting fellow tech giant Apple in its legal fight against the UK Home Office over the privacy of its users’ data.
The messaging app’s boss, Will Cathcart, said the case “could set a dangerous precedent” by “emboldening other nations” to seek to break encryption, which is how tech firms keep customers’ information private.
Apple went to the courts after receiving a notice from the Home Office demanding the right to access the data of its global customers if required in the interests of national security.
It and other critics of the government’s position say the request compromises the privacy of millions of users.
The Home Office told the BBC it would not comment on ongoing legal proceedings.
“But more broadly, the UK has a longstanding position of protecting our citizens from the very worst crimes, such as child sex abuse and terrorism, at the same time as protecting people’s privacy,” it said in a statement.
Tomi Engdahl says:
Varo matoja kekseissä!
https://etn.fi/index.php/13-news/17637-varo-matoja-kekseissae
Harvoin tietoturvatiedotteet osuvat näin ytimekkäästi: HP:n varoitus matkailijoille paljastaa evästehuijauksen, joka saattaa päätyä laitteeseesi troijalaisena. Kesälomakauden kynnyksellä matkailijoita vaanii uusi, ovelasti naamioitu tietoturvauhka.
HP Wolf Securityn tuore Threat Insights -raportti paljastaa, kuinka kyberrikolliset hyödyntävät tekaistuja matkavaraussivustoja ja niille sijoitettuja haitallisia evästepainikkeita – ja tekevät sen poikkeuksellisen kekseliäällä tavalla.
Kyseessä ei ole pelkkä huijaus, vaan monivaiheinen hyökkäys, jossa käyttäjän klikkaus ”Hyväksy evästeet” -painikkeeseen voi ladata koneelle etäkäyttötroijalaisen nimeltä XWorm. Tämä haittaohjelma antaa hyökkääjälle täyden hallinnan uhrin tietokoneeseen: verkkokamerasta ja mikrofonista aina tiedostojen varastamiseen ja kyberturvaohjelmistojen poiskytkentään asti.
HP:n uhkatutkija Patrick Schläpfer kuvailee osuvasti, kuinka GDPR:n myötä arkipäiväistyneet evästeilmoitukset ovat tehneet käyttäjistä klikkausautomaattisia – juuri se reaktio, jota hyökkääjät tavoittelevat. Kun väärennetty sivu muistuttaa aidosti vaikkapa Booking.comia ja tarjoaa kiireiselle lomailijalle mahdollisuuden nopeasti päästä eteenpäin, käy ”Hyväksy”-painikkeesta ovi haittaohjelmalle.
Tomi Engdahl says:
‘EchoLeak’ AI Attack Enabled Theft of Sensitive Data via Microsoft 365 Copilot
Microsoft recently patched CVE-2025-32711, a vulnerability that could have been used for zero-click attacks to steal data from Copilot.
https://www.securityweek.com/echoleak-ai-attack-enabled-theft-of-sensitive-data-via-microsoft-365-copilot/
Tomi Engdahl says:
The ZTNA Blind Spot: Why Unmanaged Devices Threaten Your Hybrid Workforce
It’s time for enterprises to stop treating unmanaged devices as an edge case and start securing them as part of a unified Zero Trust strategy.
https://www.securityweek.com/the-ztna-blind-spot-why-unmanaged-devices-threaten-your-hybrid-workforce/
As hybrid work cements itself as the new norm, enterprises are making meaningful strides in adopting Zero Trust Network Access (ZTNA) to replace legacy VPNs. But there’s a major blind spot in how most organizations implement ZTNA: unmanaged devices.
ZTNA adoption tends to focus almost exclusively on corporate-managed laptops and desktops. The assumption is that every employee works on a hardened device, with security tools installed and configurations locked down by IT. But that assumption is outdated—and dangerous.
Today, 47% of companies allow enterprise access from Bring Your Own Devices (BYOD) or non-corporate endpoints, such as those used by contractors, freelancers, or partner firms. These devices are outside IT’s control, but they still touch critical systems and data. And when left unsecured, they open the door to data loss, compliance violations, and serious breaches.
The risks are well-documented and growing. But many of the traditional approaches to securing these endpoints fall short—adding complexity without truly mitigating the threat. It’s time to rethink how we extend Zero Trust to every user, regardless of who owns the device they use.
The Risk Landscape: Unmanaged Devices in the Enterprise
The challenge of unmanaged endpoints is no longer theoretical. In the modern enterprise, consultants, contractors, and partners are integral to getting work done—and they often need immediate access to internal systems and sensitive data.
BYOD scenarios are equally common. Executives check dashboards from personal tablets, marketers access cloud apps from home desktops, and employees work on personal laptops while traveling. In each case, IT has little to no visibility or control over the device’s security posture.
Tomi Engdahl says:
Surge in Cyberattacks Targeting Journalists: Cloudflare
Between May 2024 and April 2025, Cloudflare blocked 109 billion malicious requests targeting organizations protected under Project Galileo.
https://www.securityweek.com/surge-in-cyberattacks-targeting-journalists-cloudflare/
Tomi Engdahl says:
https://www.securityweek.com/palo-alto-networks-patches-privilege-escalation-vulnerabilities/
Tomi Engdahl says:
Cybercrime
Whole Foods Distributor United Natural Foods Hit by Cyberattack
United Natural Foods has taken some systems offline after detecting unauthorized activity on its IT systems, causing disruptions to operations.
By
Eduard Kovacs
| June 10, 2025 (2:56 AM ET)
Flipboard
Reddit
Whatsapp
Email
UNFI Cyberattack
United Natural Foods, Inc. (NYSE: UNFI), the main distributor for Amazon’s Whole Foods, has been targeted in a cyberattack that has caused some disruptions to business operations.
United Natural Foods advertises itself as the largest full-service grocery partner in North America, delivering products to over 30,000 locations, including natural product superstores, conventional supermarket chains, e-commerce providers, and independent retailers. With more than $30 billion in annual revenue, the company offers more than 250,000 natural, organic and conventional SKUs through its more than 50 distribution centers.
The company revealed in a filing with the SEC on Monday that it had detected unauthorized activity on some IT systems on June 5. In response to the intrusion, certain systems were taken offline, which has temporarily impacted its ability to fulfill and distribute customer orders.
“The incident has caused, and is expected to continue to cause, temporary disruptions to the Company’s business operations,” United Natural Foods said.
The food distributor is conducting an investigation to determine the impact and scope of the cybersecurity incident. It’s also working on restoring affected systems.
While the company may have been targeted in a ransomware attack, no known group appears to have taken credit for the attack on United Natural Foods at the time of writing.
“When threat actors target the backbone of food distribution in North America, they’re not just freezing systems; they’re freezing supply chains,” said Steve Cobb, CISO at SecurityScorecard. “For companies delivering fresh and frozen goods, even a short disruption can lead to spoilage, shipment delays, and major logistical headaches.”
SecurityWeek has reached out to United Natural Foods for clarifications on whether this was indeed a ransomware attack and will update this article if the company responds.
Advertisement. Scroll to continue reading.
Industrial Cybersecurity Conference
Shares of UNFI closed down 6.98% in trading on Monday and is falling again in pre-market trading on Tuesday as the company discussed the incident during an earnings call.
“In the near term, we are focused on diligently managing through the cyber incident we announced yesterday to rapidly and safely restore our capabilities, while helping our customers with short-term solutions wherever possible,” the company said in its earnings release on June 10.
News of the attack comes just weeks after a ransomware group targeted several major UK retailers, stealing sensitive data in the process.
Shortly after those attacks came to light, Google warned that threat actors had also set their sights on retailers in the United States.
Related: Cartier Data Breach: Luxury Retailer Warns Customers That Personal Data Was Exposed
Related: Lee Enterprises Says 40,000 Hit by Ransomware-Caused Data Breach
Related: MainStreet Bank Data Breach Impacts Customer Payment Cards
Related: Adidas Data Breach Linked to Third-Party Vendor
Written By Eduard Kovacs
Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
Flaw in Industrial Computer Maker’s UEFI Apps Enables Secure Boot Bypass on Many Devices
Recently Disrupted DanaBot Leaked Valuable Data for 3 Years
ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Aveva, CISA
Sensitive Information Stolen in Sensata Ransomware Attack
Vulnerabilities Exposed Phone Number of Any Google User
Mirai Botnets Exploiting Wazuh Security Platform Vulnerability
Nigerian Involved in Hacking US Tax Preparation Firms Sentenced to Prison
Trump Cybersecurity Executive Order Targets Digital Identity, Sanctions Policies
Latest News
‘EchoLeak’ AI Attack Enabled Theft of Sensitive Data via Microsoft 365 Copilot
The ZTNA Blind Spot: Why Unmanaged Devices Threaten Your Hybrid Workforce
Surge in Cyberattacks Targeting Journalists: Cloudflare
Palo Alto Networks Patches Privilege Escalation Vulnerabilities
Interpol Targets Infostealers: 20,000 IPs Taken Down, 32 Arrested, 216,000 Victims Notified
With Retail Cyberattacks on the Rise, Customers Find Orders Blocked and Shelves Empty
Securonix Acquires Threat Intelligence Firm ThreatQuotient
Maze Banks $25M to Tackle Cloud Security With AI Agents
Trending
Five Zero-Days, 15 Misconfigurations Found in Salesforce Industry Cloud
Trump Cybersecurity Executive Order Targets Digital Identity, Sanctions Policies
Whole Foods Distributor United Natural Foods Hit by Cyberattack
Misconfigured HMIs Expose US Water Systems to Anyone With a Browser
40,000 Security Cameras Exposed to Remote Hacking
Sensitive Information Stolen in Sensata Ransomware Attack
Exploited Vulnerability Impacts Over 80,000 Roundcube Servers
Microsoft Patch Tuesday Covers WebDAV Flaw Marked as ‘Already Exploited’
Daily Briefing Newsletter
Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Webinar: Rethinking Endpoint Hardening for Today’s Attack Landscape
June 11, 2025
Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.
Register
Virtual Event: Cloud & Data Security Summit
July 16, 2025
Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.
Register
People on the Move
SAP security firm SecurityBridge announced the appointment of Roman Schubiger as the company’s new CRO.
Cybersecurity training and simulations provider SimSpace has appointed Peter Lee as Chief Executive Officer.
Orchid Security has appointed a new Chief Product Officer and three advisors.
More People On The Move
Expert Insights
The ZTNA Blind Spot: Why Unmanaged Devices Threaten Your Hybrid Workforce
It’s time for enterprises to stop treating unmanaged devices as an edge case and start securing them as part of a unified Zero Trust strategy. (Etay Maor)
Rethinking Success in Security: Why Climbing the Corporate Ladder Isn’t Always the Goal
Many security professionals feel pressured to pursue leadership roles, but success can also mean going deeper, not just higher. (Joshua Goldfarb)
Going Into the Deep End: Social Engineering and the AI Flood
AI is transforming the cybersecurity landscape—empowering attackers with powerful new tools while offering defenders a chance to fight back. But without stronger awareness and strategy, organizations risk falling behind. (Trevin Edgeworth)
Beyond GenAI: Why Agentic AI Was the Real Conversation at RSA 2025
Agentic AI can be a great tool for many of the ‘gray area’ tasks that SOC analysts undertake. (Marc Solomon)
Security Theater or Real Defense? The KPIs That Tell the Truth
In the end, cybersecurity isn’t just about collecting data. It’s about proving that your defenses actually work. (Torsten George)
Flipboard
Reddit
Whatsapp
Email
SecurityWeek
Popular Topics
Cybersecurity News
Industrial Cybersecurity
Security Community
Virtual Cybersecurity Events
Webcast Library
CISO Forum
AI Risk Summit
ICS Cybersecurity Conference
Cybersecurity Newsletters
Stay Intouch
Cyber Weapon Discussion Group
RSS Feed
Security Intelligence Group
Follow SecurityWeek on LinkedIn
About SecurityWeek
Advertising
Event Sponsorships
Writing Opportunities
Feedback/Contact Us
News Tips
Got a confidential news tip? We want to hear from you.
Submit Tip
Advertising
Reach a large audience of enterprise cybersecurity professionals
Contact Us
Daily Briefing Newsletter
Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.
Privacy Policy
Copyright © 2025 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.
Daily Briefing Newsletter
Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.
https://www.securityweek.com/whole-foods-distributor-united-natural-foods-hit-by-cyberattack/
Tomi Engdahl says:
The AI Arms Race: Deepfake Generation vs. Detection
AI-generated voice deepfakes have crossed the uncanny valley, fueling a surge in fraud that outpaces traditional security measures. Detection technology is racing to keep up.
https://www.securityweek.com/deepfakes-and-the-ai-battle-between-generation-and-detection/
Tomi Engdahl says:
USA pelkää, että kiinalaiset aurinkokennotkin vakoilevat
https://etn.fi/index.php/13-news/17641-usa-pelkaeae-ettae-kiinalaiset-aurinkokennotkin-vakoilevat
Yhdysvaltalaiset turvallisuusviranomaiset varoittavat, että kiinalaisissa aurinkosähköjärjestelmissä voi piillä dokumentoimatonta viestintälaitteistoa – ja että nämä voivat mahdollistaa vakoilun tai jopa sabotaasin sähköverkkoon.
Tutkimuksissa on paljastunut, että kiinalaisvalmisteisista inverttereistä ja akuista on löydetty komponentteja, kuten modeemeja, joita ei ole mainittu laitteiden teknisissä asiakirjoissa. Tällaiset “piiloviestintälaitteet” voivat muodostaa vakavan uhan sähköverkon turvallisuudelle, kirjoittavat Reuters ja Ruotsin viranomaisverkkojen lehti CCS News.
Aurinkopaneelit itsessään ovat passiivisia laitteita, mutta järjestelmän ydinkomponentti – invertteri – on aktiivinen elektroniikkalaite, joka muuntaa paneelin tuottaman tasavirran verkkosähköksi. Samalla se valvoo järjestelmän toimintaa, kommunikoi sähköverkon kanssa ja mahdollistaa etäpäivitykset ja huollon. Inverttereissä on siis tietoliikenneyhteyksiä, joiden kautta niitä voidaan hallita. Näihin kanaviin kuuluu esimerkiksi Wi-Fi, Ethernet ja joskus 4G- tai 5G-modeemeja – ja juuri näihin on nyt löytynyt dokumentoimatonta lisälaitteistoa, jota ei ole ilmoitettu viranomaisille tai asiakkaille.
Asiantuntijoiden mukaan nämä piilokomponentit voivat muodostaa takaportin, jonka avulla voi ohittaa verkon palomuurit. Ne voivat mahdollistaa etäohjauksen esimerkiksi Kiinasta käsin, antaa pääsyn säätää tai kytkeä invertteri pois päältä, ja aiheuttaa verkon epävakautta tai jopa laajoja sähkökatkoja.
Tomi Engdahl says:
Maxwell Zeff / TechCrunch:
Google Cloud suffered an outage on Thursday, affecting many of its customers; Cloudflare, Spotify, Discord, Snapchat, and others experienced service disruptions — Large swaths of the internet went down on Thursday, affecting a range of services, from global cloud platform Cloudflare to popular apps like Spotify.
Google Cloud outage brings down a lot of the internet
https://techcrunch.com/2025/06/12/google-cloud-outage-brings-down-a-lot-of-the-internet/
Large swaths of the internet went down on Thursday, affecting a range of services, from global cloud platform Cloudflare to popular apps like Spotify. It appears that a Google Cloud outage is at the root of these other service disruptions.
Google Cloud said it started investigating service issues affecting its customers at 11:46 a.m. PT. As of 2:23 p..m PT, the company said it had implemented mitigations, and expects to have its services back up and running within the hour.
Tomi Engdahl says:
Huijausaalto autokaupoilla! Valmistajat varoittavat
Saksassa, Itävallassa ja Sveitsissä on meneillään huijausaalto käytettyjen autojen kaupoilla.
https://www.iltalehti.fi/autouutiset/a/2100bd1d-3f94-457e-ac8f-f7bd89baa7da
Mikäli suunnittelet hankkivasi autoa ulkomailta lähitulevaisuudessa, niin nyt kannattaa olla varovainen. Volkswagen varoittaa huijausaallosta, joka on käynnissä käytettyjen markkinoilla Saksassa, Itävallassa ja Sveitsissä.
– Käytettyjä Volkswageneita myydään petollisen aidoilta näyttävillä nettisivuilla ja houkuttelevaan hintaan. Kyseisiä autoja ei todellisuudessa ole olemassa, Volkswagen varoittaa tiedotteessaan.
Huijauksissa käytetään väärennettyjä puhelinnumeroita, sähköpostiosoitteita ja pankkitietoja. Huijaussivuilla käytetään myös Volkswagenin viestinnässä käytettyjä termejä, mikä lisää sivujen uskottavuutta.
Tomi Engdahl says:
Users are reporting widespread errors at popular apps and websites.
Massive internet outage: Google services, Cloudflare, Spotify all down, users report
Users are reporting widespread errors at popular apps and websites.
https://mashable.com/article/google-down-cloudflare-twitch-character-ai-internet-outage?fbclid=IwY2xjawK46VNleHRuA2FlbQIxMQABHnzyZpN2bt6G3ryce7jx8dGUMBKcdKSHzn9r2c8UzJ9F9ppB53bL4zw1aH57_aem_XE18_gXlcs81j2tlMGpq_A
Tomi Engdahl says:
Google cloud went down across multiple continents on Thursday, and it may be affecting your favorite sites both for work and for leisure.
Trouble accessing your favorite site? A bunch of internet platforms, including Google, were experiencing issues
https://www.businessinsider.com/google-cloud-outage-bringing-your-favorite-sites-to-a-standstill-2025-6?utm_campaign=tech-sf&utm_medium=social&utm_source=facebook&fbclid=IwZXh0bgNhZW0CMTEAAR7Db-za461u8BPJLKVA2snNpIKxclcHuChDavzVaOP5ZQisOtkUiEAJLNI3Vw_aem_It-wXS7o8eUYVD5XbeJ9pw
Major cloud platforms were experiencing outages affecting services globally on Thursday.
Google Cloud services were down and are affecting other sites, according to Replit and Cloudflare.
Google says it is still investigating the service disruption.
If you had trouble accessing your Google Meet link or your firewall service, you are not alone.
Multiple major sites, especially cloud platforms, experienced a mass outage on Thursday.
Based on information on the Google Cloud Service Health page, a wide array of cloud services are down across multiple continents, from the Americas to Africa. As of 2 p.m. PT, active outages in the US included the agent assist function, speech-to-text, Cloud Memorystore, Cloud Workstations, and Google BigQuery.
Tomi Engdahl says:
I had assumed that this type of thing was likely. The industry is still so far behind in securing these systems. Executives I think are definitely underestimating the risk of the rush to incorporate ai into everything.
Researchers turn Microsoft 365 Copilot against users, leaking extremely sensitive data
https://cybernews.com/security/clever-attack-makes-microsoft-copilot-spy-on-users/?utm_source=cn_facebook&utm_medium=social&utm_campaign=cybernews&utm_content=post&source=cn_facebook&medium=social&campaign=cybernews&content=post&fbclid=IwY2xjawK5-GtleHRuA2FlbQIxMQABHkHQYm1w5RLTx6gDuIe7T4iaxvov_I64HlAHOmGb8lDDAU_TwKjDDLS0gG-__aem_aQufR5kbCB2Ri12fVKQXvw
Microsoft 365 Copilot could’ve leaked sensitive information to attackers with zero user interaction, even if they never opened a malicious email. New research demonstrates how powerful content poisoning can be against inadequate defenses.
Attackers can exfiltrate the most sensitive data from Copilot’s context without user awareness just by sending an email with instructions.
This powerful AI assistant has access to the user’s mailbox, OneDrive storage, M365 Office files, internal SharePoint sites, Microsoft Teams chat history, and more.
The critical zero-click vulnerability, dubbed “EchoLeak,” was unveiled by the Aim Labs Team. Fortunately, researchers were the first to discover it, and no users were affected. Microsoft assigned a maximum severity rating and “fully mitigated” this flaw.
However, the technique showcases the potential risks inherent in agents and chatbots.
Chatbot collecting and beaming user data
An attack chain is quite lengthy, but clever and interesting.
The attack initiates with a malicious email, which basically instructs Copilot to collect the most sensitive user data.
While Microsoft tries to prevent any prompt injection attacks using its classifiers (XPIA), the researchers found that it is easy to bypass them simply by phrasing the email as instructions to the recipient directly, without ever mentioning AI, assistant, Copilot, etc.
Prompt injections can also hide behind “a vast variety of topics, phrasings, tones, languages, and so forth,” researchers warn.
The user may never open the email, but for the attack to succeed, it’s important that Copilot retrieves it.
To maximize their chances, hackers can use multiple approaches. They can simply recon the target to understand what sort of questions they usually prompt the Copilot, and tweak the context accordingly. They can also send multiple emails and very long emails that are chunked to further increase the likelihood of an email being retrieved by Copilot.
“Here is the complete guide to leave of absence management.”
But how does the data leave Microsoft’s systems when Copilot retrieves instructions and starts collecting your secrets? The researchers devised a clever outgoing channel using Microsoft’s own infrastructure.
They instructed the Copilot to create a link and append the collected “most sensitive information” to its parameters.
Users probably wouldn’t click on such a link, but if it leads to an image, the browser automatically fetches it without the user clicking.
“Not only do we exfiltrate sensitive data from the context, but we can also make M365 Copilot not reference the malicious email. This is achieved simply by instructing the “email recipient” to never refer to this email for compliance reasons,” the Aim Labs report reads.
Serious implications for AI security
Microsoft confirmed that AI command injection in M365 Copilot allowed an unauthorized attacker to disclose information over a network. Organizations using default configurations of Microsoft Copilot were very likely at risk. Microsoft confirmed that no customers were affected.
“This chain could leak any data in the M365 Copilot LLM’s context. This includes the entire chat history, resources fetched by M365 Copilot from the Microsoft Graph, or any data preloaded into the conversation’s context, such as user and organization names,” Aim Labs said.
This technique can be adapted by hackers to target other loopholes and systems in the future.
“LLM scope violations are a new threat that is unique to AI applications and is not mitigated by existing public AI guardrails. So long as your application relies at its core on an LLM and accepts untrusted inputs, you might be vulnerable to similar attacks,” the report warns.
“This attack is based on general design flaws that exist in other RAG applications and AI agents.”
The researchers suggest using real-time guardrails to protect all AI agents and RAG applications.
Tomi Engdahl says:
Your VPN could be giving your browsing data to China, watchdog says
A new report says 17 VPN apps that are available on Google’s and Apple’s app stores have undisclosed ties to China.
https://www.nbcnews.com/news/amp/rcna211903?fbclid=IwY2xjawK6F7xleHRuA2FlbQIxMQABHkdhMWrDykChZfStzOHYGDZHdaAuJHqMzsczEuL6I5qwYvE5ss2ChEnJNDqy_aem_-6puxn0Bb2zuWlpPRTnnRA
Tomi Engdahl says:
Paragon ‘Graphite’ Spyware Linked to Zero-Click Hacks on Newest iPhones
Citizen Lab publishes forensic proof that spyware maker Paragon can compromise up-to-date iPhones. Journalists in Europe among victims.
https://www.securityweek.com/paragon-graphite-spyware-linked-to-zero-click-hacks-on-newest-iphones/
Tomi Engdahl says:
Cybersecurity Funding
ZeroRISC Raises $10 Million for Open Source Silicon Security Solutions
ZeroRISC has raised $10 million in seed funding for production-grade open source silicon security, built on OpenTitan designs.
https://www.securityweek.com/zerorisc-raises-10-million-for-open-source-silicon-security-solutions/
Tomi Engdahl says:
Vulnerabilities
Critical Vulnerabilities Patched in Trend Micro Apex Central, Endpoint Encryption
Trend Micro patches critical-severity Apex Central and Endpoint Encryption PolicyServer flaws leading to remote code execution.
https://www.securityweek.com/critical-vulnerabilities-patched-in-trend-micro-apex-central-endpoint-encryption-policyserver/
Tomi Engdahl says:
Ransomware
Fog Ransomware Attack Employs Unusual Tools
Multiple legitimate, unusual tools were used in a Fog ransomware attack, including one employed by Chinese hacking group APT41.
https://www.securityweek.com/fog-ransomware-attack-employs-unusual-tools/
A recent Fog ransomware attack stands out due to the use of a series of legitimate tools previously unseen in ransomware attacks, Symantec reports.
The attack was carried out in May 2025 against a financial institution in Asia and relied on Syteca (formerly Ekran), a legitimate employee monitoring software, and several open source pentesting utilities, namely GC2, Adaptix, and Stowaway.
The attackers compromised the organization’s network two weeks before deploying ransomware, and infected two Exchange servers in the process. The infection chain started with the open source penetration testing tools.
One of the utilities, GC2, can be used to execute commands using Google Sheets or Microsoft SharePoint List, and to exfiltrate data via Google Drive or Microsoft SharePoint documents. The tool was previously used by the Chinese state-sponsored hacking group APT41 in 2023.
The Fog attack also involved the use of Stowaway, an open source proxy utility, to deploy Syteca, a legitimate employee monitoring application that supports screen recording and keystroke monitoring, among others.
Tomi Engdahl says:
Malware & Threats
SimpleHelp Vulnerability Exploited Against Utility Billing Software Users
CISA warns that vulnerable SimpleHelp RMM instances have been exploited against a utility billing software provider’s customers.
By
Ionut Arghire
| June 13, 2025 (6:37 AM ET)
Flipboard
Reddit
Whatsapp
Email
CISA
Ransomware operators are exploiting a SimpleHelp vulnerability in attacks targeting the customers of a utility billing software provider, the US cybersecurity agency CISA warns.
The exploited bug, tracked as CVE-2024-57727 (CVSS score of 7.5), allows attackers to retrieve sensitive information such as credentials and API keys.
The security defect was patched in January along with two other flaws, CVE-2024-57728 and CVE-2024-57726, which allow attackers to upload arbitrary files and elevate their privileges to administrator.
CISA added CVE-2024-57727 to its Known Exploited Vulnerabilities (KEV) list in February, after threat actors were seen exploiting it to compromise devices running the SimpleHelp remote monitoring and management (RMM) software.
In late May, Sophos warned of a DragonForce ransomware attack compromising an MSP and its customers through the exploitation of a vulnerable SimpleHelp instance. CISA now warns of a similar incident, urging immediate patching.
According to CISA, the compromise of a utility billing software provider’s customers through a vulnerable SimpleHelp instance “reflects a broader pattern of ransomware actors targeting organizations through unpatched versions of SimpleHelp RMM since January 2025.”
“SimpleHelp versions 5.5.7 and earlier contain several vulnerabilities, including CVE-2024-57727—a path traversal vulnerability. Ransomware actors likely leveraged CVE-2024-57727 to access downstream customers’ unpatched SimpleHelp RMM for disruption of services in double extortion compromises,” CISA says.
Software vendors, downstream customers, and end users should take immediate steps to patch their SimpleHelp deployments and hunt for indicators of compromise (IoCs), the agency notes.
Advertisement. Scroll to continue reading.
Industrial Cybersecurity Conference
Third-party vendors should immediately disconnect systems running SimpleHelp version 5.5.7 or prior, upgrade to a patched release, and notify downstream customers to secure their endpoints.
Downstream customers should determine the SimpleHelp version they are using, conduct threat hunting actions, disconnect vulnerable instances, monitor for unusual SimpleHelp server traffic, and apply the available patches.
End-users, CISA notes, should disconnect impacted devices, reinstall their operating system from a clean installation media, and restore their data from a clean backup.
Related: FBI Aware of 900 Organizations Hit by Play Ransomware
Related: Companies Warned of Commvault Vulnerability Exploitation
Related: ConnectWise Discloses Suspected State-Sponsored Hack
Related: Law Firms Warned of Silent Ransom Group Attacks
Written By Ionut Arghire
Ionut Arghire is an international correspondent for SecurityWeek.
More from Ionut Arghire
Hirundo Raises $8 Million to Eliminate AI’s Bad Behavior
New ‘SmartAttack’ Steals Air-Gapped Data Using Smartwatches
Surge in Cyberattacks Targeting Journalists: Cloudflare
Palo Alto Networks Patches Privilege Escalation Vulnerabilities
Fortinet, Ivanti Patch High-Severity Vulnerabilities
40,000 Security Cameras Exposed to Remote Hacking
Horizon3.ai Raises $100 Million in Series D Funding
Chrome, Firefox Updates Resolve High-Severity Memory Bugs
Latest News
In Other News: Cloudflare Outage, Cracked.io Users Identified, Victoria’s Secret Cyberattack Cost
TeamFiltration Abused in Entra ID Account Takeover Campaign
Industry Reactions to Trump Cybersecurity Executive Order: Feedback Friday
Fog Ransomware Attack Employs Unusual Tools
Critical Vulnerability Exposes Many Mitel MiCollab Instances to Remote Hacking
Critical Vulnerabilities Patched in Trend Micro Apex Central, Endpoint Encryption
ZeroRISC Raises $10 Million for Open Source Silicon Security Solutions
Paragon ‘Graphite’ Spyware Linked to Zero-Click Hacks on Newest iPhones
Trending
Industry Reactions to Trump Cybersecurity Executive Order: Feedback Friday
In Other News: Cloudflare Outage, Cracked.io Users Identified, Victoria’s Secret Cyberattack Cost
Critical Vulnerabilities Patched in Trend Micro Apex Central, Endpoint Encryption
40,000 Security Cameras Exposed to Remote Hacking
Palo Alto Networks Patches Privilege Escalation Vulnerabilities
Whole Foods Distributor United Natural Foods Hit by Cyberattack
New ‘SmartAttack’ Steals Air-Gapped Data Using Smartwatches
The AI Arms Race: Deepfake Generation vs. Detection
Daily Briefing Newsletter
Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Webinar: Rethinking Endpoint Hardening for Today’s Attack Landscape
On Demand
Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.
Watch Now
Virtual Event: Cloud & Data Security Summit
July 16, 2025
Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.
Register
People on the Move
Cloud security startup Upwind has appointed Rinki Sethi as Chief Security Officer.
SAP security firm SecurityBridge announced the appointment of Roman Schubiger as the company’s new CRO.
Cybersecurity training and simulations provider SimSpace has appointed Peter Lee as Chief Executive Officer.
More People On The Move
Expert Insights
The ZTNA Blind Spot: Why Unmanaged Devices Threaten Your Hybrid Workforce
It’s time for enterprises to stop treating unmanaged devices as an edge case and start securing them as part of a unified Zero Trust strategy. (Etay Maor)
Rethinking Success in Security: Why Climbing the Corporate Ladder Isn’t Always the Goal
Many security professionals feel pressured to pursue leadership roles, but success can also mean going deeper, not just higher. (Joshua Goldfarb)
Going Into the Deep End: Social Engineering and the AI Flood
AI is transforming the cybersecurity landscape—empowering attackers with powerful new tools while offering defenders a chance to fight back. But without stronger awareness and strategy, organizations risk falling behind. (Trevin Edgeworth)
Beyond GenAI: Why Agentic AI Was the Real Conversation at RSA 2025
Agentic AI can be a great tool for many of the ‘gray area’ tasks that SOC analysts undertake. (Marc Solomon)
Security Theater or Real Defense? The KPIs That Tell the Truth
In the end, cybersecurity isn’t just about collecting data. It’s about proving that your defenses actually work. (Torsten George)
Flipboard
Reddit
Whatsapp
Email
SecurityWeek
Popular Topics
Cybersecurity News
Industrial Cybersecurity
Security Community
Virtual Cybersecurity Events
Webcast Library
CISO Forum
AI Risk Summit
ICS Cybersecurity Conference
Cybersecurity Newsletters
Stay Intouch
Cyber Weapon Discussion Group
RSS Feed
Security Intelligence Group
Follow SecurityWeek on LinkedIn
About SecurityWeek
Advertising
Event Sponsorships
Writing Opportunities
Feedback/Contact Us
News Tips
Got a confidential news tip? We want to hear from you.
Submit Tip
Advertising
Reach a large audience of enterprise cybersecurity professionals
Contact Us
Daily Briefing Newsletter
Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.
Privacy Policy
Copyright © 2025 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.
Daily Briefing Newsletter
Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.
https://www.securityweek.com/simplehelp-vulnerability-exploited-against-utility-billing-software-users/
Tomi Engdahl says:
Government
Industry Reactions to Trump Cybersecurity Executive Order: Feedback Friday
Industry professionals comment on the Trump administration’s new executive order on cybersecurity.
https://www.securityweek.com/industry-reactions-to-trump-cybersecurity-executive-order-feedback-friday/
President Donald Trump has signed a new cybersecurity executive order that, according to the White House, amends problematic elements of executive orders from the Biden and Obama administrations.
Executive Order 14306 aims to improve software development, border gateway (BGP) security, post-quantum cryptography (PQC), AI security, IoT security, encryption, and sanctions, as well as to prevent the abuse of digital identities.
It targets EO 14144 — signed by Biden in January 2025 — removing a section that encourages the acceptance of digital identity documents, over fraud concerns.
For software security, the Biden EO mandated attestations for federal contractors, which the new EO removes. In the case of PQC, the Trump EO simplifies the implementation roadmap.
Government
Trump Cybersecurity Executive Order Targets Digital Identity, Sanctions Policies
President Trump says his new cybersecurity executive order amends problematic elements of Biden- and Obama-era executive orders.
https://www.securityweek.com/trump-cybersecurity-executive-order-targets-digital-identity-sanctions-policies/
Tomi Engdahl says:
Malware & Threats
TeamFiltration Abused in Entra ID Account Takeover Campaign
Threat actors have abused the TeamFiltration pentesting framework to target over 80,000 Entra ID user accounts.
https://www.securityweek.com/teamfiltration-abused-in-entra-id-account-takeover-campaign/
A large-scale account takeover (ATO) campaign has been abusing the TeamFiltration penetration testing framework to target Entra ID users, Proofpoint reports.
Released in 2022, TeamFiltration is a pentesting tool for automating TTPs used in ATO attacks, with support for account enumeration, password spraying, data exfiltration, and obtaining persistent access via OneDrive.
The framework requires an AWS account to initiate the ATO simulation, as well as a ‘sacrificial’ Office 365 account with a Business Basic license and the Microsoft Teams API to enumerate accounts in the Entra ID environment.
According to Proofpoint, a threat actor started using TeamFiltration in December 2024 to target user accounts across approximately 100 cloud tenants, and has successfully compromised multiple accounts to date. The attacks peaked in January 2025.
Tracked as UNK_SneakyStrike, the campaign used a combination of Microsoft Teams API and AWS servers scattered across the world for password spraying, in highly concentrated bursts.
“Most bursts target a wide range of users within a single cloud environment, followed by quiet periods that typically last around four to five days,” Proofpoint explains.
Tomi Engdahl says:
https://www.securityweek.com/in-other-news-cloudflare-outage-cracked-io-users-identified-victorias-secret-cyberattack-cost/