Incident: United Natural Foods (UNFI) Distributor Hit by Cyberattack Incident Date: June 6, 2025 Article Date: June 9, 2025 Summary: UNFI, the primary distributor for Whole Foods and over 30,000 retail locations across North America, experienced a cyberattack on June 6 that prompted shutdown of IT systems and engagement of law enforcement and cybersecurity experts. The disruption may temporarily affect grocery order fulfilment. Reference: www.axios.com/2025/06/0…

iMessage Zero-Click Attacks Suspected in Targeting of High-Value Individuals - SecurityWeek

iVerify, a mobile EDR firm, suspects zero-click attacks targeting an iMessage vulnerability, called Nickname, on iPhones belonging to high-value individuals in the EU and US. The attacks, observed in late 2024 and early 2025, involved exploiting a race condition in the imagent process, potentially leading to device compromise. Apple, however, denies the claims, stating the issue was a conventional software bug fixed in iOS 18.3.

Vulnerability Summary for the Week of June 2, 2025 | CISA

Ubuntu security advisory (AV25-323) - Canadian Centre for Cyber Security

IBM security advisory (AV25-324) - Canadian Centre for Cyber Security

Dell security advisory (AV25-325) - Canadian Centre for Cyber Security

New AI tool targets critical hole in thousands of open source apps | InfoWorld

The article describes a new AI tool that can scan open source repositories for vulnerabilities and automatically generate patches. The tool has already identified and patched over 60 projects, but the researchers highlight the need to address concerns about the tool’s potential to introduce new vulnerabilities and the responsibility of developers and project maintainers in ensuring the tool’s effectiveness.

Chinese-Linked Hackers Targeted 70+ Global Organizations

SentinelLABS uncovered a widespread cyber espionage campaign targeting over 70 global organizations between July 2024 and March 2025. The attacks, linked to China-nexus threat actors, utilized advanced tools and techniques, including the ShadowPad backdoor platform and GOREshell variants. The campaign impacted various sectors, including government, media, manufacturing, finance, telecommunications, and research.

Limited Canva Creator Data Exposed Via AI Chatbot Database

A Chroma database operated by Russian AI chatbot startup My Jedai was found exposed online, leaking survey responses from over 500 Canva Creators. The exposed data included email addresses and detailed feedback on Canva’s Creator Program. The incident highlights the risks of data exposure through AI technologies and the need for proper data protection measures.

Chinese Hackers and User Lapses Turn Smartphones Into a ‘Mobile Security Crisis’ - SecurityWeek

Chinese hackers have been targeting smartphones of individuals in government, politics, tech, and journalism, exploiting vulnerabilities in mobile devices and apps. This highlights the growing risk of cyberattacks on sensitive information and American interests. While most smartphones have robust security, apps and connected devices often lack these protections, making them potential footholds for hackers.

SentinelOne Sees No Breach After Hardware Supplier Hacked

SentinelOne reported a breach of a logistics firm supplying hardware to its employees, involving the ShadowPad malware. The breach did not compromise SentinelOne’s network. The same hackers, possibly APT41, targeted other organizations, including a South Asian government entity and a European media organization, using similar techniques.

Morning cyber security summary

Incident: FBI Warns of BADBOX 2.0 Botnet Surge in Chinese IoT Devices Incident Date: June 7, 2025 Article Date: June 7, 2025 Summary: The FBI alerted that BADBOX 2.0, a China‑based botnet, has infected over one million low-cost Android smart devices worldwide. Infected devices are being used in criminal schemes, prompting warnings for network audits and device sanitisation. Reference: www.databreachtoday.com/fbi-warns…‑2‑0‑botnet-surge-in‑chinese‑devices

Incident: New RustStealer Info‑Stealer Targets Chromium Browsers Incident Date: June 7, 2025 Article Date: June 7, 2025 Summary: Security researchers disclosed “RustStealer,” a Rust‑based info‑stealer targeting Chromium browsers on Windows/macOS. It harvests login credentials, cookies and browser data, posing a significant risk to enterprise credential security. Reference: social.cyware.com/cyber-sec… (item dated June 7, 2025)

Incident: Optima Tax Relief Hit by Chaos Ransomware, Data Leaked Incident Date: June 7, 2025 Article Date: June 9, 2025 Summary: Optima Tax Relief was targeted by the Chaos ransomware gang using a double‑extortion tactic; encrypted servers and stolen data are now being leaked on dark‑web forums. Reference: social.cyware.com/cyber-sec… (item dated June 9, 2025)

Incident: Sensata Technologies Ransomware Breach Exposes SSNs and Medical Data Incident Date: June 7, 2025 Article Date: June 7, 2025 Summary: Sensata, an industrial tech firm, disclosed a ransomware breach exposing personal data—including Social Security and medical records—of unknown quantity, with confirmation to affected individuals underway. Reference: social.cyware.com/category/… (item dated June 7, 2025)

Incident: Cumberland County Hospital Cyberattack Affects 36,600 Patients Incident Date: June 8, 2025 Article Date: June 9, 2025 Summary: Cumberland County Hospital confirmed a ransomware incident impacting 36,600 patients, threatening to publish stolen data on June 8 if ransom wasn’t paid. Reference: www.hipaajournal.com/cumberlan…

Incident: Cisco Talos Reports Roundcube XSS Attack on Infrastructure Incident Date: June 6, 2025 Article Date: June 9, 2025 Summary: Cisco Talos revealed attackers exploited an XSS flaw in Roundcube webmail, harvesting credentials from a critical infrastructure entity during active exploitation. Reference: gbhackers.com/hackers-e…

How global threat actors are weaponizing AI now, according to OpenAI www.zdnet.com/article/h…

As generative AI has spread in recent years, so too have fears over the technology’s misuse and abuse.

Tools like ChatGPT can produce realistic text, images, video, and speech. The developers behind these systems promise productivity gains for businesses and enhanced human creativity, while many safety experts and policy-makers worry about the impending surge of misinformation, among other dangers, that these systems enable.

OpenAI – arguably the leader in this ongoing AI race – publishes an annual report highlighting the myriad ways in which its AI systems are being used by bad actors. “AI investigations are an evolving discipline,” the company wrote in the latest version of its report, released Thursday. “Every operation we disrupt gives us a better understanding of how threat actors are trying to abuse our models, and enables us to refine our defenses.”

The new report detailed 10 examples of abuse from the past year, four of which appear to be coming from China.

FBI Alert Number: I-060525-PSA: Home Internet Connected Devices Facilitate Criminal Activity www.ic3.gov/PSA/2025/…

The Federal Bureau of Investigation (FBI) is issuing this Public Service Announcement to warn the public about cyber criminals exploiting Internet of Things (IoT)1 devices connected to home networks to conduct criminal activity using the BADBOX 2.0 botnet2.

Cyber criminals gain unauthorized access to home networks through compromised IoT devices, such as TV streaming devices, digital projectors, aftermarket vehicle infotainment systems, digital picture frames and other products. Most of the infected devices were manufactured in China.

Cyber criminals gain unauthorized access to home networks by either configuring the product with malicious software prior to the users purchase or infecting the device as it downloads required applications that contain backdoors, usually during the set-up process.3 Once these compromised IoT devices are connected to home networks, the infected devices are susceptible to becoming part of the BADBOX 2.0 botnet and residential proxy services4 known to be used for malicious activity.

Russian Spies Are Analyzing Data From China’s WeChat App (nytimes.com) yro.slashdot.org/story/25/…

Russian counterintelligence agents are analyzing data from the popular Chinese messaging and social media app WeChat to monitor people who might be in contact with Chinese spies, according to a Russian intelligence document obtained by The New York Times. The disclosure highlights the rising level of concern about Chinese influence in Russia as the two countries deepen their relationship. As Russia has become isolated from the West over its war in Ukraine, it has become increasingly reliant on Chinese money, companies and technology. But it has also faced what the document describes as increased Chinese espionage efforts.

The document indicates that the Russian domestic security agency, known as the F.S.B., pulls purloined data into an analytical tool known as “Skopishche” (a Russian word for a mob of people). Information from WeChat is among the data being analyzed, according to the document… One Western intelligence agency told The Times that the information in the document was consistent with what it knew about “Russian penetration of Chinese communications….” By design, [WeChat] does not use end-to-end encryption to protect user data. That is because the Chinese government exercises strict control over the app and relies on its weak security to monitor and censor speech. Foreign intelligence agencies can exploit that weakness, too…

WeChat was briefly banned in Russia in 2017, but access was restored after Tencent took steps to comply with laws requiring foreign digital platforms above a certain size to register as “organizers of information dissemination.” The Times confirmed that WeChat is currently licensed by the government to operate in Russia. That license would require Tencent to store user data on Russian servers and to provide access to security agencies upon request.

New Mirai botnet infect TBK DVR devices via command injection flaw www.bleepingcomputer.com/news/secu…

A new variant of the Mirai malware botnet is exploiting a command injection vulnerability in TBK DVR-4104 and DVR-4216 digital video recording devices to hijack them.

The flaw, tracked under CVE-2024-3721, is a command injection vulnerability disclosed by security researcher “netsecfish” in April 2024.

The proof-of-concept (PoC) the researcher published at the time came in the form of a specially crafted POST request to a vulnerable endpoint, achieving shell command execution through the manipulation of certain parameters (mdb and mdc).

Kaspersky now reports having caught active exploitation of CVE-2024-3721 in its Linux honeypots from a new Mirai botnet variant using netsecfish’s PoC.

Hackers Using Fake IT Support Calls to Breach Corporate Systems, Google

Hackers are using voice phishing (vishing) to breach corporate systems, impersonating IT support to trick employees into granting access to sensitive systems, particularly Salesforce. The attackers use a modified version of Salesforce’s Data Loader tool to extract data, sometimes disguising it as “My Ticket Portal.” After data theft, they may wait months before extorting victims, claiming to be associated with the ShinyHunters hacking group.

EU Prepares for Transnational Cyberattacks - GovInfoSecurity

The Council of the European Union approved a crisis management initiative to improve preparedness for transnational cybersecurity threats. The EU Cyber Blueprint recommends coordination between national computer incident response teams and the European cyber crisis liaison organization network to identify and respond to potential transnational cyber incidents.

Experts found 4 billion user records online, the largest known leak of Chinese personal data from a single source

A 631GB database containing 4 billion Chinese user records, including financial, WeChat, and Alipay data, was discovered online. The data, likely collected for surveillance or profiling, was divided into 16 collections and exposed sensitive information like payment card numbers and residential data. This appears to be the largest known leak of Chinese personal data from a single source.

Alphabet CEO Sundar Pichai dismisses AI job fears, emphasizes expansion plans | TechCrunch

Alphabet CEO Sundar Pichai dismisses concerns about AI replacing jobs, emphasizing the company’s growth plans and AI’s role as an accelerator for new product development. He highlights expanding ventures like Waymo and YouTube’s growth as evidence of innovation opportunities. While acknowledging fears about job displacement, Pichai remains optimistic about AI’s progress but acknowledges potential plateaus.

Can we still tell what’s real? ‘Unsettling’ new AI tech makes generating ultrarealistic videos easy | CBC News

Google’s new AI video model, Veo 3, can now generate highly realistic video and audio, making it difficult for viewers to distinguish between real and fabricated content. While the technology enables rapid and lifelike media creation, experts warn of rising risks to public trust, especially in journalism, politics and law. CBC News tested Veo 3 and found it could easily produce believable yet false content, including political messages and misinformation, despite Google’s safeguards. As deepfake quality improves and becomes more accessible, concerns are growing over how AI-generated media could be weaponized or misused.

Microsoft says it is ending USB-C confusion with updated Windows 11 WHCP | BetaNews

Microsoft is using the Windows Hardware Compatibility Program (WHCP) to address USB-C port confusion. The WHCP aims to ensure that USB-C ports on certified Windows 11 devices support basic USB data, charging, and display functionality, and that USB 40Gbps ports support USB4 and Thunderbolt 3 devices.

OpenAI takes down covert operations tied to China : NPR

OpenAI disrupted ten covert influence operations, four likely originating from China, that utilized its AI tools for malicious purposes. These operations, spanning various platforms and topics, included social media manipulation, surveillance, and intelligence gathering. While the operations showcased the diverse tactics employed, OpenAI noted they were largely unsuccessful in reaching significant audiences.

Morning Briefing

Incident: Ukraine Hacks Russian Warplane Manufacturer Tupolev Incident Date: June 5, 2025 Article Date: June 5, 2025 Summary: Ukraine’s military intelligence agency (HUR) claimed responsibility for a cyberattack on Russia’s state-owned aircraft manufacturer Tupolev, resulting in the exfiltration of over 4.4 GB of sensitive data. The breach underscores the ongoing cyber conflict between the two nations. Reference: www.govinfosecurity.com/breach-ro…

Incident: Interlock Ransomware Group Begins Leaking Kettering Health’s Stolen Data Incident Date: May 20, 2025 Article Date: June 6, 2025 Summary: The cybercrime group Interlock has started publishing portions of the 941 GB of data allegedly stolen during a May ransomware attack on Kettering Health. The Ohio-based healthcare organization continues to recover and enhance its cybersecurity measures. Reference: warrencountypost.com/g/lebanon…

Incident: Passion.io Data Breach Exposes Information of 3.6 Million Users Incident Date: June 5, 2025 Article Date: June 6, 2025 Summary: A massive data breach exposed personal and financial information of over 3.6 million users of the app-building platform Passion.io. The breach involved 12.2 terabytes of unencrypted and publicly accessible data. Reference: social.cyware.com/category/…

Incident: Hackers Leak 86 Million AT&T Records with Decrypted SSNs Incident Date: June 5, 2025 Article Date: June 6, 2025 Summary: Hackers have leaked 86 million AT&T records, including decrypted Social Security Numbers, full names, addresses, and dates of birth. The data, reportedly stolen by the ShinyHunters group, raises significant privacy concerns. Reference: social.cyware.com/category/…

Incident: Critical Vulnerabilities in Dell PowerScale OneFS Allow Unauthorized Access Incident Date: June 5, 2025 Article Date: June 5, 2025 Summary: Dell Technologies released a critical security advisory addressing multiple flaws in its PowerScale OneFS. The most severe vulnerability, CVE-2024-53298, allows unauthenticated remote attackers to access and manipulate the file system. Reference: social.cyware.com/cyber-sec…

Incident: Hackers Exploit Roundcube Vulnerability to Steal User Credentials via XSS Attack Incident Date: June 6, 2025 Article Date: June 6, 2025 Summary: Cisco Talos uncovered a sophisticated cyberattack targeting a critical infrastructure entity by exploiting a vulnerability in Roundcube webmail software, allowing attackers to steal user credentials through cross-site scripting (XSS). Reference: gbhackers.com/hackers-e…

Incident: EU Adopts Blueprint to Better Manage European Cyber Crises and Incidents Incident Date: June 6, 2025 Article Date: June 6, 2025 Summary: The European Union adopted a new cyber crisis management blueprint to enhance coordination and response to large-scale cybersecurity incidents. The plan aims to strengthen Europe’s resilience against cyber threats. Reference: www.consilium.europa.eu/en/press/…

Incident: Microsoft Launches Free Cybersecurity Aid for Europe Incident Date: June 5, 2025 Article Date: June 5, 2025 Summary: Microsoft unveiled a new initiative to provide free cybersecurity support across Europe, targeting the rising tide of AI-powered cyber threats challenging governments, businesses, and communities. Reference: www.webpronews.com/microsoft…

US offers $10M for tips on state hackers tied to RedLine malware www.bleepingcomputer.com/news/secu…

The U.S. Department of State has announced a reward of up to $10 million for any information on government-sponsored hackers with ties to the RedLine infostealer malware operation and its suspected creator, Russian national Maxim Alexandrovich Rudometov.

The same bounty covers leads on state hackers' use of this malware in cyber operations targeting critical infrastructure organizations in the United States.

This bounty is posted as part of the Department of State’s Rewards for Justice program established by the 1984 Act to Combat International Terrorism, which rewards informants for tips that help identify or locate foreign government threat actors behind cyberattacks against U.S. entities.