Major Incidents or Breaches

• Ahold Delhaize, a global food retail chain, disclosed that a ransomware attack in November resulted in a data breach affecting 2.2 million individuals, compromising personal, financial, and health information.
• Cloudflare successfully mitigated the largest recorded DDoS attack to date.
• Russian ISPs began throttling access to websites and services protected by Cloudflare as of 9 June 2025, causing widespread inaccessibility.

Newly Discovered Vulnerabilities

• A critical vulnerability in NetScaler ADC and Gateway, dubbed “Citrix Bleed 2” (CVE-2025-5777), is now believed to be actively exploited. This flaw allows attackers to maintain undetected access for extended periods.
• Researchers identified security weaknesses in aftermarket smart tractor steering systems, allowing potential full takeover and surveillance of connected tractors.

Notable Threat Actor Activity

Major Incidents or Breaches

• United Natural Foods Inc. (UNFI), a major supplier to Whole Foods, has restored its core systems and electronic ordering/invoicing platforms after a cyberattack. Details of the attack vector or threat actor have not been disclosed.
• Hawaiian Airlines reported a cyberattack that disrupted access to some systems. Flight operations were not affected. The investigation is ongoing.
• The U.S. Department of Justice charged a British national, alleged to be the threat actor “IntelBroker,” in connection with several high-profile breaches.
• New South Wales Police arrested a former Western Sydney University student accused of repeatedly hacking university systems for personal gain, including manipulating parking and accessing data.
• A Kansas City man pleaded guilty to hacking multiple organizations to promote his own cybersecurity services.
• AT&T has agreed to a $177 million settlement following a data breach that resulted in customer information being leaked and sold on the dark web.
• The “Cyber Fattah” hacktivist group leaked data from Saudi Games, amid increased hacktivist activity linked to regional tensions.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Citrix NetScaler ADC Vulnerability (CVE-2025-6543): Citrix released emergency patches for a critical vulnerability in NetScaler ADC appliances, which has been actively exploited in the wild for denial of service and session hijacking attacks. The flaw, dubbed “CitrixBleed 2,” allows unauthenticated attackers to steal authentication tokens and disrupt services.
• SonicWall NetExtender Trojan: Unknown threat actors have distributed a trojanized version of SonicWall’s NetExtender SSL VPN client, enabling credential theft from users who install the compromised application.
• Pro-Iranian Hacktivist Data Leak: The Cyber Fattah group, aligned with Iranian interests, leaked thousands of personal records related to athletes and visitors of the 2024 Saudi Games.
• BreachForums Operator Arrests: French authorities reportedly arrested five operators of the BreachForums cybercrime forum, which facilitated the trade and exposure of stolen data.
• ‘IntelBroker’ Charged: A British national known as “IntelBroker” has been charged in the US for stealing and selling sensitive data from global victims, causing $25 million in damages.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Steel producer Nucor confirmed that data was stolen during a cyberattack first disclosed in May. Systems were taken offline to investigate and contain malicious activity.
• AT&T is settling a data breach affecting millions of customers, offering compensation to those impacted.
• Trezor warned users of a phishing campaign abusing its official support platform to send deceptive emails aimed at stealing cryptocurrency.
• Threat actors have distributed a trojanized version of SonicWall’s NetExtender SSL VPN client, designed to steal VPN credentials.
• Over 70 Microsoft Exchange servers were targeted by unidentified threat actors who injected malicious code into login pages to harvest credentials.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• McLaren Health Care reported a data breach impacting 743,000 patients following a July 2024 attack by the INC ransomware gang.
• Nucor, North America’s largest steel producer, confirmed data theft in a recent cyber incident.
• A database containing 184 million plaintext passwords from platforms including Facebook and Google was discovered exposed online without encryption or protection.

Newly Discovered Vulnerabilities

• Citrix released patches for critical vulnerabilities in NetScaler ADC and Gateway appliances, urging customers to update to prevent exploitation.
• A Windows LNK flaw was exploited by the XDigo malware in attacks against Eastern European government entities.
• Scanning activity targeting Ichano AtHome IP Cameras was observed, indicating potential exploitation attempts.

Notable Threat Actor Activity

Major Incidents or Breaches

• CoinMarketCap experienced a website supply chain attack that injected a malicious Web3 popup, exposing site visitors to a wallet drainer campaign designed to steal cryptocurrency from connected wallets.
• Oxford City Council suffered a data breach affecting legacy systems, resulting in unauthorised access to personally identifiable information spanning two decades.
• Reports indicate that 16 billion passwords have been leaked from various platforms, including Apple and Google, as a result of cumulative data breaches. The scale of exposure increases the risk of credential stuffing and related attacks.

Notable Threat Actor Activity

Major Incidents or Breaches

• The April 2025 cyberattacks on UK retailers Marks & Spencer and Co-op have been attributed to the threat group Scattered Spider. The incidents have been classified as a “single combined cyber event,” with estimated damages reaching up to $592 million.
• The UK Information Commissioner’s Office (ICO) has imposed a significant fine on 23andMe following its 2023 data breach.

Notable Threat Actor Activity

• Scattered Spider has been identified as the group behind the coordinated attacks on Marks & Spencer and Co-op.
• Israeli authorities have accused Iranian state-linked actors of hacking security cameras in Israel for espionage purposes.
• Ukrainian hackers have reportedly disrupted a major Russian internet provider.
• China’s Salt Typhoon threat group has claimed responsibility for another cyberattack, details of which were not specified.

Trends, Tools, or Tactics of Interest

Major Incidents or Breaches

• Iran’s state-owned TV broadcaster was hacked mid-broadcast, with programming interrupted to air protest videos against the government.
• The Taiwanese cryptocurrency exchange BitoPro attributed a cyberattack resulting in the theft of $11 million in cryptocurrency to the North Korean Lazarus Group.
• American insurance company Aflac disclosed a breach as part of a broader campaign targeting US insurance providers, with potential theft of personal data. The campaign is linked to Scattered Spider.
• A massive distributed denial-of-service (DDoS) attack peaking at 7.3 Tbps targeted a hosting provider, with Cloudflare mitigating the incident. This is the largest DDoS attack recorded to date.
• A significant data breach exposed a plain text file containing 184 million passwords for services including Google, Microsoft, and Facebook.
• Reports surfaced regarding a leak of 16 billion passwords from various data breaches, raising concerns about widespread credential exposure.

Notable Threat Actor Activity

Major Incidents or Breaches

• Satellite communications provider Viasat was breached by China’s Salt Typhoon cyber-espionage group, which has previously targeted multiple telecom providers in the United States and abroad.
• Krispy Kreme confirmed that personal information of over 160,000 individuals was stolen in a cyberattack that occurred in November 2024.
• Paragon’s commercial spyware “Graphite” was used to target at least two prominent European journalists, attributed to an unnamed customer.

Notable Threat Actor Activity

Major Incidents and Breaches

• Episource, a healthcare SaaS provider, disclosed a data breach affecting 5.4 million patients in the United States, with health information stolen during a January cyberattack.
• Asana reported a flaw in its Model Context Protocol (MCP) AI feature, which exposed customer data from some instances to other organisations.
• Over 1,500 Minecraft players were infected by a multi-stage Java-based malware campaign, distributed via malicious game mods and cheats on GitHub, aiming to steal credentials and authentication tokens.
• Pro-Israel hacking group Predatory Sparrow claimed responsibility for stealing and destroying over $90 million in cryptocurrency from Iran’s Nobitex exchange in a politically motivated attack.
• Water Curse, a newly identified threat actor, was found to have hijacked 76 GitHub accounts to deliver multi-stage malware with data exfiltration and remote control capabilities.

Newly Discovered Vulnerabilities