Major Incidents or Breaches

  • Switzerland’s government reported that sensitive data from multiple federal offices was compromised following a ransomware attack on the third-party provider Radix.
  • Europol, in coordination with Spanish authorities, dismantled a cryptocurrency investment fraud ring responsible for laundering approximately $540 million (€460 million) from over 5,000 victims. Five suspects were arrested.
  • Over 1,200 Citrix NetScaler ADC and NetScaler Gateway servers remain unpatched against a critical authentication bypass vulnerability, which is reportedly being actively exploited.
  • The hacker collective Scattered Spider continues its campaign targeting the airline sector, with Microsoft designating the group as a significant cyber threat.
  • The FBI disclosed that cybercriminals are impersonating health fraud investigators to steal sensitive health information from US citizens.
  • The US Justice Department revealed that the identities of more than 80 Americans were stolen to facilitate North Korean IT worker scams, with action taken against associated “laptop farms.”
  • A government report indicated that a hacker was hired by the Sinaloa drug cartel to identify and target individuals connected to the FBI’s investigation, leading to fatal outcomes.

Newly Discovered Vulnerabilities

  • Vulnerabilities in Airoha Bluetooth chips, used in Sony and Bose earbuds and headphones, could allow attackers to hijack both the audio devices and any connected host systems. Details of the vulnerabilities have not yet been published.
  • Some Brother printers are affected by a critical security flaw that can be mitigated by changing the default admin password.
  • Microsoft warned of delays in the delivery of June 2025 Windows security updates due to an incorrect metadata timestamp.

Notable Threat Actor Activity

  • US agencies (CISA, FBI, NSA, DC3) issued a joint advisory regarding increased Iranian state-sponsored cyber activity targeting US defense, operational technology (OT) networks, and critical infrastructure.
  • Blind Eagle, a known threat actor, has been linked to the use of the Russian bulletproof hosting service Proton66 for phishing campaigns and remote access trojan (RAT) deployment targeting Colombian banks.
  • Ongoing AI-themed SEO poisoning attacks are distributing Lumma and Vidar infostealers and other malware via malicious websites optimized for AI-related search terms.

Trends, Tools, or Tactics of Interest

  • Microsoft Defender for Office 365 now automatically detects and blocks email bombing attacks.
  • Identity-based attacks, including impersonation and credential theft, continue to rise in frequency and sophistication.
  • Attackers are increasingly leveraging legitimate system functionality and user credentials, often exploiting “by design” behaviors rather than technical flaws.

Regulatory or Policy Developments Affecting the Security Industry

  • The Canadian government ordered Hikvision Canada to cease all operations due to national security concerns, though individuals and private businesses may still purchase Hikvision products.
  • The Berlin Data Protection Commissioner formally requested Google and Apple to remove the DeepSeek AI application from their app stores for GDPR violations.
  • Microsoft announced it will remove password management functionality from its Authenticator app starting August 1, 2025, as part of a shift towards passkey-based authentication.
  • Proposed US legislation aims to reduce federal AI funding for states that enact AI regulations, with exemptions for laws addressing unfair practices and child sexual abuse material.