Cyber Weekly Newsletter

Cyber Weekly Newsletter for Friday June 13, 2025

The weekly Security, Tech and Cybercrime newsletter from Riskigy's vCISO Cybersecurity team

Cybersecurity awareness tips and alerts from Riskigy to empower your team to #BeCyberSmart #CyberAware

This Weeks Need-to-Know News and Alerts

⚠️ Microsoft's June 2025 Patch Tuesday, which includes security updates for 66 flaws, ten "Critical" vulnerabilities, eight being remote code execution, including one actively exploited vulnerability and another that was publicly disclosed. https://www.bleepingcomputer.com/news/microsoft/microsoft-june-2025-patch-tuesday-fixes-exploited-zero-day-66-flaws/

⚠️ Google and Mozilla have released patches for a combined total of four high-severity memory bugs in Chrome and Firefox. Chrome 137 and Firefox 139 updates released on Tuesday resolve four high-severity memory bugs, two in each popular browser. https://www.securityweek.com/chrome-firefox-updates-resolve-high-severity-memory-bugs 

⚠️ Adobe Releases Patch Fixing 254 Vulnerabilities, Closing High-Severity Security Gaps. Almost all the 225 vulnerabilities have been classified as cross-site scripting (XSS) vulnerabilities, specifically a mix of stored XSS and DOM-based XSS. https://thehackernews.com/2025/06/adobe-releases-patch-fixing-254.html 

⚠️ ConnectWise is warning customers that it is rotating the digital code signing certificates used to sign ScreenConnect, ConnectWise Automate, and ConnectWise RMM executables over security concerns. https://www.bleepingcomputer.com/news/security/connectwise-rotating-code-signing-certificates-over-security-concerns/ 

⚠️ Trend Micro has released security updates to address multiple critical-severity remote code execution and authentication bypass vulnerabilities that impact its Apex Central and Endpoint Encryption (TMEE) PolicyServer products. https://www.bleepingcomputer.com/news/security/trend-micro-fixes-six-critical-flaws-on-apex-central-endpoint-encryption-policyserver/ 

⚠️ Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion. CISA warns hackers are targeting unpatched SimpleHelp Remote Monitoring and Management (RMM) instances to compromise customers of an unnamed utility billing software provider. https://thehackernews.com/2025/06/ransomware-gangs-exploit-unpatched.html 

⚠️ Vulnerability in Wazuh Server Enables Remote Attackers to Execute Malicious Code. The vulnerability has been assigned a CVSS score of 9.9, reflecting its critical severity. This a critical issue for organizations relying on Wazuh for security monitoring. https://cybersecuritynews.com/wazuh-server-vulnerability-rc 

⚠️ A coordinated campaign of brute-force attacks using hundreds of unique IP addresses targets Apache Tomcat Manager interfaces exposed online. Tomcat is a popular open-source web server widely used by large enterprises and SaaS providers. https://www.bleepingcomputer.com/news/security/brute-force-attacks-target-apache-tomcat-management-panels/ 

⚠️ Salesforce Industry Cloud exposing sensitive data to unauthorized internal and external parties. The weaknesses affect various components like FlexCards, Data Mappers, Integration Procedures (IProcs), Data Packs, OmniOut, and OmniScript Saved Sessions. https://thehackernews.com/2025/06/researchers-uncover-20-configuration.html 

⚠️ GitLab patches high severity account takeover,. GitLab has released security updates to address multiple vulnerabilities in the company's DevSecOps platform, including enabling attackers to take over accounts and inject malicious jobs in future pipelines. https://www.bleepingcomputer.com/news/security/gitlab-patches-high-severity-account-takeover-missing-auth-issues 

⚠️ Fog ransomware hackers are using an uncommon toolset, which includes open-source pentesting utilities and a legitimate employee monitoring software called Syteca. Post-compromise, they used “pass-the-hash” attacks to gain admin privileges. https://www.bleepingcomputer.com/news/security/fog-ransomware-attack-uses-unusual-mix-of-legitimate-and-open-source-tools  

⚠️ Cloudflare confirmed that the massive service outage was not caused by a security incident and no data has been lost. Workers KV is a globally distributed, consistent key-value store used by Cloudflare Workers, the company’s serverless computing platform. https://www.bleepingcomputer.com/news/security/cloudflare-outage-not-caused-by-security-incident-data-is-safe/ 

⚠️ Microsoft confirms auth issues affecting Microsoft 365 users. Microsoft is investigating an ongoing incident that is causing users to experience errors with some Microsoft 365 authentication features. https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-auth-issues-affecting-microsoft-365-users 

⚠️ Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction. The critical-rated vulnerability has been assigned the CVE-2025-32711 (CVSS score: 9.3). It requires no customer action and has been already addressed by Microsoft.  https://thehackernews.com/2025/06/zero-click-ai-vulnerability-exposes.html 

⚠️ Fake website advertising antivirus software from Bitdefender to dupe victims into downloading a remote access trojan called Venom RAT. The site shares temporal and infrastructure overlaps with other malicious domains spoofing banks and IT services. https://thehackernews.com/2025/05/cybercriminals-clone-antivirus-site-to_4.html 

⚠️ Microsoft announced it will expand the list of blocked attachments in Outlook Web and the new Outlook for Windows starting next month. The newly blocked file types are rarely used, so most organizations will not be affected by the change. https://www.bleepingcomputer.com/news/security/microsoft-outlook-to-block-more-risky-attachments-used-in-attacks/ 

⚠️ Suspicious Facebook ads promoting cheap products from well-known brands revealed a massive fraud campaign spanning more than 4,000 domains and impersonating at least 68 brands https://www.scworld.com/news/facebook-malvertising-reveals-4k-domains-spoofing-68-brands  

⚠️ Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool. The account takeover (ATO) campaign that leverages an open-source penetration testing framework called TeamFiltration to breach Microsoft Entra ID (formerly Azure Active Directory) user accounts.  https://thehackernews.com/2025/06/over-80000-microsoft-entra-id-accounts.html 

From Our Blog

✅ Preparing for Account Takeover and Business Email Attacks

Both tactics are employed by cybercriminals to gain unauthorized access to valuable information or financial assets. While they share some commonalities, the methodologies and specific targets of these attacks distinguish them from one another. In this post, we will delve into what sets ATO and BEC attacks apart, their similarities, and effective measures for defending against them…Read more now at https://riskigy.com/blog/f/preparing-for-account-takeover-and-business-email-attacks 

✅ FBI and Verizon Reports Highlight Ransomware and Third-Party Risk

Two major reports, Verizon's 2025 Data Breach Investigations Report (DBIR) and the FBI's 2024 Internet Crime Complaint Center (IC3) Annual Report, provide valuable insights into the current state of cybercrime.…Read more now at https://riskigy.com/blog/f/fbi-and-verizon-reports-highlight-ransomware-and-third-party-risk 

✅ Managing Bring Your Own AI (BYOAI) Risk

While the Bring Your Own AI (BYOAI) trend can enhance productivity and foster innovation, it also introduces a set of compelling risks that businesses must manage carefully. As AI continues to transform the business landscape, a new trend has emerged, Bring Your Own AI (BYOAI)....Read more at https://riskigy.com/blog/f/managing-bring-your-own-ai-byoai-risk 

Differences Between Data Privacy and Data Security

Although these terms are often used interchangeably, they represent distinct facets of protection when managing sensitive information. This post explores the differences between data privacy and data security, providing examples of regulations and highlighting risks businesses face in each area…Read more at https://riskigy.com/blog/f/key-differences-between-data-privacy-and-data-security 

✅ Surge in ClickFix and Fake CAPTCHA Attacks

ClickFix, a social engineering tactic that surfaced last year, involves threat actors designing deceptive websites or phishing attachments that show fake errors and then instruct users to click a button to resolve them…Read more https://riskigy.com/blog/f/surge-in-clickfix-and-fake-captcha-attacks 

Recent Data Breach News

⚠️ Erie Insurance and Erie Indemnity Company have disclosed that a weekend cyberattack is behind the recent business disruptions and platform outages on its website. Erie Indemnity Company is the management company for the Erie Insurance Group. https://www.bleepingcomputer.com/news/security/erie-insurance-confirms-cyberattack-behind-business-disruptions/ 

⚠️ United Natural Foods (UNFI) said it is working to restore its capabilities following a cyberattack last week that continues to disrupt the grocery supply chain. The company, which is the primary distributor for Amazon-owned Whole Foods. https://techcrunch.com/2025/06/10/ongoing-cyberattack-at-us-grocery-distributor-giant-unfi-affecting-customer-orders/ 

⚠️ The Texas Department of Transportation (TxDOT) suffered a data breach after a threat actor downloaded 300,000 crash records from its database. The incident was caused by a threat actor logging into the TxDOT systems using compromised credentials. https://www.bleepingcomputer.com/news/security/texas-dept-of-transportation-breached-300k-crash-records-stolen/ 

⚠️ Tax resolution firm Optima Tax Relief suffered a Chaos ransomware attack, with the threat actors now leaking data stolen from the company.  The Chaos ransomware gang added Optima Tax Relief to its data leak site, claiming to have stolen 69 GB of data. https://www.bleepingcomputer.com/news/security/tax-resolution-firm-optima-tax-relief-hit-by-ransomware-data-leaked 

⚠️ United Natural Foods (UNFI), North America's largest publicly traded wholesale distributor, was forced to shut down some systems following a recent cyberattack. The Company operates 53 distribution centers and delivers products to over 30,000 locations https://www.bleepingcomputer.com/news/security/grocery-wholesale-giant-united-natural-foods-hit-by-cyberattack/ 

Cybersecurity Is Complex! We Are Here To Help

Cyberthreats are everywhere, you don’t have to face them alone. Get Cybersecurity & Tech help from Riskigy!

✔ Looking for an expert to assist your firm or clients? 

✔ Need a pro to explain Tech or Cyber to your management? 

✔ Vetting a new investment or acquisition? 

✔ Want to build a cyber aware staff? 

✔ Need immediate assistance with an incident? 

✔ Considering adding a vCISO or vCTO to your team?

✔ Seeking help with SOC-2, SEC/FINRA, or FTC readiness?

Contact us to discuss how we can assist!