Skip to main content
  • EN
  • PL
Dariusz Socha | Cybersecurity Architect | NIS2
Better call Dario
+48 515490505 
  • Home
  • About me
  • AI Blog
  • Contact

June 2025

July 10, 2025 at 12:24 am, No comments

Heatwave in Cyberspace — The State of Cyber-Security (June 2025)

While Europe sweltered in record temperatures, the digital world saw its own flare-ups: billion-record leaks, stealthy nation-state intrusions and a fresh crop of “10/10” vulnerabilities. Below is an analyst’s digest of the facts, figures and forward-looking advice from the past 30 days.

1. Key events of June 2025

  • EU adopts the new Cyber-Crisis Blueprint – the Council recommendation clarifies national and EU-level roles for large-scale incidents and dovetails with NIS 2 and NATO cyber-defence plans ➜(Rada UE)

  • BreachForums takedown – French police arrested five core ShinyHunters operators, disrupting the largest stolen-data market ➜(news.sophos.com)

  • “GOAT” credential leak (16 billion records) – researchers published the biggest ever combo-list, compiled from 30 breaches and infostealer logs ➜(Cybernews)

  • Viasat confirmed as victim of China-linked Salt Typhoon – investigators found intrusions into satellite core networks, but no customer impact ➜(Reuters)

  • United Natural Foods (UNFI) outage – ransomware-like disruption froze electronic ordering for ten days, denting quarterly EBIT by an estimated USD 15–20 million ➜(United Natural Foods)

2. June’s headline attacks

2.1 Lee Enterprises – Qilin ransomware hits the presses

  • Vector: ransomware + data exfiltration (≈ 350 GB)

  • Impact: printing halted, payment systems offline, 39 779 SSNs exposed; recovery cost ≈ USD 2 million ➜(Iowa Capital Dispatch)

  • Mitigation: network segmentation between editorial/printing, immutable backups, MFA on print services.

2.2 Kettering Health – Interlock in healthcare

  • Vector: spear-phishing → EHR encryption

  • Impact: 14 hospitals diverted ambulances; potential leak of 941 GB medical data ➜(Kettering Health)

  • Response: Epic EHR rebuilt in 13 days, staff phishing drills, micro-segmentation of OT/clinical VLANs.

2.3 United Natural Foods (UNFI) – supply-chain bottleneck

  • Vector: undisclosed (likely ransomware)

  • Impact: electronic purchase orders down 10 days; stock price dip; EBIT hit forecast at 15–20 M USD ➜(United Natural Foods)

  • Lesson: build resilient EDI paths and offline ordering fallback.

2.4 Optima Tax Relief – Chaos ransomware

  • Vector: vulnerable VPN appliance

  • Impact: 69 GB of tax data (SSNs, returns) leaked, raising ID-theft risk ➜(PR Newswire)

  • Controls: VPN patching cadence, key rotation, encrypted data at rest, Zero-Trust posture.

2.5 Viasat – Salt Typhoon espionage

  • Vector: unpatched Cisco IOS XE (CVE-2023-20198) on edge routers

  • Impact: access to call-metadata; no service disruption ➜(Reuters)

  • Countermeasures: immediate firmware updates, GRE-tunnel monitoring, continuous validation of router configs.

3. New vulnerabilities and patches

CVE CVSS Summary Recommended action
CVE-2025-5777 “CitrixBleed 2” 9.8 NetScaler ADC/Gateway memory over-read enables session hijack ➜(TechRadar) Upgrade to 13.1-59.19 / 14.1-47.46; force log-out and rotate auth tokens
CVE-2025-33053 8.8 Windows WebDAV zero-day used by APT “Stealth Falcon” ➜(Help Net Security) Apply June Patch Tuesday (KB5038xxx), disable WebDAV if unused, WAF filtering
CVE-2025-20282 10.0 Cisco ISE 3.4 unauthenticated file-upload → root RCE ➜(SecurityWeek) Install ISE 3.4 Patch 2; restrict API, run Nessus QID 240417
CVE-2025-5349 / 6543 9.1 / 8.3 NetScaler Gateway flaws enabling session capture & DoS ➜(wiz.io) Patch, reset passwords, schedule forced log-outs
CVE-2025-47172 8.8 SQL-injection → RCE in SharePoint 2016/2019 ➜(nvd.nist.gov) Apply KB5002729/KB5002732; isolate SharePoint farm; WAF rules

4. June 2025 in numbers

  • 33 publicly disclosed incidents and 16 bn compromised records (highest on record) ➜(itgovernance.co.uk)

  • +37 % month-on-month surge in BEC volume; 46 % of cash-out remains pure credential phishing ➜(fortra.com)

  • 86 victims claimed by Qilin – the most active ransomware crew in June ➜(cyble.com)

  • 19× rise in malicious .es domains; 99 % impersonated Microsoft ➜(TechRadar)

  • 65 CVEs fixed by Microsoft (2 zero-days) on 11 June Patch Tuesday ➜(tenable.com)

5. Outlook & recommendations (Q3 2025)

  1. AI-powered RaaS will drive time-to-ransom below 48 h – speed up detection & response loops.

  2. Edge device exploitation (VPN/ADC) will remain the APT entry zone; patch latency must drop below 7 days.

  3. Third-party SaaS exposure – ticketing, e-commerce, HR portals are the next supply-chain targets.

  4. Credential stuffing boom on the back of the 16 bn “GOAT” leak.

  5. Regulatory pressure (DORA, NIS 2) will boost budgets for threat intel and resilience testing.

“If you can’t shrink mean time-to-detect to under a week, your cyber-insurance premium will do it for you.” — Marta Jasińska, Analyst, CERT-PL.

6. Action checklist

  • Patch NetScaler ADC/Gateway against CVE-2025-5777 immediately.

  • Deploy June Patch Tuesday fixes (KB5038xxx) across endpoints and servers.

  • Apply Cisco ISE 3.4 Patch 2 or isolate vulnerable nodes.

  • Rotate privileged passwords and enforce MFA organisation-wide.

  • Test restoration from offline (air-gapped) backups.

  • Tighten WAF rules for WebDAV and SQL-injection patterns.

  • Document and drill procedures for rapid isolation of critical OT/ICS assets.

7. Worth reading

  • CERT-EU Cyber Brief 25-07 (June 2025) – executive EU threat overview ➜(cert.europa.eu)

  • Verizon 2025 Data Breach Investigations Report – 20-year trendline analysis ➜(Verizon)

  • Fortra BEC Global Insights – June 2025 – granular BEC metrics and tactics ➜(fortra.com)

  • CISA Known Exploited Vulnerabilities catalog – filter by “Add date: June 2025” for prioritised patching.

Sources

  1. Council of the EU, EU adopts blueprint to better manage European cyber crises and incidents, 6 Jun 2025. (Rada UE)

  2. Sophos, Taking the shine off BreachForums, 26 Jun 2025. (news.sophos.com)

  3. Cybernews, 16 billion passwords exposed in colossal data breach, 3 Jul 2025. (Cybernews)

  4. Reuters, Viasat identified as victim in Chinese Salt Typhoon cyber-espionage, 17 Jun 2025. (Reuters)

  5. UNFI, Systems update, 26 Jun 2025. (United Natural Foods)

  6. Iowa Capital Dispatch, Lee Enterprises agrees to settlement after ransomware, 27 Jun 2025. (Iowa Capital Dispatch)

  7. Kettering Health, Cyber-security incident FAQ, updated 20 Jun 2025. (Kettering Health)

  8. PR Newswire, Optima Tax Relief data breach investigation, 24 Jun 2025. (PR Newswire)

  9. TechRadar, CitrixBleed 2 exploits are now in the wild, 9 Jul 2025. (TechRadar)

  10. Help Net Security, Microsoft fixes zero-day exploited for cyber-espionage (CVE-2025-33053), 11 Jun 2025. (Help Net Security)

  11. SecurityWeek, Critical Cisco ISE vulnerabilities allow RCE, 26 Jun 2025. (SecurityWeek)

  12. Wiz Blog, Critical vulnerabilities in NetScaler ADC exploited in the wild, 6 Jul 2025. (wiz.io)

  13. NVD, CVE-2025-47172 detail, 10 Jun 2025. (nvd.nist.gov)

  14. IT Governance, Global data breaches and cyber attacks in June 2025, 4 Jul 2025. (itgovernance.co.uk)

  15. Fortra, BEC Global Insights Report – June 2025, 5 Jul 2025. (fortra.com)

  16. Cyble, Top ransomware groups June 2025: Qilin reclaims top spot, 2 Jul 2025. (cyble.com)

  17. TechRadar, Experts flag surge in .es phishing domains, 9 Jul 2025. (TechRadar)

  18. Tenable, Microsoft’s June 2025 Patch Tuesday addresses 65 CVEs, 10 Jun 2025. (tenable.com)

  • TechRadar
  • TechRadar

No comments

Leave a reply







Recent Posts

  • June 2025
    10 Jul, 2025
  • May 2025
    19 Jun, 2025


  • Home
  • About me
  • AI Blog
  • Contact