Major Cyber Attacks, Ransomware Attacks and Data Breaches of June 2025
What do global brands like United Natural Foods, North Face, Cartier, Zoom Car, Episource, WestJet, and The Washington Post have in common? On the surface, very little. Yet, beneath their diverse operations, a shared vulnerability unites them: each fell victim to the escalating and damaging effects of cybercrime in June 2025.
This wasn’t just about isolated incidents. From widespread unauthorized access to internal systems to major disruptions in critical operations and customer order fulfillment, the collective impact of June 2025’s cyber incidents has been more devastating than ever. In countless cases, millions of sensitive customer and employee accounts were breached, exposing confidential information and eroding public trust. This alarming trend serves as a stark warning to businesses in Canada and the USA about the rapidly evolving threat landscape.
The writing on the wall couldn’t be clearer: comprehensive cyber preparedness and building robust cyber resilience are no longer optional extras but an urgent, undeniable priority for every business navigating the digital complexities of late 2025 and beyond.
If your organization aims to stand a fighting chance against the ever-present and devastating consequences of a major cyber attack, simply investing in the latest technology won’t suffice. The true differentiator lies in a multi-faceted approach, anchored by a comprehensive Cyber Incident Response Plan (CIRP) backed by robust, ongoing training. It’s a critical business imperative now to proactively prepare through regular cyber tabletop exercises that meticulously simulate real-world attack scenarios. These vital simulations allow you to stress-test your cybersecurity response capabilities across all departments and rehearse these responses regularly, transforming theoretical knowledge into practical readiness.
Ultimately, only those organizations that seamlessly combine the right tools with strategically trained people, optimized processes, and meticulous preparation will possess the agility to truly protect their brand, retain invaluable customer trust, and ensure uninterrupted operations in the face of these growing, sophisticated cyber threats.
This month’s report delves deeper into:
- Ransomware Attacks in June 2025
- Data Breaches in June 2025
- New Malware and Ransomware Discovered
- Vulnerabilities Discovered and Patches Released
- Advisories issued, reports, analysis, etc., in June 2025
Ransomware Attacks in June 2025
| Date | Victim | Summary | Threat Actor | Business Impact | Source Link |
| June 01, 2025 | Durant (OK), Lorain County (OH), and Puerto Rico’s Justice Department | Thousands impacted by cyber attacks on governments in Ohio, Oklahoma, Puerto Rico | RansomHub (Apparently) | Ransomware attacks—likely linked to the RansomHub gang—have disrupted critical services for thousands across Durant (OK), Lorain County (OH), and Puerto Rico’s Justice Department, crippling courts, communications, and digital services as officials scramble to restore operations. | Source: The Record |
| June 04, 2025 | Lee Enterprises | Newspaper giant Lee Enterprises says nearly 40,000 Social Security numbers leaked in ransomware attack | Qilin Ransomware | A ransomware attack by Qilin on newspaper giant Lee Enterprises exposed nearly 40,000 Social Security numbers, disrupted publishing operations nationwide, and caused $2 million in recovery costs along with significant revenue losses. | Source: The Record |
| June 05, 2025 | Kettering Health | Kettering Health confirms attack by Interlock ransomware group as health record system is restored | Interlock | Ohio’s Kettering Health confirmed a ransomware attack by the Interlock gang that disrupted internal systems, phone lines, and electronic health records across 14 hospitals, forcing procedure cancellations and ambulance diversions, with data including financial records reportedly stolen. | Source: The Record |
| June 06, 2025 | Optima Tax Relief | Tax resolution firm Optima Tax Relief hit by ransomware, data leaked | Chaos Ransomware | U.S. tax resolution firm Optima Tax Relief was hit by a double-extortion Chaos ransomware attack—resulting in 69 GB of sensitive corporate and client data, including tax documents, being stolen, encrypted, and leaked online by the threat actors. | Source: Bleeping Computer |
| June 09, 2025 | Sensata Technologies | Sensata Technologies says personal data stolen by ransomware gang | Unknown | A ransomware attack in early April by an unknown threat group infiltrated Sensata Technologies’ network (March 28–April 6), encrypting systems and stealing personal and sensitive data—including SSNs, driver’s licenses, financial and medical information—for over 15,000 employees and dependents, now prompting identity monitoring offers | Source: Bleeping Computer |
| June 10, 2025 | South Korea’s major ticketing platform Yes24 | Ransomware attack on ticketing platform upends South Korean entertainment industry | Unknown | A ransomware attack by an unknown threat actor on South Korea’s major ticketing platform Yes24 has disrupted online bookings, e-book access, and community forums for over four days, forcing cancellations and postponements of K-pop concerts and musicals, triggering a privacy investigation over potential customer data breaches, and echoing similar high-impact attacks on U.S. ticketing platforms like StubHub and Ticketmaster. | Source: The Record |
Data Breaches in June 2025
| Date | Victim | Summary | Threat Actor | Business Impact | Source Link |
| June 02, 2025 | North Face | Nearly 3,000 North Face website customer accounts breached as retail incidents continue | Scattered Spider | A credential stuffing attack on The North Face exposed sensitive customer data—including names, addresses, and purchase history—of nearly 3,000 users, as part of a broader campaign likely linked to the Scattered Spider ransomware group. | North Face Data Breached |
| June 02, 2025 | Cartier | Cartier discloses data breach amid fashion brand cyber attacks | Scattered Spider | Luxury brand Cartier has disclosed a data breach in which hackers accessed and stole limited customer information after compromising its systems. | Cartier Data Breach |
| June 09, 2025 | Texas and Illinois state agencies, TxDOT | Nearly 300,000 crash records stolen from Texas transportation department | Unknown | Texas and Illinois state agencies warned that hackers—unnamed but believed to be organised cyber criminals—compromised a TxDOT account to download nearly 300,000 crash reports containing personal and licensing information, while a phishing campaign against Illinois HFS employees exposed the sensitive data (SSNs, IDs, financial details) of 933 individuals. | Source: The Record |
| June 12, 2025 | Aflac | Aflac says it stopped attack launched by ‘sophisticated cyber crime group’ | Scattered Spider (apparently) | Aflac disclosed that on June 12 it was hit by a sophisticated social-engineering attack—likely the work of the Scattered Spider cyber crime group—that may have exposed Social Security numbers, health records, claims data, and personal information before the intrusion was swiftly contained. | Source: The Record |
| June 16, 2025 | Zoom Car | 8.4 million people affected by data breach at Indian car share company Zoomcar | Unknown | Zoomcar revealed that hackers accessed personal data—including names, phone numbers, addresses, email addresses, and car registration numbers—belonging to approximately 8.4 million users (detected June 9), though no threat actor has been publicly identified and there’s no evidence financial or password details were stolen. | Source: The Record |
| June 16, 2025 | Email hosting provider Cock.li | Hacker steals 1 million Cock.li user records in webmail data breach | Unknown | A hacker exploited a Roundcube webmail vulnerability to steal over 1 million Cock.li user records—exposing email metadata and around 93,000 contact entries, though passwords and email contents remain safe—but the specific threat actor remains unidentified. | Source: Bleeping Computer |
| June 17, 2025 | Episource | More than 5 million affected by data breach at healthcare tech firm Episource | Unknown | Episource, a healthcare tech provider, suffered a cyber attack from late January to early February that exposed sensitive personal and medical data—including SSNs, insurance IDs, diagnoses, test results, and more—of over 5.4 million individuals, though no threat actor has yet claimed responsibility. | Source: The Record |
| June 17, 2025 | Scania | Scania confirms insurance claim data breach in extortion attempt | Hensi hacker | Scania’s insurance claims portal was breached in late May using stolen third-party credentials, resulting in the theft and dark‑web sale of thousands of claim documents by an extortionist calling themselves “hensi,” though the fallout appears limited so far. | Source: Bleeping Computer |
| June 17, 2025 | SaaS provider Episource | Healthcare SaaS firm says data breach impacts 5.4 million patients | Unknown | A ransomware-driven breach at healthcare SaaS provider Episource between January 27–February 6 exfiltrated sensitive personal and medical data for approximately 5.4 million U.S. patients—though the attacker remains unidentified and data misuse has not been detected. | Source: Bleeping Computer |
| June 20, 2025 | Viasat | Telecom giant Viasat breached by China’s Salt Typhoon hackers | Salt Typhoon | Viasat, a major satellite communications provider, was breached by China’s state-linked Salt Typhoon hacking group—allowing them unauthorised access via a compromised device, though no customer impact was detected and the incident has since been remediated. | Source: Bleeping Computer |
| June 21, 2025 | Oxford City Council | Oxford City Council suffers breach exposing two decades of data | Unknown | Oxford City Council suffered a cyber breach in early June that exposed personal data of current and former council officers from as far back as 2001 to 2022 and disrupted ICT services—though no threat actor has yet been identified. | Source: Bleeping Computer |
| June 22, 2025 | McLaren Health Care | Data of more than 740,000 stolen in ransomware attack on Michigan hospital network | International ransomware gang linked to INC group | McLaren Health Care revealed that an international ransomware gang (linked to the INC group) infiltrated its systems between July 17 and August 3, 2024, stealing Social Security numbers, driver’s license details, medical records, and insurance information for 743,131 individuals—leading to system outages, canceled procedures, and provision of credit monitoring services. | Source: The Record |
| June 22, 2025 | Nucor | Steel giant Nucor confirms hackers stole data in recent breach | Unknown | Nucor, North America’s largest steelmaker, confirmed that cyber attackers breached its network in June—temporarily halting production at multiple facilities, stealing corporate data, and triggering an SEC filing—though the perpetrators remain unidentified. | Source: Bleeping Computer |
| June 22, 2025 | McLaren Health Care (and Karmanos Cancer Institute) | McLaren Health Care says data breach impacts 743,000 patients | INC ransomware | A July 2024 ransomware attack by the INC gang on McLaren Health Care (and Karmanos Cancer Institute) exposed personal and health data of about 743,000 patients, disrupted IT and phone systems across its 14‑hospital network, and prompted delayed notification after nine months. | Source: Bleeping Computer |
| June 26, 2025 | Ahold Delhaize | Retail giant Ahold Delhaize says data breach affects 2.2 million people | INC Ransom | A ransomware attack in November targeted Ahold Delhaize’s U.S. systems, exposing sensitive personal, financial, and health data of approximately 2.2 million individuals—INC Ransom was believed to be behind the breach and had posted samples of the stolen files. | Source: Bleeping Computer |
Cyber Attacks in June 2025
| Date | Victim | Summary | Threat Actor | Business Impact | Source Link |
| June 5, 2025 | United Natural Foods | Major food wholesaler says cyber attack impacting distribution systems | Unknown | United Natural Foods disclosed a cyber attack that forced systems offline, disrupting operations and order fulfillment, with ongoing business impacts and recovery efforts underway. | Source: The Record |
| June 07, 2025 | Gluestack’s NPM package | Malware found in NPM packages with 1 million weekly downloads | Unknown | A supply chain attack compromised Gluestack’s popular NPM packages—collectively downloaded 960,000 times weekly—potentially exposing countless developers to malicious code. | Source: Bleeping Computer |
| June 09, 2025 | SentinelOne | SentinelOne shares new details on China-linked breach attempt | APT41 | A China-linked APT41 group deployed ShadowPad via a supply‑chain attack on SentinelOne’s IT logistics partner in early 2025—while also conducting reconnaissance (PurpleHaze) of SentinelOne servers—to install backdoors and exfiltrate data, though no direct breach of SentinelOne itself was found. | Source: Bleeping Computer |
| June 13, 2025 | Thomasville, North Carolina, and Georgia’s Ogeechee Judicial Circuit District Attorney’s Office, with Thomasville’s city systems | Government offices in North Carolina, Georgia disrupted by cyber attacks | Unknown | Cyber attacks disrupted operations in Thomasville, North Carolina, and Georgia’s Ogeechee Judicial Circuit District Attorney’s Office, with Thomasville’s city systems taken offline and the DA’s office—covering four counties—suffering phone and internet outages, court closures, and limited staff capabilities; while no data compromise has been confirmed, Georgia officials admitted prior delays in implementing a backup system, though recent cybersecurity upgrades helped mitigate catastrophic data loss. | Source: The Record |
| June 14, 2025 | WestJet | WestJet investigates cyber attack disrupting internal systems | Unknown | WestJet suffered a cyber attack that disrupted access to its mobile app, website, and select internal systems—though flight operations remained unaffected—as the airline investigates the scope and works with law enforcement; the threat actor remains unidentified and no direct claim has been made. | Source: Bleeping Computer |
| June 15, 2025 | The Washington Post | The Washington Post’s email system hacked, journalists’ accounts compromised | Unknown | Journalists at The Washington Post had their Microsoft-based email accounts compromised in a targeted cyber attack—believed to be state‑sponsored—giving intruders access to sensitive internal communications, though overall systems and customer data were not affected. | Source: Bleeping Computer |
| June 17, 2025 | Iran’s Bank Sepah | Pro-Israel hackers claim breach of Iranian bank amid military escalation | Predatory Sparrow | Pro-Israel hacking group Predatory Sparrow, allegedly linked to Israeli military intelligence, claimed a cyber attack on Iran’s Bank Sepah—disrupting banking services, ATM withdrawals, card payments, and possibly fuel transactions—as retaliation for the bank’s alleged role in funding Iran’s military and nuclear programs, amid escalating Israel-Iran tensions. | Source: The Record |
| June 18, 2025 | Iran’s Nobitex exchange | Pro-Israel hackers hit Iran’s Nobitex exchange, burn $90M in crypto | Predatory Sparrow (aka Gonjeshke Darande) | A pro-Israel hacktivist group known as Predatory Sparrow (aka Gonjeshke Darande) stole and “burned” over $90 million in cryptocurrency from Iran’s Nobitex exchange on June 18, 2025—destroying the funds by sending them to unusable “vanity” wallets in a politically motivated cyber attack. | Source: Bleeping Computer |
| June 19, 2025 | Glasgow City Council and CGI | Glasgow City Council impacted by ‘cyber incident’ | Unknown | Glasgow City Council and its ICT provider CGI confirmed that a cyber attack disrupted multiple online services (from planning forms to bin schedules), forced affected servers offline, and may have resulted in the theft of customer data. | Source: The Record |
| June 19, 2025 | Hawaiian Airlines | Hawaiian Airlines discloses cyber attack, flights not affected | Unknown | Hawaiian Airlines experienced a cyber attack that disrupted access to some internal IT systems—though flights remained on schedule—and while the nature (e.g., ransomware) is unclear, no threat actors have claimed responsibility | Source: Bleeping Computer |
New Ransomware/Malware Discovered in June 2025
| New Ransomware | Summary |
| Acreed malware | According to a report, a newly emerged malware called Acreed is gaining ground in the Russian cyber criminal market and is expected to become the go-to infostealer for hackers, following the recent takedown of Lumma stealer. |
| DarkGaboon (hacking group) | DarkGaboon, a financially driven cyber crime group active since 2023, has been independently targeting Russian organisations across multiple sectors using phishing emails and leaked LockBit 3.0 ransomware, according to Positive Technologies. |
| SuperCard — a malicious variant of the NFCGate tool | Russian cybersecurity firm F6 reported the first local attacks using SuperCard — a malicious variant of the NFCGate tool — which steals bank data via NFC on infected Android devices, marking a shift to commercialised malware-as-a-service operations with global targeting and causing $5.5 million in losses and over 175,000 infections in Russia alone. |
Vulnerabilities Discovered & Patches Released in June 2025
| Date | New Flaws/Fixes | Summary |
| June 02, 2025 | CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 | Qualcomm has released security patches for three zero-day vulnerabilities in the Adreno Graphics Processing Unit (GPU) driver that impact dozens of chipsets and are actively exploited in targeted attacks. |
| June 02, 2025 | CVE-2025-5419 | Google has issued an emergency security update to patch CVE-2025-5419, the third zero-day vulnerability in Chrome exploited in attacks since the beginning of the year. |
| June 03, 2025 | CVE-2025-3935 | CISA has warned U.S. federal agencies of active exploitation of a recently patched ScreenConnect flaw and four other vulnerabilities, including CVE-2025-3935, affecting ASUS routers and the Craft CMS. |
| June 03, 2025 | CVE-2025-37093 | HPE has warned of eight vulnerabilities— including the critical CVE-2025-37093—affecting all StoreOnce versions before v4.3.11, urging users to upgrade to the latest release. |
| June 08, 2025 | CVE-2024-3721 | A new variant of the Mirai malware botnet is exploiting a command injection vulnerability in TBK DVR-4104 and DVR-4216 digital video recording devices to hijack them. |
| June 09, 2025 | CVE-2025-49113 | Over 84,000 Roundcube webmail installations are vulnerable to CVE-2025-49113, a critical remote code execution (RCE) flaw with a public exploit. |
| June 10, 2025 | CVE-2025-33053 | Microsoft’s June 2025 Patch Tuesday addressed 66 security flaws—including one actively exploited WebDAV zero‑day leveraged by APT‑style attackers and another publicly disclosed SMB flaw—to close remote‑code execution and privilege‑escalation gaps. Another report says that Stealth Falcon hackers exploited a Windows WebDAV zero-day (CVE-2025-33053) to deliver custom malware in targeted attacks, primarily against Middle Eastern government and defence entities. |
| June 11, 2025 | CVE‑2025‑32711 | A critical “EchoLeak” zero‑click flaw (CVE‑2025‑32711) in Microsoft 365 Copilot could have silently exfiltrated sensitive corporate data via a malicious email prompt injection—though Microsoft patched it server-side in May before any known exploitation |
| June 13, 2025 | CVE‑2024‑57727 | CISA has issued an advisory warning that ransomware actors have been exploiting CVE‑2024‑57727, a path‑traversal flaw in unpatched SimpleHelp RMM software, to breach a utility billing provider and launch double‑extortion attacks |
| June 15, 2025 | CVE-2025-4123 | More than 46,000 internet-facing Grafana instances remain unpatched and exposed to a client-side open redirect vulnerability that allows executing a malicious plugin and account takeover. |
| June 16, 2025 | CVE‑2025‑3464 | A critical flaw in ASUS Armoury Crate’s kernel driver allowed local attackers—once on a system—to elevate to SYSTEM privileges and potentially take full control of Windows machines |
| June 18, 2025 | CVE-2025-5309 | BeyondTrust has released security updates to fix a high-severity flaw in its Remote Support (RS) and Privileged Remote Access (PRA) solutions that can let unauthenticated attackers gain remote code execution on vulnerable servers. |
| June 21, 2025 | CVE-2025-4322 | Hackers are exploiting a critical privilege escalation vulnerability in the WordPress theme “Motors” to hijack administrator accounts and gain complete control of a targeted site. |
| June 23, 2025 | CVE-2023-20198 | The Canadian Centre for Cyber Security and the FBI confirm that the Chinese state-sponsored ‘Salt Typhoon’ hacking group is also targeting Canadian telecommunication firms, breaching a telecom provider in February. |
| June 25, 2025 | CVE-2025-6543 | Citrix warned that a vulnerability in NetScaler appliances tracked as CVE-2025-6543 is being actively exploited in the wild, causing devices to enter a denial of service condition. |
| June 26, 2025 | CVE-2025-20281 ,CVE-2025-20282 | Cisco has published a bulletin to warn about two critical, unauthenticated remote code execution (RCE) vulnerabilities affecting Cisco Identity Services Engine (ISE) and the Passive Identity Connector (ISE-PIC). |
| June 26, 2025 | CVE-2024-51978 | A critical flaw (CVE-2024-51978) affected 742 printer models from Brother, Fujifilm, Toshiba, and Konica Minolta, allowing remote attackers to generate default admin passwords—with no firmware fix possible for existing devices. |
Warnings/Advisories/Reports/Analysis
| News Type | Summary |
| Report | According to a recent report, a little-known hacking group, Black Owl, has emerged as a major threat to Russian state institutions and critical industries. The group is reportedly carrying out cyber attacks intended to cause maximum disruption while also seeking financial gain. |
| Warning | Google warned that a cyber criminal operation known as “The Com” is tricking companies into giving them widespread access to a popular Salesforce tool, allowing them to steal sensitive data and move through other parts of the organisations. |
| Report | According to newly released FBI data, the Play ransomware gang has targeted over 900 organisations since its emergence in 2022, establishing itself as one of the most dangerous active cyber crime groups. |
| Report | Scammers used phishing to steal £47 million by posing as taxpayers and targeting 100,000 HMRC accounts in a rebate fraud—though no customer funds were lost, arrests were made, and HMRC clarified it was not a cyber or hacking attack like recent ones on major retailers. |
| Report | A newly released report reveals that a cyberespionage group suspected of links to Iran, known as BladedFeline—a likely subgroup of OilRig—has been targeting Kurdish and Iraqi government officials in a prolonged spying campaign, according to cybersecurity firm ESET. |
| Report | A report said that the “Russian Market” cyber crime marketplace has become a leading hub for trading credentials stolen through information-stealing malware. |
| Report | Arkana Security briefly relisted over 569 GB of Ticketmaster data—originally stolen in Snowflake breaches tied to ShinyHunters in 2024—for sale again over the weekend, reigniting concerns about widespread exposure of customer ticketing and personal information. |
| Report | AI is being called a “data‑breach time‑bomb” after a Varonis report found that 99% of organisations expose sensitive information across clouds, apps, and AI copilots—making a single prompt capable of leaking critical data. |
| Report | A recent Coinbase data breach was linked to India-based TaskUs support staff who were bribed by threat actors to leak user data, with two employees admitting to the scheme after one was caught photographing her screen. |
| Report | Google’s Threat Intelligence Group has linked voice phishing attacks by hackers posing as ShinyHunters to attempts at stealing data from Salesforce platforms by tricking employees into using a tampered Data Loader tool. |
| Report | OpenAI dismantled multiple ChatGPT accounts linked to state-backed hackers and disinformation campaigns from countries including China, Russia, North Korea, Iran, and the Philippines, citing misuse for malware development, influence operations, and employment scams. |
| Report | The NHS is urgently calling for 1 million blood donors as stocks remain critically low due to last year’s ransomware attack on Synnovis by the Qilin group, which disrupted pathology services and led to overuse of O-type blood, while over 900,000 patients’ sensitive medical data remains compromised and many still await breach notification. |
| Report | Kazakhstan has arrested over 140 individuals, including business owners and Telegram channel admins, for allegedly selling citizens’ personal data from government databases, with some of the stolen info shared with debt collectors and over 400 devices seized in the crackdown. |
| Report | A massive Google Cloud outage on June 12 disrupted core services—API management failures caused widespread outages across Gmail, Drive, Cloudflare-integrated services, and other critical platforms for over three hours before recovery |
| Report | Victoria’s Secret has fully restored its critical systems and e-commerce platform following a May 24 cyber attack that forced a three-day shutdown—though it continues to assess financial impacts and incurred remediation costs. |
Report | The hacker group Rare Werewolf has targeted hundreds of devices in Russia, Belarus, and Kazakhstan—mainly in industrial firms and engineering schools—using phishing emails to deploy XMRig cryptomining malware via malicious attachments, Kaspersky reports |
| Report | Cyber crime group FIN6 (aka Skeleton Spider) is impersonating job seekers on LinkedIn and Indeed to trick recruiters into opening phishing emails containing the MoreEggs backdoor, marking a shift from their usual payment card and PoS data theft operations, according to DomainTools. |
| Warning | Google has warned that the Scattered Spider hacking collective (aka UNC3944) is now targeting U.S. insurance companies—using sophisticated social‑engineering techniques on help desks and call centers to breach sensitive corporate systems |
| Report | Singapore led a multinational law enforcement operation across seven Asian jurisdictions—including Hong Kong, South Korea, Malaysia, the Maldives, Thailand, and Macao—that investigated 33,900 suspects tied to over 9,200 scams (including investment fraud, fake job sites, and pig butchering), arrested more than 1,800 individuals, froze 32,000 scam-linked bank accounts, and seized $20 million, in response to an estimated $225 million in total victim losses. |
| Report | Belarusian hacktivists known as the Cyber Partisans publicly taunted Kaspersky—mocking the firm’s detailed report on their cyber attacks by suggesting it was merely a self-serving defence of its outdated security tools—asserting they remain undeterred and even grateful for the unintended attention |
| Report | A Fog ransomware attack on an Asian financial institution stood out due to the unusual use of legitimate employee monitoring software (Syteca) and rare pentesting tools (like GC2), raising concerns that the operation may have been a front for espionage rather than a typical ransomware campaign. |
| Report | In a court filing, privacy ombudsman Neil Richards urged that bankrupt genomics firm 23andMe should have obtained separate and affirmative consent from customers before selling their sensitive genetic data — a move prompted by consumer concerns, spikes in deletion requests following a 2023 hack and the company’s March bankruptcy, and criticism from lawmakers, as 23andMe’s prior privacy updates were deemed unclear and possibly conflicting with its public assurances. |
| Report | The UK’s Information Commissioner fined genetic testing firm 23andMe £2.31 million for “profoundly damaging” security failures that exposed sensitive genetic, health, and personal data of over 150,000 UK users during a 2023 credential-stuffing breach. |
| Warning | Google warned that the notorious Scattered Spider (aka UNC3944) hacker group—recently linked to major retail breaches—has now shifted its focus to the insurance sector in the U.S., targeting help desks and call centers with sophisticated social‑engineering attacks to infiltrate networks and access sensitive customer data. |
| Report | Radware reported that the pro-Cambodian hacktivist group AnonsecKh (aka Bl4ckCyb3r) launched at least 73 DDoS and defacement attacks on Thai government and private-sector websites following a border skirmish on May 28, intensifying operations amid rising military tensions. |
| Report | Krispy Kreme confirmed that a November 2024 cyber attack—claimed by the Play ransomware gang—compromised the personal data of around 161,676 people (predominantly employees and family members), including SSNs, driver’s licenses, payment details, health and biometric records, disrupted online ordering, and led to over $11 million in losses. |
| Report | Researchers from Recorded Future and Resecurity discovered that threat actor Brigada Cyber PMC used the Redline infostealer to hack a Paraguayan government official’s device, leading to the leak of personal data belonging to 7.4 million citizens on dark web forums. |
| Report | North Korea’s BlueNoroff APT (aka TA444) used deepfake videos of company executives during fake Zoom calls in June 2025 to trick employees into installing custom macOS malware aimed at cryptocurrency theft. |
| Report | Cloudflare mitigated a record-breaking 7.3 Tbps DDoS attack in mid-May that flooded a hosting provider with 37.4 TB of data in just 45 seconds, using a global, automated defence system to block traffic from over 122,000 IPs across 161 countries. |
| Report | A recent “16 billion credentials” leak isn’t a fresh breach but a massive compilation of old passwords stolen over years via infostealer malware and credential-stuffing attacks—simply repackaged and briefly exposed online |
| Report | Another report on the Synnovis data breach said that the ransomware attack by the Qilin group on Synnovis in June 2023 disrupted blood testing across London hospitals, contributing to a patient’s death and exposing sensitive medical data of over 900,000 individuals, according to the NHS. |
| Report | A British hacker known as “IntelBroker” (Kai West) has been charged in the U.S. for breaching dozens of global companies—stealing and selling sensitive data, inflicting over $25 million in damages, and trafficking stolen information via BreachForums. |
| Warning | The U.S. Department of Homeland Security has issued a National Terrorism Advisory warning that Iran-backed cyber threat actors and pro‑Iranian hacktivists are likely to ramp up low-level cyber attacks targeting poorly secured U.S. networks, internet-connected devices, and critical infrastructure amid the current Israel–Iran conflict |
| Report | The U.S. House of Representatives has officially banned WhatsApp on all government-issued devices—citing it as a “high-risk” app due to unclear data protection, lack of stored-data encryption, and other security vulnerabilities. |
| Report | Hackers have been abusing ConnectWise ScreenConnect’s trusted installer by tampering with its Authenticode signature—injecting malicious settings that convert it into signed remote access malware for stealthy initial access. |
| Report | A new wave of North Korea’s ‘Contagious Interview’ campaign is targeting job seekers with malicious npm packages that infect dev’s devices with infostealers and backdoors. |
| Report | American grocery giant United Natural Foods (UNFI) reported that it has restored its core systems and brought online the electronic ordering and invoicing systems affected by a cyberattack. |
| Report | Hackers associated with “Scattered Spider” tactics have expanded their targeting to the aviation and transportation industries after previously attacking insurance and retail sectors. |
Conclusion: Securing Your Digital Future with Synergy IT Cybersecurity USA
The pervasive cyber incidents of June 2025, meticulously detailed in this report, serve as an undeniable testament to the heightened and ever-evolving threat landscape. From sophisticated ransomware crippling operations to widespread data breaches exposing millions, the digital battlefield demands more than just basic defenses. For businesses across the USA, the imperative for proactive cyber preparedness and robust cyber resilience has never been more urgent.
It’s clear that in today’s environment, where threats are complex and relentless, no organization can afford to navigate these waters alone. The ability to protect your brand, retain customer trust, and ensure uninterrupted operations hinges on a strategic combination of the right tools, highly trained personnel, optimized processes, and meticulous preparation.
This is where Synergy IT Cybersecurity USA steps in. As your dedicated partner in safeguarding digital assets, we understand the unique challenges faced by businesses in the modern cyber threat environment. Our expertise extends beyond merely reacting to incidents; we specialize in building comprehensive, proactive cybersecurity frameworks that integrate cutting-edge technology with best-in-class people and processes. From developing bespoke Cyber Incident Response Plans to conducting realistic cyber tabletop exercises and deploying advanced threat detection solutions, we are committed to fortifying your defenses.
Don’t leave your business vulnerable to the next wave of cyberattacks. Take control of your security posture today.
Contact Synergy IT Cybersecurity USA to assess your organization’s unique risks and build a resilient cybersecurity strategy tailored to protect your operations and ensure your peace of mind.
Source : https://www.cm-alliance.com/cybersecurity-blog/major-cyber-attacks-ransomware-attacks-and-data-breaches-of-june-2025
Contact :
Synergy IT solutions Group
US : 167 Madison Ave Ste 205 #415, New York, NY 10016
Canada : 439 University Avenue, 5th Floor, Toronto, ON M5G 1Y8
US : +1(917) 688-2018
Canada : +1(905) 502-5955
Email :
info@synergyit.com
sales@synergyit.com
info@synergyit.ca
sales@synergyit.ca
Website : https://www.synergyit.ca/ , https://www.synergyit.com/
Comments
Post a Comment