Cybersecurity Weekly — June 30, 2025

Major takedowns, airline disruptions, AI-powered threats, and the first confirmed patient death linked to ransomware — here’s what shook the cybersecurity world this week

🔍 Breaches and Threat Activity

OneClik malware campaign targets energy sector
A new attack leverages Microsoft ClickOnce and Golang backdoors to infiltrate oil and gas organizations
🔗 Read more

Hacker pleads guilty to attacks used to promote his cybersecurity business
Nicholas Michael Kloster admitted to orchestrating real-world hacks as a marketing ploy
🔗 Read more

UK patient death linked to Qilin ransomware attack
Disruption to NHS diagnostic systems in London delayed care with fatal consequences
🔗 Read more

Hawaiian Airlines investigating major IT outage
Ransomware suspected after internal systems went dark across the airline’s operations
🔗 Read more

Nth Degree data breach impacts nearly 40,000 identities
Event management vendor for Walmart, Dell, and others exposed sensitive personal data
🔗 Read more

🧑‍⚖️ Arrests and Legal Actions

ShinyHunters crew arrested in France
Four members tied to BreachForums and high-profile leaks detained in multi-region sting
🔗 Read more

IntelBroker unmasked as British hacker Kai West
Accused of 40+ attacks and selling stolen data under a notorious alias
🔗 Read more

Law enforcement crackdowns reshaped cybercrime in 2024
From botnets to ransomware crews, proactive takedowns disrupted the global threat landscape
🔗 Read more

🛠️ Vulnerabilities and Exploits

Citrix Bleed 2 actively exploited — CVE-2025-5777
New NetScaler flaw lets attackers read protected memory without authentication
🔗 Read more

Open VSX Registry flaw threatens VS Code ecosystem
Critical bug could have allowed full takeover of the Visual Studio Code extension hub
🔗 Read more

Bluetooth chip vulnerabilities affect top audio brands
29 products from Bose, Sony, Jabra, and others may expose call history and microphone access
🔗 Read more

🧠 AI, Malware, and Evolving Tools

Cybercriminals ramp up abuse of large language models
Cisco Talos says LLMs are being used to craft phishing lures, malware, and social engineering tactics
🔗 Read more

GIFTEDCROOK evolves into an advanced exfiltration tool
Now capable of stealing documents and browser secrets in stealth
🔗 Read more

Poseidon Stealer rebrands as Odyssey Stealer
Malware-as-a-service shifts tactics with new lures and improved delivery
🔗 Read more

Malware uses prompt injection to fool AI scanners
Injected command tricks code analysis tools into reporting “no malware detected”
🔗 Read more

🌐 Geopolitical Cyber Risks

Scattered Spider targeting airline sector
FBI warns of social engineering campaigns bypassing MFA by abusing help desk workflows
🔗 Read more

Massive spike in MOVEit Transfer scanning
Over 300 unique IPs were probing systems in late May, indicating widespread interest
🔗 Read more

Free VPNs still leaking user data to China
TTP finds numerous risky apps remain in Google and Apple stores despite earlier warnings
🔗 Read more

Facebook requests access to photos for AI features
New prompt encourages users to enable cloud processing for AI-generated edits
🔗 Read more