🛡️ Weekly Cyber Update – June 9–15, 2025: Breaches, Botnets, and AI Threats

Community Hub 🔒 Content Archives (Read‑Only)
, ,
1

This week’s update spans June 9–15, 2025, delivering 20 must-know cybersecurity stories. For everyone, we’ve got breaches, scams, and simple safety tips. For pros, dive into zero-days, botnets, and supply chain threats with technical twists. Plus, handy tools and questions to keep you in the game—let’s dive in!

Cybersecurity for Everyone

Your online life’s at risk this week! From airline cyberattacks to massive data breaches, hackers are targeting everyday services and personal data. Secure your accounts and dodge scams with our simple safety tips.

:police_car_light: Top Stories

1. Canada’s Airline WestJet Hit by Cyberattack :airplane:

  • Summary: WestJet, Canada’s second-largest airline, faced a cyberattack that messed up its internal systems and app access.
  • Why it matters: If you fly WestJet, double-check your bookings and watch out for fake emails pretending to be the airline.
  • :link: Read more

2. Paraguay Data Breach Leaks 7.4 Million Records :paraguay:

  • Summary: Hackers dumped personal info of 7.4 million Paraguayan citizens on the dark web.
  • Why it matters: If you’re affected, keep an eye on your bank accounts and consider locking your credit to stop identity theft.
  • :link: Read more

3. Google Cloud Outage Hits Services Worldwide :cloud:

  • Summary: A huge Google Cloud outage, tied to an API issue, disrupted online services globally.
  • Why it matters: When cloud services crash, your favorite apps might fail—keep backups of important stuff offline.
  • :link: Read more

4. Discord Flaw Tricks Users with Old Invites :video_game:

  • Summary: Hackers reused expired Discord invites to send people to scam sites.
  • Why it matters: Only join Discord servers you trust, and report weird links to stay safe.
  • :link: Read more

5. Meta AI Chats Go Public by Mistake :robot:

  • Summary: Private chats with Meta’s AI were accidentally shared online, exposing personal details.
  • Why it matters: Don’t share sensitive info with AI tools—treat them like public spaces.
  • :link: Read more

6. Airlines Sell Your Flight Info to the Government :airplane_departure:

  • Summary: A company owned by big airlines sold passenger data to the Department of Homeland Security.
  • Why it matters: Your travel details might be shared—book with privacy in mind when you can.
  • :link: Read more

7. Texas Crash Reports Stolen in Breach :automobile:

  • Summary: Hackers took 300,000 crash reports from Texas, including names and other personal info.
  • Why it matters: If you’ve had a crash in Texas, watch for fake messages trying to scam you.
  • :link: Read more

8. ChatGPT Goes Down Globally :speech_balloon:

  • Summary: ChatGPT had a worldwide outage, locking users out of the popular AI chatbot.
  • Why it matters: Don’t count on AI tools for urgent tasks—have a Plan B ready.
  • :link: Read more

9. Grocery Shortages After Cyberattack on Supplier :bread:

  • Summary: A cyberattack on United Natural Foods caused delivery delays and empty shelves at stores like Whole Foods.
  • Why it matters: Everyday shopping can be hit by cyberattacks—keep some essentials stocked at home.
  • :link: Read more

10. Erie Insurance Disrupted by Cyberattack :office_building:

  • Summary: Erie Insurance confirmed a cyberattack that caused outages and business hiccups.
  • Why it matters: If you’re insured with Erie, check your account and beware of phishing emails pretending to be them.
  • :link: Read more

Pro Insights: Advanced Cyber Threats (Advanced)

Pros and learners, it’s a wild week! Supply chain attacks, zero-days, and botnets are hitting software and infrastructure hard. Sharpen your defenses with these technical updates and tools.

:police_car_light: Top Technical Updates

1. Supply Chain Attack Targets Gluestack Packages :hammer_and_wrench:

  • Summary: Hackers slipped malware into 16 Gluestack NPM packages, risking over 950,000 weekly downloads.
  • Why it matters: Supply chain attacks can poison trusted code—check package integrity and audit dependencies regularly.
  • :link: Read more

2. Mirai Botnets Exploit Wazuh Flaw :robot:

  • Summary: Mirai botnets used a critical flaw (CVE-2025-24016) in Wazuh servers for denial-of-service attacks.
  • Why it matters: Unpatched systems are botnet bait—update Wazuh now to block remote code execution.
  • :link: Read more

3. Discord Links Deliver Malware :video_game:

  • Summary: Expired Discord invites were hijacked to spread AsyncRAT and Skuld malware targeting crypto wallets.
  • Why it matters: Zero-days (new flaws hackers exploit) are popping up—watch for odd network traffic.
  • :link: Read more

4. Grafana Flaw Exposes 46,000 Instances :desktop_computer:

  • Summary: A vulnerability in Grafana lets hackers take over accounts on over 46,000 unpatched systems.
  • Why it matters: Patch Grafana fast—open redirect flaws are a quick path to credential theft.
  • :link: Read more

5. Anubis Ransomware Now Wipes Files :floppy_disk:

  • Summary: Anubis ransomware added a wiper feature to destroy files beyond recovery.
  • Why it matters: Offline backups are your lifeline—ransomware’s getting nastier.
  • :link: Read more

6. Palo Alto Patches Privilege Bugs :shield:

  • Summary: Palo Alto fixed multiple flaws letting attackers gain higher access in its systems.
  • Why it matters: Unpatched privilege escalation can hand over full control—update your gear ASAP.
  • :link: Read more

7. Fog Ransomware Uses Rare Tools :detective:

  • Summary: Fog ransomware hit an Asian firm in May 2025 using unusual pentesting and monitoring tools.
  • Why it matters: Legit tools in attacks dodge detection—monitor for strange process behavior.
  • :link: Read more

8. Apple Fixes iPhone Spyware Flaw :mobile_phone:

  • Summary: Apple patched a zero-click Messages flaw (CVE-2025-43200) used by Paragon spyware on journalists.
  • Why it matters: Zero-click attacks need no clicks—keep your devices updated to stay safe.
  • :link: Read more

9. JSFireTruck Malware Hits 269,000 Sites :globe_with_meridians:

  • Summary: A campaign infected over 269,000 websites with tricky JavaScript malware using JSFuck obfuscation.
  • Why it matters: Web infections are sneaky—use content security policies to block bad scripts.
  • :link: Read more

10. Entra ID Accounts Targeted with TeamFiltration :key:

  • Summary: Hackers used TeamFiltration to attack over 80,000 Microsoft Entra ID accounts.
  • Why it matters: Password spraying is on the rise—turn on multi-factor authentication everywhere.
  • :link: Read more

:brain: Takeaway

Hackers are hitting everything from airlines to AI tools—stay ahead with these steps!

  • :locked: Turn on two-factor authentication for all your accounts.
  • :mobile_phone_with_arrow: Stick to trusted app sources to avoid malware traps.
  • :man_detective: Double-check unexpected emails or calls before clicking or replying.

:hammer_and_wrench: Tools of the Week

:speech_balloon: Community Questions

  • Everyone: With breaches like Paraguay’s and airline hacks, what’s your go-to trick for keeping your personal info safe? Share below!
  • Pros: Supply chain attacks and zero-days are spiking—how are you locking down your systems this quarter? Let’s swap ideas!

:globe_with_meridians: Stay Connected and Secure

Want more? :bell: Join the Crushing Security newsletter for the latest news and tips: Sign up here.
Drop your thoughts below—let’s keep the convo rolling!

:repeat_button: Suggestions

:light_bulb: Got ideas to make these updates better? Comment below, visit the feedback page, or ping Steve.

2

Update regarding Wazah
Thanks Md. Nazmur Sakib from Wazuh for the patch context!

CVE-2025-24016 fixed in Oct 2024 with v4.9.1 - see https://wazuh.com/blog/addressing-the-cve-2025-24016-vulnerability/

image
image564Ă—348 23.8 KB

Ref: 🔒 Weekly Cybersecurity Roundup: June 9–15, 2025 🔒 | Crushing Security