- Mycomputerspot Security Newsletter
- Posts
- Cybersecurity Threats and Trends - 06/12/2025
Cybersecurity Threats and Trends - 06/12/2025
From sophisticated AI data theft to novel covert channels using smartwatches, this week's threats demonstrate the continuous evolution of attack techniques targeting both emerging technologies and traditional infrastructure.
Discover the many benefits of global hiring
Global hiring and remote work are rising. Deel’s here to help. With our Business Case for Global Hiring Guide, we’ll guide you through everything.
Learn more about:
Benefits of global hiring
Global hiring methods
Costs of global hiring
Solutions to global hiring challenges
Isn't it time you dive into a world of global hiring capabilities? Explore the ins and outs of global hiring with our free, ready-to-use guide.

While you were busy trying to remember if you actually turned on MFA for your personal email, the cyber underworld was busy innovating new ways to ruin your Monday. Let's dive into this week's digital dumpster fires, shall we?
1. 'EchoLeak' AI Attack Enables Theft of Sensitive Data via Microsoft 365 Copilot
Primary Threat: Security researchers have discovered a critical vulnerability in Microsoft 365 Copilot that allowed attackers to perform zero-click attacks to steal sensitive data from AI conversations.
Risk: HIGH
Microsoft recently patched CVE-2025-32711, dubbed "EchoLeak," a vulnerability that could have been exploited to extract sensitive information from Copilot conversations without any user interaction. The flaw allowed attackers to craft specially designed prompts that could trick the AI into revealing confidential data from previous conversations, including credentials, business strategies, and intellectual property. This vulnerability highlights the emerging security challenges in AI-assisted productivity tools that have access to vast amounts of organizational data.
Detection and Remediation Tips:
Apply Microsoft's latest security updates immediately to patch the EchoLeak vulnerability
Review your organization's Microsoft 365 Copilot usage policies and implement data boundaries
Train employees on safe AI interaction practices, including not sharing sensitive information with AI tools
Monitor Copilot logs for suspicious activity or unusual prompt patterns
Consider implementing additional data loss prevention controls for AI-assisted tools
2. Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management
Primary Threat: Ransomware operators are actively exploiting vulnerabilities in SimpleHelp Remote Monitoring and Management software to compromise utility billing systems.
Risk: HIGH
CISA has released an advisory warning that ransomware actors are leveraging unpatched SimpleHelp RMM software to compromise utility billing providers. The attackers exploit these vulnerabilities to gain initial access, move laterally through networks, and deploy ransomware payloads. This campaign specifically targets critical infrastructure organizations, with several municipal water utilities already affected. The advisory notes that attackers are exploiting CVE-2025-28764, a critical authentication bypass vulnerability with a CVSS score of 9.8.
Detection and Remediation Tips:
Immediately patch SimpleHelp RMM software to the latest version (5.1.2 or later)
Implement network segmentation to isolate critical operational technology networks from IT networks
Review remote access solutions and implement multi-factor authentication for all remote access
Monitor for indicators of compromise detailed in the CISA advisory
Develop and test incident response plans specifically for ransomware scenarios affecting critical systems
3. Smartwatch Attack Technique Captures Ultrasonic Covert Communication in Air-Gapped Environments
Primary Threat: Researchers have demonstrated a novel attack technique that uses smartwatches to capture ultrasonic covert communications in air-gapped environments, enabling data exfiltration.
Risk: MEDIUM
Security researchers revealed a new attack method called "UltraLeap" that leverages smartwatches' microphones to capture ultrasonic signals transmitted by compromised air-gapped computers. The attack works by first infecting an air-gapped system with malware that encodes stolen data into ultrasonic sound waves inaudible to humans. Nearby smartwatches can then capture these signals through their microphones, store the encoded data, and later transmit it when connected to the internet. This technique could potentially bypass traditional air-gap security measures that rely on physical isolation.
Detection and Remediation Tips:
Implement strict policies regarding wearable devices in sensitive air-gapped environments
Consider RF-shielded rooms for the most sensitive air-gapped systems
Deploy acoustic monitoring solutions capable of detecting ultrasonic transmissions
Ensure endpoint protection on air-gapped systems to prevent initial compromise
Review and update air-gap security protocols to address emerging covert channel techniques
Did you know...?
Air-gapped systems, like those targeted by the UltraLeap smartwatch attack, have a fascinating history of being compromised through increasingly creative covert channels. Traditional air-gapping involves physically isolating a computer or network from unsecured networks, including the internet. However, researchers have demonstrated numerous ways to breach these gaps using electromagnetic emissions (Van Eck phreaking), thermal manipulations, acoustic techniques, and even LED status lights. The Israeli research team that discovered the original "AirHopper" technique in 2014 demonstrated data exfiltration through FM radio signals, and subsequent research has shown that even a computer's cooling fans can be manipulated to transmit data acoustically. Perhaps most surprisingly, researchers have shown that malware can extract encryption keys by simply listening to the sound a computer makes while processing cryptographic operations…
Proving that in cybersecurity, no gap is truly unbridgeable when attackers are sufficiently motivated and creative.
4. Cyberattack on NHS Professionals Leads to Theft of Active Directory Data
Primary Threat: NHS Professionals, a staffing organization for the UK's National Health Service, has suffered a significant data breach involving the theft of Active Directory data.
Risk: HIGH
According to security reports, attackers compromised NHS Professionals' network and exfiltrated Active Directory data containing information on thousands of healthcare workers. The stolen data includes usernames, email addresses, role information, and hashed passwords. While patient data was not directly compromised, the breach creates significant risks for targeted phishing attacks against healthcare workers and potential lateral movement into connected healthcare systems. NHS Professionals has temporarily disabled remote access while investigating the incident.
Detection and Remediation Tips:
If you're an NHS Professional, change your password immediately and enable multi-factor authentication
Be vigilant for targeted phishing attempts using stolen information
Healthcare organizations should monitor for suspicious authentication attempts using compromised credentials
Review Active Directory security configurations and implement least-privilege access controls
Consider implementing privileged access management solutions for sensitive healthcare systems
5. Fog Ransomware Attack Uses Unusual Mix of Legitimate and Open-Source Tools
Primary Threat: A new ransomware variant called Fog is using an unusual combination of legitimate and open-source tools to evade detection and encrypt victim systems.
Risk: HIGH
Security researchers discovered that the Fog ransomware group is employing a sophisticated attack chain that leverages legitimate system administration tools and open-source security software to establish persistence and move laterally through networks. The group uses PowerShell Empire for command and control, Mimikatz for credential theft, and a modified version of the open-source Rclone tool for data exfiltration. This "living off the land" approach makes detection particularly challenging as the tools themselves appear legitimate until used maliciously.
Detection and Remediation Tips:
Implement application allowlisting to control which tools can run in your environment
Deploy advanced endpoint detection and response (EDR) solutions that can detect suspicious behavior patterns
Monitor for unusual PowerShell activity, especially scripts that disable security features
Implement network segmentation to limit lateral movement opportunities
Regularly audit the use of administrative tools and establish baselines for normal behavior
6. Radware Cyber Survey Uncovers Critical Weaknesses in Application Security Measures
Primary Threat: A comprehensive survey by Radware reveals widespread critical weaknesses in application security measures across industries, with 68% of organizations experiencing successful API-based attacks in the past year.
Risk: MEDIUM
According to Radware's latest cyber survey findings, organizations are struggling to secure their expanding application footprints, particularly APIs. The survey of over 1,000 cybersecurity professionals found that 68% of organizations experienced successful API attacks in the past 12 months, yet only 24% have comprehensive API security solutions in place. Additionally, 57% of respondents admitted they lack visibility into shadow or zombie APIs, creating significant blind spots in their security posture.
Detection and Remediation Tips:
Conduct a comprehensive inventory of all APIs in your environment, including shadow APIs
Implement API security solutions that provide visibility, monitoring, and protection
Develop and enforce secure API development practices and standards
Regularly test APIs for security vulnerabilities through penetration testing
Consider implementing API gateways to centralize management and security controls
IN SUMMARY:
The exploitation of remote management tools in critical infrastructure and the theft of Active Directory data from healthcare organizations highlight the ongoing risks to essential services, while the Fog ransomware's innovative use of legitimate tools shows how threat actors continue to adapt their methods to evade detection.
🚨 Key Takeaways:
✔️ AI-powered productivity tools introduce new attack surfaces and data security challenges that require specialized protection measures.
✔️ Critical infrastructure remains highly vulnerable to ransomware attacks, particularly through remote management software.
✔️ Air-gapped systems are increasingly at risk from sophisticated covert channels that leverage everyday devices like smartwatches.
✔️ Healthcare organizations continue to be prime targets for cyberattacks, with employee data often serving as an entry point.
✔️ Ransomware groups are increasingly using legitimate tools and "living off the land" techniques to evade traditional security controls.
✔️ API security remains a significant blind spot for many organizations despite the growing number of successful attacks targeting these interfaces.
🔎 Immediate Actions:
✔️ Apply Microsoft's latest security updates to address the EchoLeak vulnerability in Microsoft 365 Copilot.
✔️ Patch SimpleHelp RMM software immediately if used in your environment, especially for critical infrastructure.
✔️ Implement strict policies regarding wearable devices in sensitive air-gapped environments.
✔️ Review Active Directory security configurations and implement least-privilege access controls.
✔️ Deploy advanced endpoint detection solutions capable of identifying suspicious behavior patterns, even from legitimate tools.
✔️ Conduct a comprehensive inventory of all APIs in your environment and implement proper security controls.
💡 Stay vigilant, patch promptly, and remember that in cybersecurity, paranoia isn't a disorder – it's a job requirement. 💡
J.W.
(P.S. Check out our partners! It goes a long way to support this newsletter!)
Not conservative. Not liberal. Just Christian.
Trust in media is at an all-time low (shocking… we know), but let’s keep “walking around completely uninformed” as a backup plan.
The Pour Over provides concise, politically neutral, and entertaining summaries of the world’s biggest news paired with reminders to stay focused on eternity.