Weekly One-Shot: June 08 – June 14, 2025

This week's threats and trends.

In partnership with

Before we dive in, I would like to thank all of you for supporting us with your subscription! My goal is to bring both actionable insights and easy-to-digest information regarding cybersecurity threats to non-tech and technical professionals alike. If this sounds like something that would help someone you know, please share the newsletter!

Learn AI in 5 minutes a day

This is the easiest way for a busy person wanting to learn AI in as little time as possible:

  1. Sign up for The Rundown AI newsletter

  2. They send you 5-minute email updates on the latest AI news and how to use it

  3. You learn how to become 2x more productive by leveraging AI

This week's threat landscape felt like watching AI turn against us while ransomware groups discovered the joys of legitimate software abuse. We've got Microsoft's Copilot leaking secrets, GPS devices that can strand you roadside, and healthcare workers whose credentials are now floating around the dark web like digital confetti.

But hey, at least INTERPOL managed to take down 20,000 malicious IPs while we were all busy figuring out whether our smartwatches were secretly recording ultrasonic spy signals. Because apparently, air gaps aren't as secure as we thought—who knew?

Patch early. Trust nothing. Then grab some coffee and let's dive into this week's digital chaos.

This week in Cybersecurity

1. Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring
CISA warns that ransomware actors are leveraging unpatched SimpleHelp RMM software to compromise utility billing providers, exploiting CVE-2025-28764 with a CVSS score of 9.8.
June 12 Newsletter

2. SinoTrack GPS Vulnerable to Remote Vehicle Control via Default Passwords
Security vulnerabilities in SinoTrack GPS devices could allow attackers to cut off fuel remotely or track vehicle locations due to default passwords, with no patch currently available.
June 10 Newsletter

3. Former Black Basta Members Use Microsoft Teams and Python in 2025 Attacks Former Black Basta ransomware members are leveraging Microsoft Teams to pose as corporate help desks and deploy custom Python scripts targeting finance, insurance, and construction sectors.
June 10 Newsletter

4. Adobe Releases Patch Fixing 254 Vulnerabilities, Closing Security Gaps
Adobe addressed 254 security flaws across its product line, with the most severe vulnerabilities allowing arbitrary code execution and complete system control.
June 10 Newsletter

5. NHS Professionals Suffers Cyberattack Leading to Active Directory Data Theft
Attackers compromised NHS Professionals' network and stole Active Directory data containing thousands of healthcare workers' credentials, creating significant phishing risks.
June 12 Newsletter

6. Fog Ransomware Attack Uses Unusual Mix of Legitimate and Open-Source Tools
The Fog ransomware group employs legitimate system administration tools and open-source security software like PowerShell Empire to establish persistence and evade detection.
June 12 Newsletter

7. 295 Malicious IPs Launch Coordinated Brute-Force Attack on Tomcat Manager
GreyNoise observed a coordinated brute-force attack from 295 malicious IPs targeting Apache Tomcat Manager interfaces, primarily for cryptocurrency mining and data theft.
June 10 Newsletter

8. Technique Captures Ultrasonic Communication in Air-Gapped Environments
Researchers revealed "UltraLeap," a new attack using smartwatches to capture ultrasonic signals from compromised air-gapped computers, potentially bypassing physical isolation.
June 12 Newsletter

9. INTERPOL Dismantles 20,000+ Malicious IPs Linked to 69 Malware Variants
INTERPOL dismantled over 20,000 malicious IP addresses linked to 69 information-stealing malware variants, resulting in 32 arrests including a suspected ringleader.
June 10 Newsletter

10. More_eggs Malware Evolution Demonstrates Advanced Evasion Techniques
The More_eggs malware uses modular, memory-only execution and "living off the land" techniques, leveraging legitimate Windows processes to blend with normal operations.
June 10 Newsletter

Biggest Threat This Week

EchoLeak AI Attack Enables Data Theft via Microsoft 365 Copilot

Microsoft patched CVE-2025-32711, dubbed "EchoLeak," a vulnerability that could have been exploited to extract sensitive information from Copilot conversations without any user interaction. The flaw allowed attackers to craft specially designed prompts that could trick the AI into revealing confidential data from previous conversations, including credentials, business strategies, and intellectual property. This zero-click attack highlights the emerging security challenges in AI-assisted productivity tools that have access to vast amounts of organizational data.

Learn more on EchoLeak

Training Recommendation

AI Security Awareness: Prompt Injection and Data Protection Training

With AI vulnerabilities like EchoLeak demonstrating the risks of AI-assisted tools, organizations need comprehensive training on AI security best practices. Focus areas should include recognizing AI prompt injection attempts, understanding the risks of sharing sensitive information with AI tools, and implementing proper data boundaries for AI systems. Additionally, with the rise of legitimate tool abuse demonstrated by ransomware groups, security teams need training on detecting malicious use of administrative tools and understanding how attackers blend malicious activities with normal system operations.

Find out more at Cyber101.com

Wrapping Up:

This week's cybersecurity news highlights the diverse and evolving threats organizations face. From AI vulnerabilities that can leak sensitive conversations to GPS devices that can strand you on the highway, it's clear that our digital dependencies come with increasingly sophisticated risks. The weaponization of legitimate tools like Microsoft Teams and PowerShell Empire shows that attackers are getting smarter about blending in with normal business operations, while novel techniques like ultrasonic smartwatch attacks remind us that even our most secure environments aren't immune to creative threat actors.

(P.S. Supporting our partners helps keep this newsletter running!)

Start learning AI in 2025

Keeping up with AI is hard – we get it!

That’s why over 1M professionals read Superhuman AI to stay ahead.

  • Get daily AI news, tools, and tutorials

  • Learn new AI skills you can use at work in 3 mins a day

  • Become 10X more productive