Weekly One-Shot: June 15 - June 21, 2024

This week's threats and trends.

Author

J.W. Croley
June 22, 2025

In partnership with

Before we dive in, I would like to thank all of you for supporting us with your subscription! My goal is to bring both actionable insights and easy-to-digest information regarding cybersecurity threats to non-tech and technical professionals alike. If this sounds like something that would help someone you know, please share the newsletter!

Discover the many benefits of global hiring

Global hiring and remote work are rising. Deel’s here to help. With our Business Case for Global Hiring Guide, we’ll guide you through everything.

Learn more about:

  • Benefits of global hiring

  • Global hiring methods

  • Costs of global hiring

  • Solutions to global hiring challenges

Isn't it time you dive into a world of global hiring capabilities? Explore the ins and outs of global hiring with our free, ready-to-use guide.

This week's threat landscape felt like watching nation-state actors throw a house party while ransomware groups brought the wrecking ball. We've got Chinese hackers intercepting satellite communications, destructive malware that laughs at your backup strategy, and zero-day vulnerabilities dropping faster than my faith in patch Tuesday.

But hey, at least we discovered that combining ransomware with wiper functionality is the new black in cybercrime fashion. Because apparently, just stealing your data wasn't dramatic enough—now they want to make sure you can never get it back, even if you pay. It's like ordering a pizza and having them burn down your kitchen for good measure.

Patch aggressively. Trust sparingly. Then grab some coffee and let's dive into this week's digital apocalypse.

This week in Cybersecurity

  1. Anubis Ransomware Adds Wiper To Destroy Files Beyond Recovery
    The Anubis ransomware group evolved their malware to include destructive wiper functionality, making file recovery impossible even if victims pay the ransom.
    June 17 Newsletter

  1. Stealth Falcon APT Exploits Microsoft RCE Zero-Day 
    Nation-state adversaries are actively exploiting CVE-2025-33053, a critical remote code execution vulnerability in Microsoft's WebDAV component.
    June 17 Newsletter

  1. Critical SAP NetWeaver Vulnerability Under Active Exploitation
    CVE-2025-31324 allows unauthenticated remote code execution with a CVSS score of 9.8, potentially compromising entire SAP environments.
    June 17 Newsletter

  1. Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff 
    TaxOff threat actors exploited a use-after-free vulnerability in Chrome's V8 JavaScript engine to deploy TaxBackdoor malware targeting financial professionals.
    June 19 Newsletter

  1. Chain IQ, UBS Data Stolen in Ransomware Attack 
    Ransomware group claimed theft of over 7TB of sensitive data from procurement service provider Chain IQ, creating supply chain vulnerabilities affecting multiple financial institutions.
    June 19 Newsletter

  1. Microsoft June Windows Server Security Updates Cause DHCP Issues
    Microsoft's June 2025 security updates are causing DHCP service failures on Windows Server installations, potentially disrupting network connectivity.
    June 17 Newsletter

  1. Advanced Persistent Threat Groups Target Critical Infrastructure
    Multiple nation-state actors are increasingly targeting critical infrastructure sectors with sophisticated attack campaigns.
    June 17 Newsletter

  1. Zero-Day Vulnerabilities Surge in Enterprise Software
    Security researchers are discovering an increasing number of zero-day vulnerabilities in enterprise software platforms.
    June 17 Newsletter

  1. Ransomware Groups Evolve Tactics with Destructive Capabilities 
    Threat actors are integrating wiper functionality into ransomware operations, preventing recovery even after payment.
    June 17 Newsletter

  1. Financial Sector Under Coordinated Attack Campaign
    Multiple threat actors are conducting coordinated campaigns targeting financial institutions with various attack vectors.
    June 19 Newsletter

Biggest Threat This Week

Viasat Targeted in Cyberattack by Salt Typhoon APT Group

Chinese state-sponsored hackers compromised satellite communications provider Viasat in a sophisticated espionage campaign that exploited a previously unknown vulnerability in the company's network management systems. The attackers gained persistent access to satellite communications infrastructure that serves government agencies, military operations, and commercial enterprises worldwide. Intelligence agencies believe the primary objective was intercepting sensitive communications and gathering intelligence rather than causing service disruptions, though the full extent of the compromise is still being assessed. This attack highlights the critical vulnerability of satellite communications infrastructure and the sophisticated capabilities of nation-state actors targeting essential services.

Learn more on Salt Typhoon

Training Recommendation

Nation-State Threat Detection and Critical Infrastructure Protection

With sophisticated APT groups like Salt Typhoon targeting critical infrastructure, organizations need comprehensive training on nation-state threat detection and response. Focus areas should include understanding APT tactics, techniques, and procedures (TTPs), implementing advanced threat hunting capabilities, and developing incident response plans specifically for nation-state attacks. Additionally, with the rise of destructive ransomware variants like Anubis, security teams need training on detecting wiper malware, implementing air-gapped backup strategies, and understanding the evolving threat landscape where traditional recovery methods may be ineffective.

Wrapping Up:

This week's cybersecurity landscape demonstrates the escalating sophistication and destructiveness of modern cyber threats. From nation-state actors compromising critical satellite infrastructure to ransomware groups deploying wiper functionality that makes recovery impossible, we're witnessing a fundamental shift in the threat landscape. The combination of zero-day exploits, supply chain compromises, and attacks on critical infrastructure shows that threat actors are becoming more strategic and destructive in their approach. Organizations must adapt their security strategies to address these evolving threats with enhanced detection capabilities, robust backup strategies, and comprehensive incident response plans.

(P.S. Supporting our partners helps keep this newsletter running!)

Organizations that need security choose Proton Pass

Proton Pass Business helps teams securely share passwords, manage access, and simplify onboarding.

Trusted by 50,000+ businesses and featured in The Verge and TechCrunch, Pass was built by the teams behind Proton Mail’s and SimpleLogin for startups, nonprofits, and enterprises alike. Secure your accounts, no training required.