- Mycomputerspot Security Newsletter
- Posts
- Weekly One-Shot: June 22 - June 28, 2025
Weekly One-Shot: June 22 - June 28, 2025
This week's threats and trends.
Before we dive in, I would like to thank all of you for supporting us with your subscription! My goal is to bring both actionable insights and easy-to-digest information regarding cybersecurity threats to non-tech and technical professionals alike. If this sounds like something that would help someone you know, please share the newsletter!
Discover the many benefits of global hiring
Global hiring and remote work are rising. Deel’s here to help. With our Business Case for Global Hiring Guide, we’ll guide you through everything.
Learn more about:
Benefits of global hiring
Global hiring methods
Costs of global hiring
Solutions to global hiring challenges
Isn't it time you dive into a world of global hiring capabilities? Explore the ins and outs of global hiring with our free, ready-to-use guide.

This week's cybersecurity landscape felt like watching a master class in "How to Break Everything Important." We've got Chinese hackers building router botnets like they're collecting Pokémon cards, critical infrastructure vulnerabilities that make your session tokens about as secure as a screen door, and zero-day exploits dropping faster than my patience during vendor security assessments.
But hey, at least law enforcement finally arrested some BreachForums operators, proving that occasionally the good guys do win one. Of course, this happened right after threat actors caused nearly half a billion pounds in damage to UK retailers, because apparently the universe has a twisted sense of timing.
Patch immediately. Terminate sessions religiously… And maybe consider that your IT help desk needs better social engineering training than a used car salesman. Let's dive into this week's digital chaos.
This week in Cybersecurity
Chinese APT LapDogs Campaign Builds Massive Router Botnet for Espionage
China-linked APT built an operational network of over 1,000 backdoored SOHO routers for long-term espionage operations targeting multiple countries.
June 24 NewsletterSalt Typhoon APT Exploits Cisco Flaw in Telecom Attacks
Chinese state-sponsored hackers are exploiting a CVSS 10.0 Cisco vulnerability to compromise global telecommunications infrastructure for espionage.
June 26 NewsletterGoogle Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff
TaxOff threat actors exploited a browser sandbox escape vulnerability to deploy Trinper backdoor in Operation ForumTroll targeting Russian organizations.
June 24 NewsletterFreeType Zero-Day CVE-2025-27363 Exploited by Paragon Spyware
Israeli surveillance firm Paragon exploited a WhatsApp vulnerability to deploy Graphite spyware through the messaging platform.
June 24 NewsletterScattered Spider Causes £440M Damage to UK Retailers
The notorious cybercrime group caused massive financial damage to major UK retailers through sophisticated social engineering attacks targeting IT help desks.
June 26 NewsletterMcLaren Health Care Breach Affects 743,000 Patients
McLaren disclosed a major data breach affecting 743,000 patients following a ransomware attack by the INC gang, marking their second breach in two years.
June 26 NewsletterMicrosoft Exchange Servers Targeted in Keylogger Campaign
Long-running campaign since 2021 targeting 65 Exchange servers across 26 countries, injecting JavaScript keyloggers into Outlook login pages.
June 26 NewsletterFrench Police Arrest Major BreachForums Operators
Law enforcement successfully disrupted one of the world's largest cybercrime forums by arresting five key operators, including ShinyHunters and IntelBroker.
June 26 NewsletterZero-Day Vulnerabilities Surge in Critical Infrastructure
Multiple zero-day discoveries in enterprise software platforms are creating significant patch management challenges for organizations.
June 24 NewsletterSocial Engineering Attacks Target IT Help Desks
Sophisticated impersonation tactics by threat actors are specifically targeting IT personnel for initial access across multiple sectors.
June 26 Newsletter
Biggest Threat This Week
CitrixBleed 2.0 Vulnerability Allows Session Hijacking
A new critical vulnerability (CVE-2025-5777) in Citrix NetScaler ADC and Gateway devices is allowing unauthenticated attackers to hijack user sessions and bypass multi-factor authentication. Dubbed "CitrixBleed 2" due to its similarity to the devastating 2023 vulnerability, this flaw affects over 56,500 publicly exposed endpoints and allows attackers to access memory and steal session tokens, credentials, and sensitive data. The vulnerability affects NetScaler devices configured as gateways or AAA virtual servers in versions before 14.1-43.56 and 13.1-58.32. Mandiant's CTO warns that many organizations failed to terminate sessions after patching the original CitrixBleed, allowing continued exploitation even after patches were applied, leading to nation-state espionage and ransomware deployments. This vulnerability represents a critical threat to organizations relying on Citrix infrastructure for remote access and authentication.
Training Recommendation
Critical Infrastructure Vulnerability Management and Session Security
With the emergence of CitrixBleed 2.0 and multiple critical infrastructure vulnerabilities, organizations need comprehensive training on emergency patch management and proper session termination procedures. Focus areas should include understanding the criticality of session management beyond just patching, implementing proper session termination protocols, and developing rapid response procedures for critical infrastructure vulnerabilities. Additionally, with the rise of sophisticated social engineering attacks like those used by Scattered Spider, IT help desk staff need enhanced training on verification procedures and recognizing impersonation attempts. Organizations should also focus on zero-day response procedures and the importance of proper remediation steps that go beyond simple patching.
Train Now
Wrapping Up:
This week's cybersecurity landscape demonstrates the persistent and evolving nature of both nation-state and criminal cyber operations. From massive router botnets to critical infrastructure vulnerabilities, we're seeing threat actors become increasingly sophisticated in their targeting and persistence.
The arrest of BreachForums operators provides a rare bright spot, but the continued success of social engineering attacks and the emergence of new critical vulnerabilities like CitrixBleed 2.0 show that organizations must remain vigilant and proactive in their security posture.
The combination of zero-day exploits, critical infrastructure targeting, and large-scale data breaches underscores the need for comprehensive security strategies that address both technical vulnerabilities and human factors.
(P.S. Supporting our partners helps keep this newsletter running!)
Fact-based news without bias awaits. Make 1440 your choice today.
Overwhelmed by biased news? Cut through the clutter and get straight facts with your daily 1440 digest. From politics to sports, join millions who start their day informed.