Cybersecurity News Summary

Podcast: Cyber Security Headlines
Host: CISO Series
Episode Title: Cybersecurity News: Brute Forcing Google Accounts, Guardian's Secure Messaging, UNFI Cyberattack
Release Date: June 10, 2025

1. Brute Forcing Google Accounts

Timestamp: [00:06]

In this segment, cybersecurity researcher known as BruteCat unveiled a significant vulnerability in Google's account recovery process. By exploiting an error, BruteCat was able to obtain the recovery phone numbers linked to Google Accounts. The flaw was identified when the account recovery page remained functional even with JavaScript disabled in the browser.

"BruteCat first noticed this when they found the account recovery page still worked even with JavaScript disabled in the browser." – B [00:06]

The researcher employed a method involving pairing two HTTP requests to verify if a recovery email or phone number was associated with a specific display name. To circumvent rate limiting and bot protection mechanisms, IPv6 address rotation was utilized alongside bypassing bot guard tokens. Depending on the region, the time required to target a specific number ranged from approximately 20 minutes in the US to a mere 5 seconds in Singapore.

Following the disclosure of this vulnerability, Google promptly deprecated the problematic username recovery form to mitigate potential abuses.

2. The Guardian Launches Secure Messaging Service

Timestamp: [03:20]

The UK-based publication, The Guardian, in collaboration with the University of Cambridge, has introduced a new secure messaging service aimed specifically at journalists. This service integrates encrypted messaging directly within The Guardian's mobile application.

"Secure messaging is designed to provide strong, plausible deniability by making every instance of the news organization's public mobile app behave the same way, whether it's used for secure communication or for normal news consumption." – B [03:45]

Historically, journalists have relied on platforms like Signal for end-to-end encrypted communications with their sources. The Guardian's initiative seeks to streamline this process by embedding secure messaging capabilities into their existing app infrastructure. The backend framework, Coverdrop, has been made open-source and is available on GitHub, encouraging other organizations to adopt similar secure communication practices.

3. United Natural Foods Cyberattack

Timestamp: [04:15]

United Natural Foods (UNFI), North America's leading publicly traded wholesale food distributor with 53 distribution centers, confirmed a cyberattack on June 5, 2025, as detailed in an 8K filing with the US SEC.

"The company proactively took some systems offline due to the attack, disrupting customer orders." – B [04:15]

The cyberattack led to the temporary shutdown of certain systems, resulting in disruptions to customer orders. Additionally, social media reports indicated that some worker shifts were canceled in response to the incident. As of the episode's release, no ransomware group had claimed responsibility, and UNFI had not disclosed specifics regarding data loss or the extent of system breaches.

4. Pathwiper Targets Ukrainian Critical Infrastructure

Timestamp: [04:50]

Researchers from Cisco Talos have identified a new wiper malware dubbed PathWiper, which is actively targeting critical infrastructure in Ukraine. This malware is associated with Russian Advanced Persistent Threats (APTs).

"PathWiper maps all attached storage using System APIs and overwrites file system components, including master boot records." – B [04:50]

PathWiper is deployed through an endpoint administration framework that executes a Visual Basic script file. Once operational, it systematically maps all connected storage devices and initiates threads for each volume to overwrite vital file system components. This method is reminiscent of the 2022 wiper linked to the Russian Sandworm group, known as Hermetic Wiper, though PathWiper exhibits more sophisticated targeting techniques.

5. Russian Companies Under Siege by Lockbit 3.0

Timestamp: [05:25]

Positive Technologies, a Russian cybersecurity firm, reported that Russian companies are increasingly falling victim to Dark Gaboon, a financially motivated group deploying Lockbit 3.0 ransomware.

"Unlike typical Lockbit affiliates, Dark Gaboon appears to operate entirely independently, using Russian language phishing emails with malicious attachments claiming to have legitimate financial documents." – B [05:25]

Dark Gaboon distinguishes itself from other Lockbit affiliates by operating autonomously. Their tactics involve sending phishing emails in Russian, which contain malicious attachments masquerading as legitimate financial documents. Although the group has been active since at least 2023, their use of open-source tools complicates attribution efforts.

6. FBI Leadership Update: Brett Leatherman Appointed

Timestamp: [06:00]

FBI Director Kash Patel announced the appointment of Brett Leatherman as the new assistant director and head of the FBI's cyber division. Leatherman brings over 22 years of experience to the role, having previously served as the section chief for cyber investigations and deputy assistant director.

"Leatherman has been the FBI's public face for communications on major cyber incidents going back to the Colonial Pipeline attack." – B [06:00]

This appointment marks a significant leadership continuity within the FBI's cybersecurity operations, especially notable amidst recent personal shakeups in government cybersecurity positions since January. Leatherman succeeds Brian Vordran, who departed to become Microsoft's deputy CISO.

7. NHS Struggles with Blood Supply Amid Cyberattack Aftermath

Timestamp: [06:35]

The UK's National Health Service (NHS) is facing challenges in maintaining blood supply levels following a ransomware attack on Synovus, a pathology services provider, last year. Despite the attack occurring in May, its repercussions continue to impact blood type matching and supply.

"Stocks have remained in a very fragile position ever since, especially for the universal donor O type recorded." – B [06:35]

The ransomware incident disrupted Synovus's ability to quickly match blood types, leading to increased reliance on O type blood. Given that the blood supply relies on a consistent donor base, the shortage poses significant risks to healthcare operations.

8. Cloudflare Develops OAuth 2.1 Library with Claude AI

Timestamp: [07:10]

Cloudflare has released an open-source OAuth 2.1 library, primarily developed using Anthropic's Claude Language Model (LLM). The company provided comprehensive documentation, including a full prompt history, to ensure the library's security and reliability.

"The capabilities of generative AI systems are impressive, but we need to be realistic about their constraints." – B [07:10]

Max Mitchell, a software developer, reviewed the development process and noted that while the LLM excelled in generating documentation and handling substantial code blocks with clear context, human intervention was still necessary for tasks like styling and housekeeping. Kenton Varda, Cloudflare's tech lead overseeing the project, acknowledged the impressive capabilities of generative AI while emphasizing the importance of human oversight to manage the systems' limitations.

Conclusion

The CISO Series' latest episode of Cyber Security Headlines delivered comprehensive coverage of significant cybersecurity incidents and developments from June 10, 2025. From vulnerabilities in major platforms like Google to the evolving tactics of ransomware groups, the episode underscores the dynamic and ever-present challenges in the cybersecurity landscape. Additionally, advancements in secure communications by reputable organizations like The Guardian and technological integrations using AI, as demonstrated by Cloudflare, highlight ongoing efforts to bolster security measures amidst increasing threats.

For more detailed stories and daily updates, listeners are encouraged to visit CISOseries.com.