Iranian-backed spearphishing campaign, Microsoft Outlook fix, Glasgow suffers cyberattack - Cybersecurity Headlines

Summary6 min read

Cyber Security Headlines – June 27, 2025

Hosted by CISO Series

The latest episode of Cyber Security Headlines by CISO Series, released on June 27, 2025, delves into a range of pressing issues in the information security landscape. Hosted by Steve Prentice, the episode covers diverse topics from spearphishing campaigns and software vulnerabilities to high-profile cyberattacks and legal actions against cybercriminals. Below is a detailed summary of the key discussions and insights presented.

1. Iranian-Backed Spearphishing Campaign Targets Israel

Steve Prentice opens the episode discussing a sophisticated spearphishing campaign backed by Iranian actors targeting Israel-based journalists, cybersecurity experts, and academics.

Key Points:

Tactics Used: The attackers send deceptive emails and WhatsApp messages posing as assistants to technology executives or researchers. These messages aim to lure victims into virtual meetings by claiming urgent assistance is needed for an AI-based threat detection system.
Advanced Techniques: The phishing messages exhibit a high level of sophistication, likely crafted using generative AI, characterized by their structured layout and lack of grammatical errors.
Attribution: Security firm Check Point attributes this campaign to groups affiliated with APT35, a well-known threat actor linked to Iranian state interests.

Notable Quote:

“They appear also to be crafted through Generative AI due to their structured layout and the absence of any grammatical errors.” — Steve Prentice [01:02]

2. Microsoft Addresses Critical Outlook Bug

The discussion shifts to a significant bug in Microsoft Outlook that has been causing the email client to crash, affecting users across all Microsoft 365 Office channels.

Key Points:

Nature of the Bug: Users experience crashes when opening emails or starting new messages. The issue stems from Outlook's inability to open the forms library, particularly affecting virtual desktop infrastructures.
Resolution Timeline: Microsoft has released updates to fix the problem, with patches for Outlook 2016 and Outlook 2019 scheduled for July 1st and July 8th, respectively.
Impact: The bug affects a broad user base, disrupting daily communications and workflow for organizations relying on Microsoft Outlook.

Notable Quote:

“The Microsoft Outlook team says the issue is that Outlook cannot open the forms library...” — Steve Prentice [01:27]

3. Cisco Releases Patches for Critical ISE Vulnerabilities

Cisco has announced urgent patches addressing two critical vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector.

Key Points:

Severity: Both vulnerabilities carry a maximum severity score of 10 out of 10, highlighting the urgent need for remediation.
Affected Areas: The vulnerabilities impact specific APIs within the ISE products. Importantly, the two flaws are independent, meaning that patches for one do not mitigate the other.
Action Required: Organizations using Cisco ISE should promptly apply the released patches to secure their systems against potential exploits.

Notable Quote:

“Both have CVE numbers and both are rated the maximum severity score of 10 out of 10.” — Steve Prentice [02:10]

4. Glasgow City Council Suffers Cyberattack

Glasgow City Council has been hit by a cyberattack starting on June 19, disrupting various online services.

Key Points:

Cause: The attack is believed to stem from a supply chain vulnerability involving a third-party contractor’s supplier.
Affected Services: Online forms, calendars related to permits, official certificates, and other municipal services are currently unavailable.
Data Security: As of now, the council has not confirmed any data exfiltration but is operating under the assumption that its financial systems remain uncompromised.

Notable Quote:

“The city council cannot yet confirm whether data was exfiltrated from its environment, but is operating on a precautionary basis...” — Steve Prentice [02:53]

5. Arrest of Hacker Known as ‘Intel Broker’

A significant legal development is the charging of British national Kai West, known online as Intel Broker, for extensive cybercriminal activities.

Key Points:

Crimes Committed: West hacked into over 40 companies worldwide, stealing and selling sensitive data, which resulted in damages exceeding $25 million.
Legal Proceedings: Arrested in France in February, West is awaiting extradition to the United States, where he faces up to 20 years in prison upon conviction.
Nature of Data Stolen: The compromised information includes customer data, patient health records, Social Security numbers, and health plan details.

Notable Quote:

“A British national known online as Intel Broker... stealing and selling sensitive data and causing over $25 million in damages.” — Steve Prentice [03:50]

6. Judge Highlights Security Risks in PACER System

Federal Judge Michael Scudder has raised alarms about the persistent cyber threats faced by the PACER (Public Access to Court Electronic Records) system.

Key Points:

Vulnerabilities: PACER allows electronic filing of court documents but is under constant attack from sophisticated hackers.
Prevented Attacks: Approximately 200 million harmful cyber events were thwarted in fiscal 2024, safeguarding sensitive documents such as sealed indictments and arrest warrants.
Call for Modernization: External experts and members of the House Judiciary Committee agree that PACER is outdated and highly vulnerable, necessitating a transition to a more secure and modern system.

Notable Quote:

“...about 200 million harmful cyber events were prevented from penetrating court local area networks in fiscal 2024.” — Steve Prentice [05:03]

7. Abuse of Microsoft 365 Direct Send Feature for Phishing

Researchers at Varonis have identified a phishing campaign exploiting Microsoft 365's Direct Send feature, targeting over 70 organizations primarily in the United States.

Key Points:

Mechanism of Attack: The campaign utilizes PowerShell commands to send phishing emails that appear to originate from the victim organization's domain, bypassing traditional authentication measures.
Intended Use vs. Exploitation: While Direct Send is designed for on-premises devices like printers and scanners to send legitimate emails, attackers misuse it for malicious purposes.
Mitigation Strategy: Varonis recommends enabling the "Reject Direct Send" setting in the Exchange Admin Center, a feature Microsoft introduced in April 2025, to prevent unauthorized use.

Notable Quote:

“A phishing campaign that exploits this feature is targeting more than 70 organizations across all industries, with 95% of the victims based in the United States.” — Steve Prentice [05:58]

8. Guilty Plea from Kansas City Hacker Advertising Security Services

Nicholas Michael Kloster, a Kansas City resident, has pleaded guilty to multiple charges related to unauthorized computer access and data manipulation.

Key Points:

Offenses: Kloster hacked into a gym’s system, altering his membership fee to $1 per month, and subsequently contacted the gym owner to offer his cybersecurity services. Additionally, he infiltrated a non-profit organization and used his employer’s credit card for unauthorized purchases, including a hacking thumb drive.
Legal Consequences: Kloster faces up to five years in prison, a $250,000 fine, three years of supervised probation, and is required to pay restitution to his victims.

Notable Quote:

“He hacked into a gym where he modified his own membership fee to $1 a month and then emailed the gym's owner describing his hacking activities and offering his cybersecurity services.” — Steve Prentice [07:06]

Upcoming Events and Community Engagement

Steve Prentice also highlights upcoming live streams and encourages listeners to engage with the CISO Series community by sharing their thoughts and feedback via email at feedback@cisoseries.com.

Host’s Closing Remarks:

“I'm Steve Prentice reporting for the CISO series.” — Steve Prentice [08:14]

Stay Informed: For a deeper dive into each of these topics and more, visit cisoseries.com where full stories behind the headlines are available daily.

This summary encapsulates the critical discussions from the June 27, 2025, episode of Cyber Security Headlines. Stay tuned for more updates and expert insights in the evolving field of information security.

Loading summary

Transcript77 lines

[00:00]
CISO Series
From the CISO series. It's Cybersecurity Headlines.
[00:07]
Steve Prentice
These are the cybersecurity.
[00:09]
Unknown Host
Headlines for Friday, June 27, 2025.
[00:15]
Steve Prentice
I'm Steve Prentice. Iranian backed spearfishing campaign seeks out cybersecurity.
[00:22]
Unknown Host
Experts in the ongoing situation with regards.
[00:26]
Steve Prentice
To Israel and Iran. A new spear phishing campaign has been.
[00:29]
Unknown Host
Targeting Israel based journalists, cybersecurity exper experts and academics using a technique that has.
[00:35]
Steve Prentice
Been seen many times before. The group is sending emails and WhatsApp messages from people posing as assistants to.
[00:41]
Unknown Host
Technology executives or researchers seeking to quote.
[00:44]
Steve Prentice
Coax the victim into joining a meeting, claiming they need their immediate assistance on.
[00:49]
Unknown Host
An AI based threat detection system to counter a surge in cyber attacks targeting Israel since June 12.
[00:56]
Steve Prentice
The messages point to faked Gmail login.
[00:59]
Unknown Host
Pages or Google Meet invitations. They appear also to be crafted through.
[01:03]
Steve Prentice
Generative AI due to their structured layout and the absence of any grammatical errors. Security company Check Point attributes this action to groups affiliated to APT35.
[01:16]
Unknown Host
Microsoft fixes Outlook bug causing crashes when opening emails this fix addresses a known issue that causes the classic Outlook email.
[01:25]
Steve Prentice
Client to crash when opening emails or.
[01:27]
Unknown Host
Starting a new message, according to Bleeping Computer. The bug impacts users across all Microsoft.
[01:33]
Steve Prentice
365 Office channels who updated Outlook for.
[01:36]
Unknown Host
Microsoft 365 earlier this month. The cause of the problem, the Microsoft Outlook team says, is that Outlook cannot.
[01:44]
Steve Prentice
Open the forms library and that the emerging cases for this issue are on virtual desktop infrastructure. The bug has now been addressed across multiple channels and non security Updates for.
[01:56]
Unknown Host
Outlook 2016 and Outlook 2019 will be released on July 1st and July 8th 8th respectively. Cisco's ISE Vulnerability Warning the company announced.
[02:08]
Steve Prentice
Patches for two critical severity vulnerabilities on.
[02:11]
Unknown Host
Wednesday, one in the Identity Services engine.
[02:14]
Steve Prentice
ISE and the other in the Cisco.
[02:16]
Unknown Host
ISE Passive Identity Connector.
[02:19]
Steve Prentice
Both have CVE numbers and both are rated the maximum severity score of 10 out of 10. They impact specific APIs within the affected products. These bugs are not related or dependent on one another and Cisco says software.
[02:33]
Unknown Host
Versions affected by one flaw may not.
[02:35]
Steve Prentice
Be impacted by the other.
[02:38]
Unknown Host
Glasgow City Council suffers cyber attack this attack started on June 19 and is.
[02:44]
Steve Prentice
Being attributed to a supply chain issue involving a third party contractor's supplier. Services that have been rendered unavailable for the time being include online forms and.
[02:54]
Unknown Host
Calendars related to certain things such as.
[02:56]
Steve Prentice
Permits, official certificates and many more of the same. The city council cannot yet confirm whether data was exfiltrated from its environment, but.
[03:05]
Unknown Host
Is operating on a precautionary basis as though it has no financial systems were.
[03:10]
Steve Prentice
Compromised, the Council added.
[03:15]
Unknown Host
Huge thanks to our sponsor, ThreatLocker.
[03:18]
Steve Prentice
ThreatLocker is a global leader in zero trust endpoint security, offering cybersecurity controls to protect businesses from zero day attacks and ransomware. ThreatLocker operates with a default deny approach.
[03:31]
Unknown Host
To reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and to start your.
[03:38]
Steve Prentice
Free trial, visit threatlocker.com CISO that is.
[03:42]
Unknown Host
T H R E A T L O C K-E-R.com CISO.
[03:51]
Steve Prentice
Arrested hacker going by the name Intel Broker now charged.
[03:56]
Unknown Host
Following up on two stories we covered.
[03:57]
Steve Prentice
Last year, the US Justice Department has now charged a British national known online as Intel Broker as one word, with hacking dozens of companies around the world stealing and selling sensitive data and causing over $25 million in damages.
[04:14]
Unknown Host
The 25 year old, whose real name.
[04:16]
Steve Prentice
Is Kai west, was arrested in France in February and is currently awaiting extradition to the US where he could face up to 20 years in prison if convicted. According to his indictment, west infiltrated more than 40 companies allegedly selling sensitive information.
[04:33]
Unknown Host
Such as customer data, patient health records.
[04:36]
Steve Prentice
Social Security numbers and health plan details. Judge warns of constant attacks on PACER.
[04:44]
Unknown Host
System the public access to court electronic records platform allows judges and lawyers to.
[04:52]
Steve Prentice
File court documents electronically. However, modernization is desperately needed to fend.
[04:57]
Unknown Host
Off constant attacks from increasingly sophisticated hackers. Federal Judge Michael Scudder told members of.
[05:03]
Steve Prentice
The House Judiciary committee that about 200 million harmful cyber events were prevented from penetrating court local area Networks in fiscal 2024. Documents at risk include sealed indictments, names of cooperating witnesses and arrest and search warrants. He added that external experts and members of his committee have concluded that PACER is unsustainable due to cyber risks and must be replaced with a more modern system in the coming years due to its increasing vulnerability to hacks. Microsoft 365 direct send abused to send.
[05:42]
Unknown Host
Phishing emails Direct Send is a little.
[05:45]
Steve Prentice
Known Microsoft 365 feature that allows on.
[05:49]
Unknown Host
Premises devices, applications or cloud services to.
[05:52]
Steve Prentice
Send emails through a tenant tenant's smart host as if they originated from the organization's domain.
[05:58]
Unknown Host
It is intended for use by printers.
[06:00]
Steve Prentice
Scanners and other devices that need to send messages on behalf of the company. It also does not require any authentication. Researchers at Varonis have announced that a phishing campaign that exploits this feature is targeting more than 70 organizations across all industries, with 95% of the victims based in the United States. The phishing campaign is run through a PowerShell command. To mitigate this threat, Varonis recommends enabling.
[06:27]
Unknown Host
The Reject Direct send setting in the Exchange Admin center, which Microsoft introduced in April of this year.
[06:36]
Steve Prentice
Man who hacked organizations to advertise Security.
[06:39]
Unknown Host
Services pleads guilty Kansas City resident Nicholas.
[06:43]
Steve Prentice
Michael Kloster has pleaded guilty to charges.
[06:46]
Unknown Host
Of accessing a protected computer and obtaining.
[06:49]
Steve Prentice
Information, as well as reckless damage to a protected computer during unauthorized access. Specifically, he hacked into a gym where he modified his own membership fee to $1 a month and then emailed the gym's owner describing his hacking activities and offering his cybersecurity services.
[07:06]
Unknown Host
He also hacked into a non profit.
[07:08]
Steve Prentice
Organization and used his own employer's credit.
[07:11]
Unknown Host
Card to make unauthorized purchases, including a.
[07:15]
Steve Prentice
Thumb drive designed for hacking.
[07:18]
Unknown Host
Gloucester is now facing up to five.
[07:19]
Steve Prentice
Years in prison and a $250,000 fine, three years of superv along with paying restitution to the victims. As usual, we've got a busy Friday of live streams today. It starts at 1pm with Super Cyber.
[07:34]
Unknown Host
Friday, where the topic will be hacking.
[07:36]
Steve Prentice
The internal politics of cybersecurity. An hour of critical thinking about why being right doesn't mean you'll win. Then at 3:30pm Eastern, we have our Week in Review show. Bill Harmer, operating partner and CISO at Kraft Ventures, will be our guest, providing his expert commentary on the news of the week. To join us for both, just head.
[07:58]
Unknown Host
On over to the events page@cisoseries.com and.
[08:03]
Steve Prentice
If you have some thoughts on the.
[08:04]
Unknown Host
News from today or about this show.
[08:06]
Steve Prentice
In general, please be sure to reach.
[08:08]
Unknown Host
Out to us@feedbackisoseries.com we would love to hear from you.
[08:15]
Steve Prentice
I'm Steve Prentice reporting for the CISO series.
[08:22]
CISO Series
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.

Cyber Security Headlines – June 27, 2025

Hosted by CISO Series

1. Iranian-Backed Spearphishing Campaign Targets Israel

Steve Prentice opens the episode discussing a sophisticated spearphishing campaign backed by Iranian actors targeting Israel-based journalists, cybersecurity experts, and academics.

Key Points:

Tactics Used: The attackers send deceptive emails and WhatsApp messages posing as assistants to technology executives or researchers. These messages aim to lure victims into virtual meetings by claiming urgent assistance is needed for an AI-based threat detection system.
Advanced Techniques: The phishing messages exhibit a high level of sophistication, likely crafted using generative AI, characterized by their structured layout and lack of grammatical errors.
Attribution: Security firm Check Point attributes this campaign to groups affiliated with APT35, a well-known threat actor linked to Iranian state interests.

Notable Quote:

“They appear also to be crafted through Generative AI due to their structured layout and the absence of any grammatical errors.” — Steve Prentice [01:02]

2. Microsoft Addresses Critical Outlook Bug

The discussion shifts to a significant bug in Microsoft Outlook that has been causing the email client to crash, affecting users across all Microsoft 365 Office channels.

Key Points:

Nature of the Bug: Users experience crashes when opening emails or starting new messages. The issue stems from Outlook's inability to open the forms library, particularly affecting virtual desktop infrastructures.
Resolution Timeline: Microsoft has released updates to fix the problem, with patches for Outlook 2016 and Outlook 2019 scheduled for July 1st and July 8th, respectively.
Impact: The bug affects a broad user base, disrupting daily communications and workflow for organizations relying on Microsoft Outlook.

Notable Quote:

“The Microsoft Outlook team says the issue is that Outlook cannot open the forms library...” — Steve Prentice [01:27]

3. Cisco Releases Patches for Critical ISE Vulnerabilities

Cisco has announced urgent patches addressing two critical vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector.

Key Points:

Severity: Both vulnerabilities carry a maximum severity score of 10 out of 10, highlighting the urgent need for remediation.
Affected Areas: The vulnerabilities impact specific APIs within the ISE products. Importantly, the two flaws are independent, meaning that patches for one do not mitigate the other.
Action Required: Organizations using Cisco ISE should promptly apply the released patches to secure their systems against potential exploits.

Notable Quote:

“Both have CVE numbers and both are rated the maximum severity score of 10 out of 10.” — Steve Prentice [02:10]

4. Glasgow City Council Suffers Cyberattack

Glasgow City Council has been hit by a cyberattack starting on June 19, disrupting various online services.

Key Points:

Cause: The attack is believed to stem from a supply chain vulnerability involving a third-party contractor’s supplier.
Affected Services: Online forms, calendars related to permits, official certificates, and other municipal services are currently unavailable.
Data Security: As of now, the council has not confirmed any data exfiltration but is operating under the assumption that its financial systems remain uncompromised.

Notable Quote:

“The city council cannot yet confirm whether data was exfiltrated from its environment, but is operating on a precautionary basis...” — Steve Prentice [02:53]

5. Arrest of Hacker Known as ‘Intel Broker’

A significant legal development is the charging of British national Kai West, known online as Intel Broker, for extensive cybercriminal activities.

Key Points:

Crimes Committed: West hacked into over 40 companies worldwide, stealing and selling sensitive data, which resulted in damages exceeding $25 million.
Legal Proceedings: Arrested in France in February, West is awaiting extradition to the United States, where he faces up to 20 years in prison upon conviction.
Nature of Data Stolen: The compromised information includes customer data, patient health records, Social Security numbers, and health plan details.

Notable Quote:

“A British national known online as Intel Broker... stealing and selling sensitive data and causing over $25 million in damages.” — Steve Prentice [03:50]

6. Judge Highlights Security Risks in PACER System

Federal Judge Michael Scudder has raised alarms about the persistent cyber threats faced by the PACER (Public Access to Court Electronic Records) system.

Key Points:

Vulnerabilities: PACER allows electronic filing of court documents but is under constant attack from sophisticated hackers.
Prevented Attacks: Approximately 200 million harmful cyber events were thwarted in fiscal 2024, safeguarding sensitive documents such as sealed indictments and arrest warrants.
Call for Modernization: External experts and members of the House Judiciary Committee agree that PACER is outdated and highly vulnerable, necessitating a transition to a more secure and modern system.

Notable Quote:

“...about 200 million harmful cyber events were prevented from penetrating court local area networks in fiscal 2024.” — Steve Prentice [05:03]

7. Abuse of Microsoft 365 Direct Send Feature for Phishing

Researchers at Varonis have identified a phishing campaign exploiting Microsoft 365's Direct Send feature, targeting over 70 organizations primarily in the United States.

Key Points:

Mechanism of Attack: The campaign utilizes PowerShell commands to send phishing emails that appear to originate from the victim organization's domain, bypassing traditional authentication measures.
Intended Use vs. Exploitation: While Direct Send is designed for on-premises devices like printers and scanners to send legitimate emails, attackers misuse it for malicious purposes.
Mitigation Strategy: Varonis recommends enabling the "Reject Direct Send" setting in the Exchange Admin Center, a feature Microsoft introduced in April 2025, to prevent unauthorized use.

Notable Quote:

“A phishing campaign that exploits this feature is targeting more than 70 organizations across all industries, with 95% of the victims based in the United States.” — Steve Prentice [05:58]

8. Guilty Plea from Kansas City Hacker Advertising Security Services

Nicholas Michael Kloster, a Kansas City resident, has pleaded guilty to multiple charges related to unauthorized computer access and data manipulation.

Key Points:

Offenses: Kloster hacked into a gym’s system, altering his membership fee to $1 per month, and subsequently contacted the gym owner to offer his cybersecurity services. Additionally, he infiltrated a non-profit organization and used his employer’s credit card for unauthorized purchases, including a hacking thumb drive.
Legal Consequences: Kloster faces up to five years in prison, a $250,000 fine, three years of supervised probation, and is required to pay restitution to his victims.

Notable Quote:

“He hacked into a gym where he modified his own membership fee to $1 a month and then emailed the gym's owner describing his hacking activities and offering his cybersecurity services.” — Steve Prentice [07:06]

Upcoming Events and Community Engagement

Steve Prentice also highlights upcoming live streams and encourages listeners to engage with the CISO Series community by sharing their thoughts and feedback via email at feedback@cisoseries.com.

Host’s Closing Remarks:

“I'm Steve Prentice reporting for the CISO series.” — Steve Prentice [08:14]

Stay Informed: For a deeper dive into each of these topics and more, visit cisoseries.com where full stories behind the headlines are available daily.