Cyber Security Headlines – June 27, 2025

Hosted by CISO Series

The latest episode of Cyber Security Headlines by CISO Series, released on June 27, 2025, delves into a range of pressing issues in the information security landscape. Hosted by Steve Prentice, the episode covers diverse topics from spearphishing campaigns and software vulnerabilities to high-profile cyberattacks and legal actions against cybercriminals. Below is a detailed summary of the key discussions and insights presented.

1. Iranian-Backed Spearphishing Campaign Targets Israel

Steve Prentice opens the episode discussing a sophisticated spearphishing campaign backed by Iranian actors targeting Israel-based journalists, cybersecurity experts, and academics.

Key Points:

• Tactics Used: The attackers send deceptive emails and WhatsApp messages posing as assistants to technology executives or researchers. These messages aim to lure victims into virtual meetings by claiming urgent assistance is needed for an AI-based threat detection system.
• Advanced Techniques: The phishing messages exhibit a high level of sophistication, likely crafted using generative AI, characterized by their structured layout and lack of grammatical errors.
• Attribution: Security firm Check Point attributes this campaign to groups affiliated with APT35, a well-known threat actor linked to Iranian state interests.

Notable Quote:

“They appear also to be crafted through Generative AI due to their structured layout and the absence of any grammatical errors.” — Steve Prentice [01:02]

2. Microsoft Addresses Critical Outlook Bug

The discussion shifts to a significant bug in Microsoft Outlook that has been causing the email client to crash, affecting users across all Microsoft 365 Office channels.

Key Points:

• Nature of the Bug: Users experience crashes when opening emails or starting new messages. The issue stems from Outlook's inability to open the forms library, particularly affecting virtual desktop infrastructures.
• Resolution Timeline: Microsoft has released updates to fix the problem, with patches for Outlook 2016 and Outlook 2019 scheduled for July 1st and July 8th, respectively.
• Impact: The bug affects a broad user base, disrupting daily communications and workflow for organizations relying on Microsoft Outlook.

Notable Quote:

“The Microsoft Outlook team says the issue is that Outlook cannot open the forms library...” — Steve Prentice [01:27]

3. Cisco Releases Patches for Critical ISE Vulnerabilities

Cisco has announced urgent patches addressing two critical vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector.

Key Points:

• Severity: Both vulnerabilities carry a maximum severity score of 10 out of 10, highlighting the urgent need for remediation.
• Affected Areas: The vulnerabilities impact specific APIs within the ISE products. Importantly, the two flaws are independent, meaning that patches for one do not mitigate the other.
• Action Required: Organizations using Cisco ISE should promptly apply the released patches to secure their systems against potential exploits.

Notable Quote:

“Both have CVE numbers and both are rated the maximum severity score of 10 out of 10.” — Steve Prentice [02:10]

4. Glasgow City Council Suffers Cyberattack

Glasgow City Council has been hit by a cyberattack starting on June 19, disrupting various online services.

Key Points:

• Cause: The attack is believed to stem from a supply chain vulnerability involving a third-party contractor’s supplier.
• Affected Services: Online forms, calendars related to permits, official certificates, and other municipal services are currently unavailable.
• Data Security: As of now, the council has not confirmed any data exfiltration but is operating under the assumption that its financial systems remain uncompromised.

Notable Quote:

“The city council cannot yet confirm whether data was exfiltrated from its environment, but is operating on a precautionary basis...” — Steve Prentice [02:53]

5. Arrest of Hacker Known as ‘Intel Broker’

A significant legal development is the charging of British national Kai West, known online as Intel Broker, for extensive cybercriminal activities.

Key Points:

• Crimes Committed: West hacked into over 40 companies worldwide, stealing and selling sensitive data, which resulted in damages exceeding $25 million.
• Legal Proceedings: Arrested in France in February, West is awaiting extradition to the United States, where he faces up to 20 years in prison upon conviction.
• Nature of Data Stolen: The compromised information includes customer data, patient health records, Social Security numbers, and health plan details.

Notable Quote:

“A British national known online as Intel Broker... stealing and selling sensitive data and causing over $25 million in damages.” — Steve Prentice [03:50]

6. Judge Highlights Security Risks in PACER System

Federal Judge Michael Scudder has raised alarms about the persistent cyber threats faced by the PACER (Public Access to Court Electronic Records) system.

Key Points:

• Vulnerabilities: PACER allows electronic filing of court documents but is under constant attack from sophisticated hackers.
• Prevented Attacks: Approximately 200 million harmful cyber events were thwarted in fiscal 2024, safeguarding sensitive documents such as sealed indictments and arrest warrants.
• Call for Modernization: External experts and members of the House Judiciary Committee agree that PACER is outdated and highly vulnerable, necessitating a transition to a more secure and modern system.

Notable Quote:

“...about 200 million harmful cyber events were prevented from penetrating court local area networks in fiscal 2024.” — Steve Prentice [05:03]

7. Abuse of Microsoft 365 Direct Send Feature for Phishing

Researchers at Varonis have identified a phishing campaign exploiting Microsoft 365's Direct Send feature, targeting over 70 organizations primarily in the United States.

Key Points:

• Mechanism of Attack: The campaign utilizes PowerShell commands to send phishing emails that appear to originate from the victim organization's domain, bypassing traditional authentication measures.
• Intended Use vs. Exploitation: While Direct Send is designed for on-premises devices like printers and scanners to send legitimate emails, attackers misuse it for malicious purposes.
• Mitigation Strategy: Varonis recommends enabling the "Reject Direct Send" setting in the Exchange Admin Center, a feature Microsoft introduced in April 2025, to prevent unauthorized use.

Notable Quote:

“A phishing campaign that exploits this feature is targeting more than 70 organizations across all industries, with 95% of the victims based in the United States.” — Steve Prentice [05:58]

8. Guilty Plea from Kansas City Hacker Advertising Security Services

Nicholas Michael Kloster, a Kansas City resident, has pleaded guilty to multiple charges related to unauthorized computer access and data manipulation.

Key Points:

• Offenses: Kloster hacked into a gym’s system, altering his membership fee to $1 per month, and subsequently contacted the gym owner to offer his cybersecurity services. Additionally, he infiltrated a non-profit organization and used his employer’s credit card for unauthorized purchases, including a hacking thumb drive.
• Legal Consequences: Kloster faces up to five years in prison, a $250,000 fine, three years of supervised probation, and is required to pay restitution to his victims.

Notable Quote:

“He hacked into a gym where he modified his own membership fee to $1 a month and then emailed the gym's owner describing his hacking activities and offering his cybersecurity services.” — Steve Prentice [07:06]

Upcoming Events and Community Engagement

Steve Prentice also highlights upcoming live streams and encourages listeners to engage with the CISO Series community by sharing their thoughts and feedback via email at feedback@cisoseries.com.

Host’s Closing Remarks:

“I'm Steve Prentice reporting for the CISO series.” — Steve Prentice [08:14]

Stay Informed: For a deeper dive into each of these topics and more, visit cisoseries.com where full stories behind the headlines are available daily.

This summary encapsulates the critical discussions from the June 27, 2025, episode of Cyber Security Headlines. Stay tuned for more updates and expert insights in the evolving field of information security.