CyberWire Daily Summary: "Jedai Tricks, Human Risks"
Release Date: June 10, 2025
Host: N2K Networks

1. Key Cybersecurity Developments

The latest episode of CyberWire Daily, titled "Jedai Tricks, Human Risks," delves into several critical cybersecurity incidents and trends shaping the landscape as of June 2025.

• Unsecured Chrome Database Exposes Canva Creators' Information
  A significant data breach compromised the personal details of 571 Canva creators due to an unsecured Chrome database managed by the Russian AI firm, My Jedi. This database, utilized for training AI chatbots, included sensitive survey responses encompassing professional and financial data. UpGuard uncovered the breach, highlighting the vulnerabilities within the rapidly expanding AI supply chain. The incident underscores the risks posed by the swift deployment of AI tools like Chroma without robust security measures. My Jedi responded by securing the data within 24 hours of notification, marking the first known leak related to Chroma and emphasizing the urgent need for mature security practices in AI development.

• Google's Authentication Flaw Exploited by White Hat Hacker Brutecat
  A white hat hacker, known as Brutecat, identified a flaw in Google's authentication process that exposed users' phone numbers to brute force attacks. The exploit required only an email address and leveraged Google's account recovery hints to deduce phone numbers, facilitating potential SIM swapping attacks. Brutecat circumvented Google's protections by utilizing cloud services and Google Looker Studio, exploiting a non-JavaScript recovery form, and leveraging IPv6 to bypass IP-based rate limits through automation. Google promptly patched the issue and awarded a $5,000 bounty, though the incident highlights the necessity for enhanced safeguards in account recovery workflows and the risks associated with legacy systems.

• Salesforce Industry Cloud Faces Multiple Vulnerabilities
  AppOmni researchers unearthed five zero-day vulnerabilities and 15 serious misconfigurations within Salesforce Industry Cloud, potentially affecting tens of thousands of organizations. Tailored for sectors like healthcare, finance, and government, the platform's low-code tools can lead to risky default settings. While Salesforce addressed three of the five flaws directly, the remaining issues require customer intervention. Common misconfigurations by non-technical users pose significant risks, including exposure of sensitive health and financial data, raising concerns about the security of low-code enterprise platforms prioritizing speed and simplicity.

• Librarian Ghouls APT Group Targets Russian Organizations
  The Librarian Ghouls Apt group, also known as Rare Werewolf or Rezit, has been actively targeting Russian and CIS organizations through a sophisticated malware campaign extending into May 2025. Utilizing legitimate third-party software, PowerShell scripts, and phishing emails, the group deploys password-protected archives containing fake business documents to initiate multi-stage attacks. Once infected, systems are exploited for credential theft, data exfiltration, and cryptocurrency mining. The campaign, which employs scheduled tasks, AnyDesk for remote access, and disables security tools, has impacted hundreds of institutions, including industrial and educational entities, highlighting the group's adept use of social engineering and technical execution.

• SAP Issues Critical Security Patches
  On June 2025 Security Patch Day, SAP released 14 security patches, including a critical fix for a NetWeaver bug rated 9.6 on the CVE scale. The flaw allows privilege escalation via a missing authorization check in the RFC framework, posing severe risks to application integrity and availability, as warned by Onapsis. Immediate patching is strongly recommended despite no active exploitation reports. SAP also addressed five high-severity and multiple medium and low-severity flaws across various components.

• Sensata Technologies Suffers Ransomware Attack
  Sensata Technologies confirmed a ransomware attack in April 2025 that resulted in the theft of sensitive personal data. The attackers accessed information from March 28 to April 6, exfiltrating files containing names, Social Security numbers, financial, and health data, likely belonging to employees and affecting at least 362 Maine residents. Although the company hasn’t appeared on known ransomware leak sites, it's unclear if a ransom was paid. The breach disrupted operations and raised concerns about the security of personal data within global electrical component suppliers.

• SentinelOne Warns of China-Linked Cyber Espionage
  SentinelOne has alerted the cybersecurity community to targeted cyber espionage attempts by China-linked threat actors APT15 and APT41. The first campaign, Purple Haze, involved reconnaissance on SentinelOne servers and attacks using Avanti Zero Day Flaws and the Gore Shell backdoor. A subsequent operation tied to APT41 aimed to infiltrate a SentinelOne supplier via Shadowpad malware in a suspected supply chain attack. These incidents highlight a trend of cybersecurity vendors becoming direct targets, with SentinelOne emphasizing the importance of vigilance against stealthy, long-term intrusions focused on high-value infrastructure.

• Skitne Toolkit Gains Traction Among Ransomware Gangs
  Skitne, also known as Boss Net, has rapidly become a preferred tool among ransomware groups, including Black Basta and Cactus, in 2025. Marketed as a user-friendly post-exploitation toolkit, Skitne fills a gap left by the takedown of major botnets like Quackbot. Distributed via underground forums such as Ramp, Skitne's Malware-as-a-Service (MaaS) model enables even low-skilled actors to launch advanced attacks. The toolkit employs a Rust loader and Chacha20 encrypted NIM payload to establish stealthy DNS-based reverse shells, using persistence techniques like DLL hijacking and startup shortcuts. Its anti-forensic measures and living-off-the-land tactics make detection and attribution challenging, underscoring the industrialization of cybercrime and the urgent need for proactive defense strategies.

• UK's NHS Appeals for Blood Donors Amid Cybersecurity Challenges
  The UK's National Health Service (NHS) has issued an urgent appeal for 1 million blood donors due to critically low national blood supplies, particularly for O negative blood. This shortage follows a 2023 ransomware attack on pathology provider Synovus, which disrupted services and forced hospitals to rely heavily on O-type blood, thereby straining the supply chain. The NHS is specifically seeking O negative donors and those of Black heritage, essential for treating conditions like sickle cell disease. The Synovus breach impacted over 900,000 patients, exposing sensitive medical data, including cancer and STI records. Despite legal obligations to notify those affected, many remain uninformed. The NHS warns that without immediate donor support, the system risks entering a red alert state, jeopardizing patient care and public safety.

2. In-Depth Interview: Protecting Digital Privacy with Arjun Bhatnagar, CEO of Cloaked

A prominent segment of this episode features David Moulton, host of the Threat Vector podcast, engaging in a comprehensive discussion with Arjun Bhatnagar, CEO and co-founder of Cloaked, about the escalating urgency of digital privacy in today's interconnected world.

Arjun Bhatnagar's Journey to Privacy Advocacy

Arjun shares his personal journey, detailing how his passion for privacy was ignited during the COVID-19 pandemic. In 2020, driven by curiosity about his own data, he embarked on a project to create an AI data box to monitor and analyze his health and personal information. This involved integrating various data sources, including Google Calendar, Facebook, iMessage, and health and financial data, into a centralized system. The AI began providing insights and recommendations, such as reminding him about missed workouts or suggesting lifestyle changes. A pivotal moment occurred when the AI autonomously engaged in a conversation with his then-girlfriend, revealing how interconnected and accessible his personal data had become without his explicit control. This realization propelled Arjun to found Cloaked, focusing on enhancing data ownership and privacy in the age of AI.

"I realized that I didn't own any of my own data and that we're headed into an AI future. It's going to be important to figure out what data ownership and privacy mean."
— Arjun Bhatnagar [16:21]

Demonstration of Cloaked's Capabilities

A highlight of the interview was Arjun's demonstration at South by Southwest (SXSW) in Austin, where he showcased Cloaked's tools by allowing the audience to call a phone number linked to their personal data. Attendees were astonished to hear their names, partial Social Security numbers, and other personal details revealed through a simple phone call, underscoring the vast amount of data accessible from seemingly innocuous information like a phone number.

"It's such a powerful tool because it's visceral. You feel it right then and there."
— Arjun Bhatnagar [24:58]

Password Management and Best Practices

The conversation then shifted to the topic of password security. Arjun emphasized the importance of using unique, strong passwords for different accounts and advocated for the adoption of password managers to alleviate the burden of managing multiple credentials. He criticized the conventional advice of complex passwords laden with symbols and instead promoted the use of longer passphrases that are both memorable and secure.

"A long password is actually much safer than a short one with a bunch of random symbols in it."
— Arjun Bhatnagar [19:07]

Arjun also highlighted the dangers of password reuse, explaining how compromising a single weak account can provide access to more critical services like banking or email, facilitating a cascade of security breaches.

"Password reuse is a big problem because I'm just going to find the weakest website that has not the best security, find that compromise, and use that to work my way to your Gmail or use your bank account."
— Arjun Bhatnagar [19:07]

Urgency of Data Privacy in the AI Era

Arjun stressed that as AI technologies advance and integrate deeper into daily life, the importance of data ownership and privacy becomes paramount. He pointed out that individuals must take proactive steps to control their personal information to prevent unauthorized access and misuse.

"If AI and big tech get into AI and my personal data, it's going to be crazy."
— Arjun Bhatnagar [16:21]

3. Leadership Update: FBI's Cyber Division Welcomes New Head

In a significant organizational update, the FBI's Cyber Division has appointed Brett Leatherman as the new Assistant Director, succeeding the retiring Brian Vorndren. Leatherman brings over 20 years of experience within the FBI, having served in various capacities from field offices to leading cyber operations. Most recently, he was the Deputy Assistant Director for Cyber Operations.

In a LinkedIn post, Leatherman expressed his gratitude for the opportunity and his commitment to disrupting cyber threats and supporting victims. Renowned for his collaborative and forward-looking approach, Leatherman aims to build upon Vorndren's legacy, which included modernizing the FBI's cyber strategy, disrupting hacking groups, and enhancing victim support mechanisms. The cybersecurity community is closely monitoring Leatherman's leadership, anticipating his efforts to make cybercrime more unsustainable through strategic initiatives and robust defense measures.

"I am grateful for the opportunity to lead and pledge to disrupt cyber threats and support victims."
— Brett Leatherman [Timestamp Unavailable]

Conclusion

This episode of CyberWire Daily offers a comprehensive overview of pressing cybersecurity issues, from significant data breaches and vulnerabilities to the evolving tactics of cybercriminal groups. The in-depth interview with Arjun Bhatnagar provides valuable insights into personal digital privacy and best practices for safeguarding personal information in an AI-driven era. Additionally, the leadership transition within the FBI's Cyber Division marks a pivotal moment for national cybersecurity strategies. For those seeking to stay informed on the latest in cybersecurity, this episode delivers critical information and expert perspectives essential for navigating the complex digital landscape.

For more detailed coverage and expert interviews, listen to the full episode of "Jedai Tricks, Human Risks" on the CyberWire Daily platform or your preferred podcast service.