Risky Bulletin: Washington Post email accounts hacked

Summary

Hosted by Risky.biz | Released on June 16, 2025

In this episode of Risky Bulletin, host Claire Aird delves into a series of significant cybersecurity incidents that have recently unfolded across the globe. From high-profile email breaches to substantial investments in healthcare cybersecurity, the episode provides a comprehensive overview of the current threat landscape. Below is a detailed summary of the key discussions, insights, and conclusions drawn during the episode.

1. Washington Post Email Accounts Compromised

Claire Aird opens the bulletin with alarming news about a breach affecting the Washington Post. The incident involved unauthorized access to email accounts belonging to several reporters, particularly those on the national security and economic policy teams.

Claire Aird [02:15]: "Hackers have gained access to some reporters' email accounts at the Washington Post, targeting key journalists in sensitive areas."

According to the Wall Street Journal, the attack is suspected to be orchestrated by a foreign government, highlighting the growing trend of state-sponsored cyber espionage. The breach was initially detected on Thursday, with the Washington Post informing its staff by Sunday, indicating a swift response to the threat.

2. Sorbonne University Data Theft

Next, the discussion shifts to a cyber attack on France's Sorbonne University, which disrupted the institution's IT systems earlier this month. This intrusion led to the theft of sensitive information, including banking details and Social Security numbers of some staff members.

Claire Aird [05:40]: "Officials at Sorbonne University reported that hackers stole critical banking details and Social Security numbers, exacerbating fears from last year's breach."

This is not the first incident for the university; in October of the previous year, hackers had compromised personal information of over 73,000 staff and students, underscoring the persistent vulnerabilities within academic institutions.

3. Zoomcar User Data Compromised

The episode highlights a significant data breach at Zoomcar, an Indian car-sharing platform, where hackers have stolen data of approximately 8.4 million users. The compromised data includes customer names, contact details, addresses, and car registration numbers.

Claire Aird [09:22]: "Hackers are leveraging the stolen data from Zoomcar to demand a ransom, threatening to release the information publicly if their demands are unmet."

This breach echoes a similar incident in 2018 when Zoomcar faced a data compromise affecting 3.5 million users, indicating ongoing security challenges for the company.

4. WestJet Investigates Security Breach

Canadian airline WestJet is currently investigating a security incident that impacted its website and mobile app for several hours on Friday. Thankfully, the breach did not disrupt scheduled flights or critical operations.

Claire Aird [12:10]: "WestJet assures that there were no interruptions to flight schedules despite the temporary compromise of their digital platforms."

The lack of operational impact suggests that WestJet's contingency measures were effective in mitigating potential fallout from the breach.

5. Cochley Email Provider Hacked

A significant development involves the email provider Cochley, which is reportedly hacked, leading to the sale of its data on an underground hacking forum. Cochley has publicly denied the breach, attributing the security claims to the age of their systems.

Claire Aird [15:30]: "Despite Cochley's denial, threat intelligence researchers indicate that the leaked data appears authentic, raising concerns about the provider's security protocols."

Cochley is known for its popularity among cybercriminals and ransomware groups, often being used to disseminate threats and malicious activities.

6. Ukrainian Intelligence Targets Russian Telco Orion

In a geopolitical twist, Ukraine's military intelligence has reportedly hacked into the Russian telecommunications company Orion, causing significant disruptions.

Claire Aird [18:45]: "The hack resulted in the wiping of backups and disabling of 370 servers and 500 network switches, leading to widespread internet and TV outages in four major Russian cities."

This intrusion, occurring on Russia's Independence Day (June 12), was further complicated by the involvement of the hacktivist group BO Team, illustrating the intersection of state-sponsored and independent cyber operations.

7. US Law Enforcement Assists Vietnamese Company Against Ransomware

A cooperation between a US law enforcement agency and a Vietnamese state-owned company resulted in the decryption of data following a ransomware attack that crippled over 1,000 servers.

Claire Aird [22:05]: "The attackers demanded $2.5 million, but officials opted for decryption without paying the ransom, citing the lack of a legal framework for state enterprises to comply with such demands."

Though the company's name remains undisclosed, it is identified as a multi-billion dollar energy firm, emphasizing the high stakes involved in protecting critical infrastructure.

8. EU Invests €145.5 Million in Healthcare Cybersecurity

Shifting focus to positive developments, the European Union is channeling €145.5 million into enhancing cybersecurity measures within hospitals and healthcare providers.

Claire Aird [25:20]: "This investment will bolster the Horizon Europe program, facilitating the use of generative AI in cybersecurity, and support the Digital Europe program to defend against ransomware attacks."

This substantial funding underscores the EU's commitment to safeguarding sensitive healthcare data and ensuring the resilience of critical health services against cyber threats.

9. Indonesian Police Arrest Cyber Scam Suspects

In Southeast Asia, Indonesian authorities have apprehended 38 suspects linked to a cyber scam operation based in Bali. The group operated from five different locations and targeted foreigners to harvest personal data for investment scams.

Claire Aird [28:40]: "The arrested individuals allegedly received $1 for each data point collected, highlighting the commodification of personal information in cybercriminal ecosystems."

This crackdown exemplifies the global efforts to dismantle cyber scam networks exploiting vulnerable populations for financial gains.

10. CISA Advises on Firmware Updates for Security Cameras

The Cybersecurity and Infrastructure Security Agency (CISA) has issued advisories for organizations to either install firmware updates or restrict access to security cameras from four specific vendors: PTZ, Optics, ValueHD, MultiCam, and Smtav.

Claire Aird [31:55]: "Vulnerabilities in these devices could allow attackers to use hard-coded admin credentials, execute malicious code, and leak user credentials and configuration files."

While PTZOptics has released the necessary firmware updates, the other vendors have yet to respond, leaving devices at risk of exploitation.

11. Malicious Firefox Add-ons Identified

Security experts have uncovered malicious add-ons within Firefox's official store, posing significant threats to users' online safety.

Claire Aird [35:10]: "One of the add-ons was leveraging pop-ups to redirect users to tech support scams, while others were artificially inflating social media metrics to manipulate engagement."

These findings highlight the ongoing battle against malicious software infiltrating trusted platforms, necessitating vigilant scrutiny of browser extensions.

12. Apple's New Call Screening Feature in iOS

Concluding the episode, Apple announced the introduction of a new feature in iOS aimed at combating scam calls. Scheduled for release with iOS 26 later this year, the feature automatically answers calls from unknown numbers and requests the caller to state their name and purpose.

Claire Aird [38:25]: "Apple estimates that this feature could block up to 1 billion scam calls annually, providing users with an additional layer of protection against fraudulent activities."

This proactive measure reflects the tech giant's commitment to enhancing user security and mitigating the pervasive issue of phone-based scams.

Conclusion

Today's episode of Risky Bulletin underscores the multifaceted nature of cybersecurity threats, ranging from targeted email breaches of prominent news organizations to large-scale data thefts affecting millions of users worldwide. The discussions emphasize the importance of robust security measures, proactive threat intelligence, and international cooperation in combating cyber threats. Additionally, the episode highlights significant investments and technological advancements aimed at strengthening defenses across critical sectors, particularly healthcare and infrastructure. As cyber threats continue to evolve, the insights provided offer valuable guidance for organizations and individuals striving to navigate the complex cybersecurity landscape.

Note: All timestamps correspond to the original podcast transcript provided.

Transcript

Claire Aird (0:04)

Email accounts compromised at the Washington Post Shady email provider Cochley gets hacked, hackers steal data from a French university and the EU invests 145 million euros in hospital cyber security. This is the risky bulletin prepared by Catlin Kimpanu and read by me, Claire Aird. Today is the 16th of June and this podcast episode is brought to you by island, the Enterprise browser, a company that keeps data inside organisations boundaries across the browser and beyond. Hackers have gained access to some reporters email accounts at the Washington Post. The targeted journalists include those on national security and economic policy teams. According to the Wall Street Journal, the attack appears to be the work of a foreign government. The breach was discovered on Thursday and the Washington Post notified its staff on Sunday. A cyber attack has disrupted IT systems at France's Sorbonne University. The intrusion took place earlier this month. Officials say the hackers stole the banking details and Social Security numbers of some staff members. Last October, the university suffered a separate breach when hackers stole personal information of more than 73,000 staff and students. Indian car sharing platform Zoomcar says hackers have stolen 8.4 million users data. The data includes customers, names, contact details, addresses and car registration numbers. The hackers are threatening to release the data if a ransom is not paid. The company suffered a similar breach in 2018, which impacted 3.5 million users. Canadian airline WestJet is investigating a security breach. The incident affected the company's website and mobile app for several hours on Friday. The company says there were no disruptions to scheduled flights. A threat actor claims to have hacked email provider Cochley and is selling its data on an underground hacking forum. Cochley denied the breach in a post mortem published on its website. The service said its systems were too old to be impacted by a recent zero day in the roundcube webmail software. Several Threat intel researchers told Risky Business the leaked data appears authentic. Cochley is an email service that's popular with cybercriminals and ransomware groups. It's often been used to send bomb and death threats. Ukraine's military intelligence agency has reportedly hacked Russian telco Orion. Telecom sources told the Kyiv Post that the hack wiped backups and disabled 370 servers and the 500 network switches. The intrusion occurred on Russia's Independence Day, June 12. It caused widespread Internet and TV outages across four major cities. Hacktivist group BO Team was also involved in the breach. A US law enforcement agency helped a Vietnamese state company decrypt its data following a ransomware attack. The attackers demanded $2.5 million after encrypting more than 1,000 of the company's servers. Local media reported that officials worked with the US because there's no legal framework for state enterprises to pay ransoms. The firm was not named but was described as a multi billion dollar energy company. The European Union is investing 145.5 million euros to improve the cyber security of hospitals and healthcare providers. The funding will support the Horizon Europe program, which supports the use of generative AI for cybersecurity. It will also fund the Digital Europe program, which defends against ransomware attacks. Indonesian Police have arrested 38 suspects accused of running a cyber scam compound on the island of Bali. The group operated from five locations in Denpas, Sar and allegedly received orders from a handler in Cambodia. They are accused of targeting foreigners and collecting their personal data for use in future investment scams. Suspects were allegedly paid $1 for each data point. CISA has advised organisations to install firmware updates or restrict access to security cameras from four vendors. The devices from PTZ, Optics, ValueHD, MultiCam and Smtav are affected by vulnerabilities. Attackers can use hard coded admin credentials, execute malicious code and leak user credentials and configuration files. Ptzoptics has provided firmware updates. The other vendors have not replied to the researchers. Malicious Firefox add ons have been discovered in the browser's official store socket. Security says one of the add ons used pop ups to redirect users to tech support scams. Others artificially inflated likes and views on social media to manipulate user engagement metrics. And finally, Apple is adding a feature to screen calls in iOS. It will answer calls from unknown numbers and request the caller's name and reason for ringing. Users will then be asked if they want to talk. Apple estimates the new feature will help block up to 1 billion scam calls a year. The feature will ship with iOS 26 later this year. And that is all for this podcast edition. Today's show was brought to you by our sponsor enterprise browser maker Island. Find them at Island I. Thanks to your company.

Summary