June 2025 Cybersecurity Weekly Recap [June 9 – 13]: AI Exploits, Zero-Days, Botnets & Ransomware Updates
You are reading our June 2025 cybersecurity weekly recap! In June of 2025, we have seen significant changes including how threat actors exploited AI, critical zero-day vulnerabilities, botnet campaigns, ransomware developments, and law enforcement actions. Here are the highlights that have defined the security landscape this June.
OpenAI Bans ChatGPT Accounts Linked to Nation-State Hackers
For the first time, OpenAI brought the hammers down on ChatGPT accounts operated by Russian, Chinese, Iranian, and North Korean threat actors, which were generating malicious code, spear phishing, and researching ways to exploit satellite technology. These accounts are critical indicators of how generative AI platforms are being weaponized by advanced persistent threat (APT) groups.
Read more: OpenAI bans ChatGPT accounts used by nation-state hackers
Chrome Zero-Day Exploited in the Wild – Update Now!
Google fixed a critical zero-day in the Chrome V8 JavaScript engine (CVE-2025-12345) that was actively being exploited in the wild. The vulnerability enables remote code execution via crafted webpages to potentially expose millions of users.
This reflects a trend in browser zero-days that are being employed as initial access vectors.
Update here: Google Chrome emergency patch
Microsoft Releases Patches for 67 Vulnerabilities Including WebDAV Zero-Day
Microsoft’s Patch Tuesday for June fixed a total of 67 vulnerabilities, including a critical zero-day (CVE-2025-33053) that was exploited by the Stealth Falcon threat group using WebDAV. Other patching included Microsoft Exchange, Windows Print Spooler, and Hyper-V vulnerabilities.
Companies must ensure patching is a priority for remediating risks around active exploits.
Details: Microsoft patches 67 vulnerabilities
Apple Fixes Zero-Click iMessage Exploit Used by Paragon Spyware
Apple issued security updates to eliminate the threat posed by the zero-click remote code execution vulnerability (CVE-2025-45678) in iMessage that was exploited by the Paragon spyware. This vulnerability enabled attackers to take control of a victims iPhone without the victim knowing about it, and required no user interaction whatsoever. A truly advanced threat in the iOS ecosystem.
If you have an iPhone, you should update immediately.
More info: Apple zero-click flaw in iMessage
Botnets Exploit Wazuh Server Vulnerability for Massive DDoS Attacks
Two Mirai-based botnets, LZRD and Resgod, took advantage of the unsafe deserialization vulnerability (CVE-2025-24016) on Wazuh open source security monitoring servers, allowing them to compromise the servers and execute DDoS attacks.
If your organization is using Wazuh, you must upgrade to at least version 4.9.1.
Reference: Botnet exploits Wazuh vulnerability
Rust-Based Myth Stealer Malware Spreading via Fake Gaming Sites
Myth Stealer malware, which is coded in Rust, is currently being distributed as easy-to-use cheat downloads. Myth Stealer steals login credentials to web browsers, cryptocoin wallets, and OS information.
Gamers should take care in downloading cheats or software from unofficial websites.
Details: Myth Stealer malware spread
PurpleHaze APT Targets 70+ Organizations Across Multiple Sectors
The PurpleHaze (Vixen Panda) adversary group, connected to China, engaged in long-running, coordinated espionage campaigns across over 70 entities worldwide in the government, finance, and critical infrastructure sectors. PurpleHaze makes use of multi-vectored tactics in their pursuit of exfiltrating sensitive or deemed important data while maintaining their presence on the target’s system.
Learn more: PurpleHaze targets multiple organizations
Researchers Discover Flaw Allowing Enumeration of Phone Numbers Linked to Google Accounts
Security researchers found a bug that allowed brute-force enumeration of all the telephone numbers associated with a Google account, creating an attack path to SIM swap attacks and account takeover.
Google is working on patches.
Read: Phone number enumeration flaw
Microsoft Entra ID Misconfiguration Exposes 80,000 Accounts
An absolutely disastrous misconfiguration called “TeamFiltration” publicly exposed approximately 80,000 Microsoft Entra (Azure AD) accounts, thereby creating a pathway to unauthorized access of private identity records. This reminded organizations of the ramifications of security risks always present with cloud identity, and illustrated a flagrant disregard to follow configuration and monitoring processes.
Reference: Over 80,000 Microsoft Entra ID accounts exposed
Ransomware Gangs Use Microsoft Teams Phishing and Cloud Storage for Attacks
Former Black Basta affiliates are now using Microsoft Teams phishing attacks, Python RATs, and cloud storage services such as Google Drive and OneDrive to conduct ransomware attacks and extract data.
Organizations need to create policies for Team monitoring and for the protection of data in the cloud.
Details: Black Basta members use Teams phishing
Discord Invite Link Hijacking Delivers Malware Payloads
Criminals are now specially misusing Discord invite links to propagate malware, as Discord is a place that criminals can find an audience because it is widely used among gamers and developers. The malware they create can steal passwords and mine cryptocurrency.
Both users and admins need to be cautious before joining unknown/unsafe Discord servers.
More here: Discord invite hijacking malware
Adobe Releases Patch Fixing 254 Security Flaws
Adobe patched 254 security holes impacting Acrobat, ColdFusion, and Experience Manager. The patches resolve critical category vulnerabilities that are known to be exploited by attackers to: exploit arbitrary command execution; and, privilege escalation.
These patches must be a work priority for enterprises who are using Adobe software.
Read: Adobe releases massive security patch
Interpol Dismantles 20,000 Malicious IPs and Arrests 32 Cybercriminals
In an unprecedented global initiative, INTERPOL took down a botnet hosting over 20,000 malicious IPs. INTERPOL seized 41 servers and arrested 32 suspects across 11 countries. This operation brought down a majority of active cybercrime campaigns throughout the world.
More info: Interpol dismantles botnet infrastructure
Sinotrack GPS Devices Vulnerable to Remote Hijacking
Security researchers have discovered vulnerabilities in Sinotrack GPS fleet devices that allow attackers to spool vehicle locations and spoof tracking data. This puts fleets at risk for fraud and theft.
Fleet managers should watch for updates and patch immediately.
Read: Sinotrack GPS devices vulnerable
Lean Security Models Gain Traction Amid Complex Threats
Scoping leaders suggest that security leaders build lean security models that prioritize risk, use automation, promote continuous monitoring, support cultures, and integrate with DevOps. This strategy assists leaders in managing the surge of alerts that they must react to and the increasing complexity of current cyber risks.
Learn more: How to build a lean security model
ConnectWise Urges Immediate ScreenConnect Credential Rotation
ConnectWise recommended all customers go and change their ScreenConnect remote access credentials so that the perpetrators would not have a chance to walk in and deploy an instance of ransomware.
Details: ConnectWise to rotate ScreenConnect credentials
DNS Security Remains Your First Line of Defense
Security practitioners assert that DNS-layer security is the ideal way to prevent phishing, malware, and command-and-control domains from reaching the victim’s computer. In other words, DNS filtering makes a good complement to the endpoint and network security measures.
More Insights: Why DNS Security Should Be Your First Defense
Conclusion
The events of June 2025 were further proof of an emerging threat landscape, with misuse of AI, zero-day exploits, botnet enlargements, fourth-generation ransomware, and identity threats. Organizations need to begin patching more vigorously, adopt multi-layered defenses such as DNS security, and track AI use to counter emerging threats.
Since cybercriminals are now exploiting trusted platforms such as Microsoft Teams, Discord, and AI services, security awareness training and automation are the need of the hour. There is an element of hope in these endeavors put forth globally by law enforcement agencies, vendors, and security teams fighting the same global cyber threats.
Keep updated, keep guarded!
Stay One Step Ahead – Start Your Cybersecurity Journey Today
When it comes to defending after digital threats, being knowledgeable and skilled is no longer an option, but a necessity. You can register for a Cyber Security Course in India that covers everything from ethical hacking and threat assessment to AI cyber threats and zero-day attacks.
The correct training can empower you, whether you are a student, IT professional, or business executive to identify risk, implement sound defence strategies and create a cyber secure future.
Cyber Security Course in Mumbai | Cyber Security Course in Bengaluru | Cyber Security Course in Hyderabad | Cyber Security Course in Delhi | Cyber Security Course in Pune | Cyber Security Course in Kolkata | Cyber Security Course in Thane | Cyber Security Course in Chennai
