Weekly Cybersecurity & Ethical Hacking Roundup (June 21–28, 2025)
Welcome to the Cybersecurity & Ethical Hacking Weekly Roundup for the late June 2025–your short synopsis of phenomenal defense advances, threat trends, and AI-driven attacks impacting the cyber domain today.
This week, we will talk about Google launching multi-layered AI defenses, about Citrix rushing to release emergency patches, and report on all nation-state actors such as APT35, North Korea, and Silver Fox ramping up supply-chain and spear-phishing attacks.
Besides some context for both over 65,000 Microsoft Exchange servers being compromised, ChatGPT-enabled weaponized social engineering, and necessary SaaS backup solutions, we highlight key updates on WhatsApp, Windows, Teams, NVIDIA, charges against BreachForum, malware from TikTok, and many more interesting issues of the week.
Major Security Updates: Google’s New Account Protections & Citrix Zero-Day Emergency Patches
Google Enhances Account Security
This week delivered important updates for cybersecurity companies and individuals alike. Google debuted additional security measures for Gmail, Google Drive, and Workspace accounts, including additional two-factor authentication (2FA), AI-centric threat detection, and quicker alerts against suspicious activity.
These features intend to prevent account hijacking in addition to enhancing defenses against phishing attacks. Google also encouraged businesses to update their Google Workspace security settings.
Source: The Hacker News
Citrix Releases Emergency Patches for Zero-Day Vulnerabilities
At the same time, Citrix published emergency patches for zero-day vulnerabilities, which are being taken advantage of in the wild. These vulnerabilities could allow for unauthorized access or execution of malicious code.
Source: The Hacker News
Experts in cybersecurity stressed the importance of ensuring that the patches are applied immediately to help mitigate breaches from happening.
Importance of Timely Vulnerability Management
The updates served as a reminder of why vulnerability management and the timely application of system patches are necessary to protect against cyber threats.
Trending Cyberattacks & Vulnerabilities: Microsoft Exchange, Server Flaws, and Sainbox RAT
Microsoft Exchange Servers Under Attack
Recently, hackers targeted more than 65,000 Microsoft Exchange servers by exploiting critical CVE vulnerabilities to access sensitive information, steal data, and launch malware.
Organizations must now devote resources to hardening the security on Microsoft Exchange by implementing patches, disabling legacy MS protocols, and reviewing and enforcing access policies across their environment.
Exploitation of Windows and Linux Server Vulnerabilities
Threat actors are also exploiting known vulnerabilities in servers running on Windows and Linux and those servers that are exposed on the internet need to be patched as they are immediately available for exploitation by threat actors to move laterally within your organization or launch ransomware.
The indicators of compromise (IoCs) include new unauthorized accounts, abnormal network traffic, abnormal reboots of systems, and costly outages.
Regular and through vulnerability and penetration scans, in addition to monitoring, is key to improving your security posture regarding malware and other cyber threats.
Also read: Essential Networking Skills for Digital Defenders to Protect Your Network
Emergence of Weaponized DeepSeek Installers
The threat landscape is also growing with the emergence of weaponized DeepSeek installers that are dynamically generating and dropping Sainbox Remote Access Trojan (RAT).
The Sainbox RAT allows hackers to control the infected machine remotely. Recommendations include increased endpoint security, reducing risk with behavior-based detection, and staff training.
Source: Cyber Security News
The Need for Vigilance
Sustained vigilance and timely awareness from security vendors regarding their detections and solutions above all else are paramount to curtailing the dangers posed to enterprise networks by evolving cyber actors.
AI & Emerging Tech in Cyber Threats
The Weaponization of LLMs by Threat Actors
Cybercriminals are exploiting AI tools like ChatGPT, Cisco AnyConnect, Google Meet, and Microsoft Teams to conduct sophisticated social engineering attacks.
For example, these large language models (LLMs) offer real-world phishing and fraud attack campaigns that are very convincing and harder to detect. Some security incidents already ones already highlight the growing risks from scams aided with AI.
Problems Setting Boundaries with AI Abuse
Locating misconduct and misuse of AI can be challenging when the forging content is so sophisticated and the capacity that they have for human-like interaction, and that their tactics are playing out in real-time and fluidly.
AI-Enabled Cybersecurity Automation
On the defense side, organizations are deploying AI-enabled workflow automation solutions to detect threats more quickly, dial-up incident responses, and strengthen the overall security operations teams.
These examples provide a glimpse into effective responses to the heightened threats posed by AI-enabled cyber risk.
Also read: Ethical Hacking with ChatGPT: Real Use Cases
Iranian APT35 Launches AI-Powered Phishing Attacks Against Israeli Tech Experts
In late June, Iranian state-sponsored APT35 (aka Charming Kitten/Educated Manticore) began a spate of AI-enabled spear‑phishing attacks targeting Israeli technology experts and cybersecurity professionals.
In those campaigns, they impersonated faux executive assistants (via email and WhatsApp) and directed recipients to fake Gmail login pages and bogus Google Meet invites that were drafted in nearly perfect grammatical style using AI tools .
By placing this update in a section identified as “Nation‑State Cyber Espionage” we are able to convey the developing sophistication of Iran’s cyber operations.
Source: The Hacker News
Cloud, SaaS & Backup Risks
The Hidden Dangers of SaaS
SaaS applications are designed for convenience, but that convenience can lead you to neglect built-in security. Common SaaS misconfigurations, like overly permissive access configurations and poor data sharing configuration, can all create serious exposure of sensitive data.
Organizations need to develop SaaS security best practices, including regular audits, strong identity management, and least privilege access to minimize risk.
Source: The Hacker News
Why the Backup of M365 Data is Important
The security and retention features within Microsoft 365 (M365) are beneficial when used in conjunction with other protective measures, but inherently won’t protect against accidental deletions, ransomware, or insider threats.
These gaps in trust in built-in protections leads to gaps in data protection and recovery/remediation options. Implementing backups tailored specifically for M365 gives organizations data resiliency, fast data restoration, and mitigates downtime if needed.
Enterprises must evaluate and take backup seriously as part of their overall cloud security approach to safeguard their critical business data.
Other Industry News
WhatsApp Introduces AI-Powered Message Prioritization
WhatsApp has released AI-based message prioritization to help users navigate the increasing number of conversations in a more manageable way.
Although users will benefit from this feature, there are privacy and security concerns because this will involve processing the content of messages with AI in order to determine important messages.
WhatsApp goes to great lengths to emphasize that users have complete control over the AI settings and can enable and disable Aspect Message Prioritization at their own discretion.
Some experts agree this is a good idea, but caution against the use of AI for a number of reasons and recommend people regularly review their privacy settings for messaging platforms.
Source: The Hacker News
Windows Retires Blue Screen of Death (BSOD)
Microsoft has officially retired the notorious Blue Screen of Death (BSOD) and replaced it with a new less distracting error interface designed to improve the end user experience while the system crashes.
While this is more in line with what you would expect from modern OS, some experts were divided on what this meant for security. The biggest debate is that clearer reporting of errors makes for faster troubleshooting, but clearer reporting may also aid an attacker during their process.
Mixed reviews abound in the tech community, weighing the nostalgia of the old BSOD screen against the fact that everyone moved on months (or even years) ago. The world of tech is not stagnate.
Source: Cybersecurity News
Microsoft Teams Metadata – Employee Location Exposure Risk
It was recently discovered that Microsoft Teams metadata could unintentionally expose employee location, which is a privacy concern. Administrators should review and modify Microsoft Teams owner, member and guest settings to avoid sharing metadata and prevent any sensitive data about employees from being leaked.
Source: Cybersecurity News
NVIDIA Megatron-LM Vulnerability
A vulnerability within NVIDIA’s Megatron-LM large language model has raised concerns about misuse to create malicious content. NVIDIA provided rapid patching guidance and recognizes that securing AI frameworks is important.
Source: Cyber Security News
Five Hackers Arrested in BreachForum
Law enforcement arrested five high-profile hackers in connection with BreachForum and disrupted a large volume of dark web activity.
It brings hope for the future of continued cybercrime enforcement and illegal data distribution on the web.
Source: Cyber Security News
Warning on TikTok Videos Promoting Pirated Apps
Security professionals have warned that some TikTok videos promoting pirated applications could act as a way to distribute malware.
Users should download mobile apps from trusted sources, verify that the app that is downloaded is the app, and use caution with social media pages and other viral trends to prevent infection.
Source: Cybersecurity News
Conclusion
As June 2025 comes to an end, the ever-changing, yet increasingly difficult world of cyber security is still moving fast. Just since February 2025 when I wrote my original article on this topic, we’ve seen Google improve their defenses, Citrix needed to patch multiple critical vulnerabilities and threats are accelerating from APT35, North Korea, the Silver Fox group and others.
It is obvious that both risk and innovation are accelerating. The quickly evolving cyber threat landscape is reflected in the number of AI based attacks like weaponized ChatGPT, deepfake Zoom calls and others.
There is a need for organizations to have reliable defenses, timely and proactive patching habits, and convincing, successful backup strategies in an ever-evolving threat landscape.
We must stay aware and agile dealing with risks to our organization’s assets and trust in our increasingly digital world.
👉Enroll in a leading Cyber Security Course in India today and gain hands-on knowledge in vulnerability management, penetration testing, malware defense, and more. Empower yourself to defend against real-world cyber threats and build a future-ready cybersecurity career!
Ethical Hacking Course in Mumbai | Ethical Hacking Course in Bengaluru | Ethical Hacking Course in Hyderabad | Ethical Hacking Course in Delhi | Ethical Hacking Course in Pune | Ethical Hacking Course in Kolkata | Ethical Hacking Course in Thane | Ethical Hacking Course in Chennai
