June 2025 was a watershed month in cybersecurity, marked by record-breaking data breaches, disruptive ransomware attacks, sophisticated state-sponsored espionage, and a surge in hacktivist activity. This edition of Cyber Pulse Monthly brings you a comprehensive, in-depth analysis of the most impactful cyber incidents and trends that shaped the digital threat landscape.
1. The Largest Credential Leak in History: 16 Billion Passwords Exposed
In an unprecedented event, a massive breach exposed 16 billion login credentials across more than 30 datasets, affecting major platforms including Facebook, Google, Apple, GitHub, and Telegram. The data, mostly fresh and likely harvested by infostealer malware, contained usernames, passwords, tokens, and session cookies—some of which could bypass two-factor authentication. While no direct hacks into these companies were confirmed, the sheer scale and recency of the credentials make this one of the most dangerous leaks ever, enabling widespread account takeovers, phishing, and business email compromise. Users are urged to reset passwords and enable MFA immediately.
2. Ransomware Rampage: Healthcare, Retail, and Critical Infrastructure Targeted
Healthcare Sector Under Siege:
Ransomware attacks intensified against healthcare, with Kettering Health in Ohio crippled by the Interlock group. The attack disrupted systems across 14 hospitals, leaked patient and financial data, and forced procedure cancellations and ambulance diversions. Recovery efforts stretched for weeks, highlighting the sector’s vulnerability to operational and reputational harm.
Retail Giants Breached:
A wave of ransomware attacks by groups like DragonForce and Scattered Spider hit retail heavyweights including Marks & Spencer, Co-op, and Dior, leading to operational disruptions and exposure of customer data.
Other Major Victims:
- United Natural Foods, North Face, Cartier, Zoom Car, Episource, WestJet, and The Washington Post all suffered significant breaches, resulting in millions of customer and employee records being compromised and major business disruptions.
- Episource, a healthcare SaaS provider, reported a breach impacting 5.4 million patients, with sensitive medical data exfiltrated.
3. Scattered Spider: Evolving Tactics and Sector-Specific Targeting
The Scattered Spider group shifted its focus from UK retail to the U.S. insurance sector, executing sophisticated ransomware and extortion campaigns. Attacks on Erie Insurance and Aflac led to the compromise of highly sensitive data, including Social Security numbers and health records. The group’s use of social engineering and exploitation of IT support channels demonstrates a dangerous evolution in targeted cybercrime.
4. State-Sponsored Espionage: Salt Typhoon Breaches Telecom Giants
China-linked Salt Typhoon exploited a critical Cisco IOS XE vulnerability to infiltrate telecom providers, including Viasat. The attackers gained persistent access to core infrastructure, capturing metadata and potentially customer information, and even caused a major voice outage in the UK. This campaign underscores the vulnerability of critical communications infrastructure to advanced persistent threats.
5. Hacktivism and Geopolitical Cyber Conflict
Cambodian Hacktivists vs. Thailand:
The group AnonsecKh (Bl4ckCyb3r) launched over 70 attacks on Thai government, military, and manufacturing sites following a border clash. Using DDoS and website defacement, these attacks escalated regional tensions and highlighted the growing use of cyber operations in geopolitical disputes.
Pro-Israel Hacktivists Strike Iran:
The group Predatory Sparrow stole and destroyed over $90 million in cryptocurrency from Iran’s Nobitex exchange in a politically motivated attack, sending the funds to unusable wallets.
Iran’s Sepah Bank Targeted:
A cyberattack on Iran’s state-owned Sepah Bank temporarily disrupted online banking, raising concerns about the stability of financial infrastructure amid ongoing regional cyber conflict.
6. Supply Chain, SaaS, and Insider Threats
- PowerSchool, a leading SaaS provider for US school districts, suffered a breach that led to extortion threats and exposed the downstream risks of compromised cloud platforms.
- Lee Enterprises, a major newspaper publisher, was hit by Qilin ransomware, leaking nearly 40,000 Social Security numbers and causing significant operational and financial losses.
- Coinbase uncovered an insider bribery attempt and offered a $20M bounty to unmask the threat actors behind a failed access scheme, spotlighting the persistent risk of insider threats.
7. New Malware and Ransomware Variants
- Acreed, a new infostealer malware, is gaining traction among Russian cybercriminals following the takedown of Lumma stealer.
- SuperCard, a malicious NFC tool, was used in attacks targeting Android devices, resulting in $5.5 million in losses and over 175,000 infections in Russia alone.
- DarkGaboon, an emerging group, targeted Russian organizations using phishing and leaked ransomware, signaling the rise of financially motivated cybercrime.
8. Vulnerabilities, Patches, and Cyber Defense Trends
- Microsoft patched five actively exploited zero-days, including critical flaws in DWM, OLE, and Windows Kernel components.
- Google Chrome issued emergency updates to fix a zero-day (CVE-2025-5419) after reports of active exploitation.
- The cybersecurity community emphasized Zero Trust adoption, segmentation, and increased breach containment efforts as attackers move faster and more deliberately than ever.
9. Government and Municipal Breaches
- Oxford City Council suffered a breach exposing two decades of personal data and disrupting ICT services.
- Glasgow City Council and its ICT provider CGI were hit by a cyber incident that forced servers offline and may have resulted in data theft.
- Ransomware attacks linked to RansomHub disrupted critical services in Durant (OK), Lorain County (OH), and Puerto Rico’s Justice Department, crippling courts and digital services.
10. Law Enforcement and Cybercrime Disruption
A global law enforcement operation seized domains offering crypting services to cybercriminals, disrupting a key malware distribution channel and highlighting ongoing efforts to combat cybercrime infrastructure.
Conclusion
June 2025 revealed a cyber threat landscape marked by unprecedented data leaks, targeted ransomware, sophisticated espionage, and the weaponization of cyber tools in geopolitical conflicts. The urgency for robust cyber resilience, proactive defense strategies, and comprehensive incident response planning has never been clearer. Organizations must invest in people, processes, and technology to withstand the relentless pace and evolving tactics of today’s cyber adversaries.