Banks open fraudulent accounts for scammers. 2.2 million impacted in grocery breach. Data brokers run amok. Iran cyber-blowback? Protect your iPhone.

Cybersecurity News of the Week & Patch Report, June 29, 2025

This week's essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate.

Sections

• Section 1: National and International News

• SecureTheVillage: Events. Programs. Guides. Newsletters.

• Section 2: Families and Individuals: Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware.

• Section 3: Smaller Businesses and Nonprofits: A Discipline of Cybersecurity.

• Cybersecurity Nonprofit of the Week

• Section 4: Patch and Update Report

Section 1: National and International News

How Foreign Scammers Use U.S. Banks to Fleece Americans (ProPublica): Struggling Gatekeepers: In the face of some $44 billion a year in pig-butchering scams conducted by Asian crime syndicates, U.S. banks have failed to prevent mass scale money laundering. … Black Market Bank Accounts: Chinese-language Telegram channels offer to rent U.S. bank accounts to pig-butchering scammers, who use the accounts to move victims’ cash into crypto. … One Address, 176 Clients: Bank of America allowed hundreds of unverified customers to open accounts, prosecutors alleged, including 176 who claimed the same small home as their address.

Canada says telcos were breached in China-linked espionage hacks: The Canadian government and the FBI say they are aware of malicious activity targeting telecommunication companies across Canada, attributing the intrusions to the China-backed hacking group Salt Typhoon. … Salt Typhoon is one of several China-linked hacking groups thought to be preparing for China to launch a potential future invasion of Taiwan by 2027.

Russia releases REvil members after convictions for payment card fraud: A Russian court sentenced several members of the notorious REvil ransomware gang to five years in prison but let them walk free right after the verdict, saying they had already spent enough time behind bars while awaiting trial. … According to prosecutors, the group primarily targeted U.S. citizens by stealing and exploiting their credit card information. … Previous reports suggest that Russia is increasingly turning to cybercriminals to conduct espionage and hacking operations against its adversaries. Researchers say these criminal groups likely help give the Kremlin plausible deniability for state-sponsored cyberattacks linked to the war in Ukraine.

Mexican drug cartel used hacker to track FBI official, then killed potential informants, government audit says: A Mexican drug cartel hired a hacker to surveil the movements of a senior FBI official in Mexico City in 2018 or earlier, gathering information from the city’s camera system that allowed the cartel to kill potential FBI informants, the Justice Department inspector general said in a new report.

North American airlines targeted by cyberattacks: Westjet and Hawaii Airlines have both said in June statements that they have responded to cyberattacks. … The FBI posted a warning on X on Friday evening that Scattered Spider was targeting the aviation industry and said it was "actively working with aviation and industry partners to address this activity and assist victims."

Columbia University investigating cyber incident after tech outages: Columbia University officials are investigating a potential cybersecurity incident after students reported widespread technology outages and strange images appearing on screens across campus. … The school’s website and other systems have been intermittently offline since Tuesday morning, and Columbia officials said the New York Police Department is now involved in the response.

Data spill in aisle 5: Grocery giant Ahold Delhaize says 2.2M affected after cyberattack: Multinational grocery and retail megacorp Ahold Delhaize says upwards of 2.2 million people had their data compromised during its November cyberattack with personal, financial and health details among the trove. … Ahold Delhaize operates a network of stores in Europe and the US via brands including Food Lion, Stop & Shop and Giant. … It employs more than 400,000 staff and serves around 63 million customers a week.

McLaren Health Care says data breach impacts 743,000 patients: McLaren Health Care is warning 743,000 patients that the health system suffered a data breach caused by a July 2024 attack by the INC ransomware gang. … McLaren is a nonprofit health system in the U.S. with $6.6 billion in annual revenue, operating a network that spans 14 Michigan hospitals (2,624 beds). It employs 490 physicians and 28,000 full-time staff while contracting with another 113,000 providers across Michigan and into Indiana.

Notorious cybercriminal ‘IntelBroker’ arrested in France, awaits extradition to US: Kai West, a 25-year-old British national, is accused of stealing data from more than 40 organizations during a two-year spree. … Federal prosecutors unsealed a four-count indictment charging West, a British national, with conspiracy to commit computer intrusions, accessing a protected computer to obtain information and wire fraud. The United States is seeking his extradition for the charges, which each carry maximum sentences of five to 20 years in prison.

SecureTheVillage

Events

• July 15: Cybersecurity Connect Discussion Group. Preparing for disruption. What your small business / nonprofit can learn from how the military plans ahead. As President & General Dwight Eisenhower famously said, “In going into battle, plans are useless, but planning is indispensable.” This month, JC Vega, CISSP, retired Army Colonel and cybersecurity strategist, joins us to unpack what that really means for small businesses and nonprofits faced with the inevitable disruptions of a cyber-event. You’ll walk away with a few battle-tested strategies (and maybe a new way to think about disruption). Cybersecurity Connect is where cybersecurity professionals, IT leaders, attorneys, risk managers, executive leaders, educators, investors, and law enforcement come together to discuss challenges, exchange ideas, and strengthen our collective defenses. July 15, 3:45 - 5:00 PDT.

Programs

• Protect your business

• Protect your nonprofit

• The MSP Cybersecurity Peer Group

Guides for families and individuals

• How Hackable Are You? Strengthen your cybersecurity and privacy defenses with our free updated 13-step guide.

• Guide to Password Managers. What you need to know to get a password manager that's right for you.

• After a Disaster: A Guide to Keep Your Phone Secure, Safeguard Your Information, and Avoid Being Scammed. This is a concise guide on how to protect yourself from scams in the aftermath of a local disaster, whether it's an earthquake, major fire, hurricane, or other crisis.

SecureTheVillage FREE Newsletters. Sign up or share with a friend!

• Cybersecurity News of the Week & Weekend Patch Report. Our award winning newsletter, now on Substack. Essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned.

• Family Protection Newsletter: Our monthly newsletter for non-cyber experts. For your parents, friends, and those who need to protect themselves in a digital world.

Section 2: Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware.

If you live in California, please tell your state legislators to vote against S.B 690. We need stronger cybersecurity and privacy laws.

• California’s Corporate Cover-Up Act Is a Privacy Nightmare (Electronic Frontier Foundation): California lawmakers are pushing one of the most dangerous privacy rollbacks we’ve seen in years. S.B. 690 is … a massive carve-out that would gut California’s Invasion of Privacy Act (CIPA) and give Big Tech and data brokers a green light to spy on us without consent for just about any reason. If passed, S.B. 690 would let companies secretly record your clicks, calls, and behavior online—then share or sell that data with whomever they’d like, all under the banner of a “commercial business purpose.”

• Yes, Your TV Is Probably Spying on You. Your Fridge, Too. Here’s What They Know: This is not a conspiracy theory: Many of the devices living in your home are quietly collecting towering heaps of information about you. Your TV, your doorbell, your security system, your thermostat, even your earbuds — all of them are involved. Some of that data may be shared, analyzed, and then sold to the highest bidder, hundreds of times a day, by organizations you’ve never heard of. … More than a thousand so-called data brokers have access to — and profit from — personal data, through a largely invisible marketplace.

• Why Are Hundreds of Data Brokers Not Registering with States? (Electronic Frontier Foundation): In recent years, California, Texas, Oregon, and Vermont have passed data broker registration laws that require brokers to identify themselves to state regulators and the public. A new analysis by Privacy Rights Clearinghouse (PRC) and the Electronic Frontier Foundation (EFF) reveals that many data brokers registered in one state aren’t registered in others.

Have an iPhone? Turn on Stolen Device Protection. Do it now.

• This iPhone Feature Makes It Much Harder for Thieves to Ruin Your Life: It’s a stomach-dropping scenario: Your phone gets stolen, and all your information is gone along with it. … If that hasn’t happened to you already, it may never, thanks to a useful feature in Apple’s iPhones. … The feature, called Stolen Device Protection, makes it a lot more difficult for thieves to gain access to your most private information. You should turn it on right away.

Section 3: Smaller Businesses and Nonprofits: A Discipline of Cybersecurity.

Good advice whether you’re a likely target or not.

• U.S. Tells Companies to Prepare for Iranian Cyberattacks: The U.S. government and state regulators warned companies to watch for cyberattacks linked to the conflict with Iran, urging them to bolster their defenses. … The Department of Homeland Security has warned companies to brace for “likely” low-level attacks from hackers linked to Iran, as well as from the country’s government itself. … Cybersecurity experts note that many groups exploit the same weaknesses to breach systems, and companies can defend themselves by taking basic precautions. These include using multifactor authentication, patching software to close known security flaws, and disabling or changing default passwords. … “Open vulnerabilities are going to be the low-hanging fruit,” said David Norlin, chief technology officer at Lumifi Cybersecurity.

MSPs and IT leads - take note. Now more than ever, you need to speak to the business implications of a cyber disruption.

• 10 tough cybersecurity questions every CISO must answer: From anticipating new threats to balancing risk management and business enablement, CISOs face a range of complex challenges that require continual reflection and strategic execution. … Today’s CISOs must align with the business in ways that enforce key business objectives — and bring questions and tradeoffs around risk management squarely in the spotlight. … To fulfill this increasingly complex remit, CISOs must continually assess not just their security stacks and postures, but also their teams’ cultures, the state and direction of the business at large, and their position in ensuring their organizations thrive despite myriad existing and emerging risks.

Cybersecurity Nonprofit of the Week … US Valor

Kudos this week to US Valor, a nonprofit with two intertwined objectives: (1) helping veterans transition back into civilian life and (2) helping America meet our cybersecurity workforce challenge. US Valor does this through an innovative Department of Labor approved Apprenticeship Program. The US Valor Cybersecurity Apprenticeship Program (CAP) is all about helping transitioning military personnel and U.S. Veterans experience a smooth transition from military life to the civilian world through its Department of Labor Registered Apprenticeship Program (RAP). I’m a proud member of US Valor’s Advisory Board and I encourage you to support them.

Section 4: Weekend Patch Report

Keeping your computers, smartphones, notepads and other devices patched and updated is #4 on SecureTheVillage's How Hackable Are You Guide. The following lists current versions of common software programs. Items in Bold have been updated. Updates are usually available from within the program. If not, updates can be downloaded from the company's website. Even as patching is increasingly automated, it's important to double-check that it's being done.

• 7-Zip 24.09.

• Adobe Acrobat Reader 25.001.20531

• AVG updated to 25.6.3385.

• Apple iOS 18.5

• Apple iPadOS 18.5

• Apple macOS Sequoia 15.5

• Apple macOS Sonoma 14.7.6

• Apple macOS Ventura 13.7.6

• Apple watchOS 11.5

• Apple tvOS 18.5

• Apple vision OS 2.5

• Apple Safari 18.5

• Brave updated to 1.80.113.

• CCleaner updated to 6.37.11523.

• Chrome updated to 138.0.7204.50.

• Discord updated to 1.0.9197.

• Dropbox updated to 227.4.4774.

• Edge updated to 138.0.3351.55.

• Evernote updated to 10.143.4.

• ExpressVPN 12.103.0.22

• Firefox updated to 140.0.2.

• Foxit Reader 2025.1.0.27937.

• Google Drive for Desktop updated to 110.0.2.0.

• iTunes 12.13.7.1.

• KeePass 2.57.1.

• Malwarebytes 5.3.2.195.

• Microsoft 365 & Office updated

• Microsoft Windows

• Notepad++ 8.8.1.

• OneDrive updated to 25.105.0601.0002.

• Opera Chromium updated to 119.0.5497.141.

• Spotify updated to 1.2.67.553.

• Teams 25153.1010.3727.5483.

• TeamViewer 15 updated to 15.67.3.

• Thunderbird 139.0.2.

• Zoom updated to 6.5.1.6476.