Online Bank Fraud Gets More Dangerous. Salesforce Customers Attacked. Sextortion Tragedies. Ukraine Hacks Russian Bomber Mfr. 4 Billion Personal Chinese records found in surveillance-grade database.

Cybersecurity News of the Week & Patch Report, June 8, 2025

This week's essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate.

Sections

• Section 1: National and International News

• SecureTheVillage: Events. Programs. Guides. Newsletters.

• Section 2: Families and Individuals: Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware.

• Section 3: Smaller Businesses and Nonprofits: A Discipline of Cybersecurity.

• Cybersecurity Nonprofit of the Week

• Section 4: Patch and Update Report

Section 1: National and International News

White House security staff warned Musk’s Starlink is a security risk: Starlink satellite connections in the White House bypass controls meant to stop leaks and hacking. … Elon Musk’s team at the U.S. DOGE Service and allies in the Trump administration ignored White House communications experts worried about potential security breaches when DOGE personnel installed Musk’s Starlink internet service in the complex this year, three people familiar with the matter told The Washington Post. … The people, who spoke on the condition of anonymity to discuss sensitive issues, said those who were managing White House communications systems were not informed in advance when DOGE representatives went to the roof of the adjacent Eisenhower Executive Office Building in February to install a terminal connecting users in the complex to Starlink satellites, which are owned by Musk’s private SpaceX rocket company. … The people said those managing the systems weren’t able to monitor such connections to stop sensitive information from leaving the complex or hackers from breaking in.

Russian Intelligence Says It Collects WeChat Data. What Does That Mean?: Moscow has long been suspicious of foreign messaging apps. WeChat’s weak encryption makes it vulnerable. … Russian counterintelligence agents are analyzing data from the popular Chinese messaging and social media app WeChat to monitor people who might be in contact with Chinese spies, according to a Russian intelligence document obtained by The New York Times. … The disclosure highlights the rising level of concern about Chinese influence in Russia as the two countries deepen their relationship. As Russia has become isolated from the West over its war in Ukraine, it has become increasingly reliant on Chinese money, companies and technology. But it has also faced what the document describes as increased Chinese espionage efforts.

Colossal breach exposes 4B Chinese user records in surveillance-grade database: A meticulously curated dataset included WeChat IDs, bank details, Alipay data, home addresses, and behavioral profiles. … A colossal data breach has reportedly exposed approximately four billion records containing personal information of hundreds of millions of users, primarily from China. … The 631-gigabyte database was discovered sitting wide open on the internet, lacking even the most basic password protection, according to cybersecurity firm Cybernews, which reported its findings based on its own research. … What makes this breach particularly alarming isn’t just its size, though at four billion records, it’s believed to be the largest single-source leak of Chinese personal data ever found — it’s the breadth and depth of information that was exposed.

Ukraine's military intelligence claims cyberattack on Russian strategic bomber maker: Ukraine's military intelligence agency (HUR) said it hacked into the internal systems of Russia’s major state-owned aircraft manufacturer Tupolev, days after Ukraine launched surprise drone assaults on Russian air bases. … The breach allegedly gave Ukrainian operatives access to over 4.4 gigabytes of sensitive data, including internal communications, personnel files, purchase records and notes from closed-door meetings. HUR is claiming to now have comprehensive information on individuals involved in servicing Russia’s fleet of strategic bombers, some of which have launched missiles at Ukrainian cities. … “There is nothing secret left in Tupolev's activities for Ukrainian intelligence,” HUR said in a statement to several local media, adding: “The result of the operation will be noticeable both on the ground and in the sky.” … The intelligence agency also said it had replaced the homepage of Tupolev’s website with an image of an owl clutching a Russian aircraft — a symbol widely associated with HUR’s cyber operations. The site was inaccessible at the time of reporting.

FBI: Play ransomware breached 900 victims, including critical orgs: In an update to a joint advisory with CISA and the Australian Cyber Security Centre, the FBI said that the Play ransomware gang had breached roughly 900 organizations as of May 2025, three times the number of victims reported in October 2023. … "Since June 2022, the Play (also known as Playcrypt) ransomware group has impacted a wide range of businesses and critical infrastructure in North America, South America, and Europe. Play ransomware was among the most active ransomware groups in 2024," the FBI warned.

Crime gang steals $64 million from UK tax office in phishing scam: LONDON, June 4 (Reuters) - Organised criminals stole 47 million pounds ($63.76 million) from Britain's tax office last year by using phishing tactics to access more than 100,000 customer accounts and falsely claim payments from the government. … A notice posted by His Majesty's Revenue and Customs (HMRC) on the government website on Wednesday disclosed the unauthorised access and said no customers had suffered financial loss.

Cyberattacks Hit Victoria’s Secret, North Face and Cartier: Hackers stole customer names and emails at North Face and Cartier, disrupted sales on Victoria’s Secret website. … Recent cyberattacks targeted retailers, stealing customer data and disrupting online sales. … North Face and Cartier had names and email addresses stolen; Victoria’s Secret shut down its website for three days in May. … U.K. retailers Harrods, Marks & Spencer and Co-op also reported cyber intrusions in recent months.

Newspaper giant Lee Enterprises says nearly 40,000 Social Security numbers leaked in ransomware attack: Nearly 40,000 people had their Social Security numbers exposed during a cyberattack in February on Lee Enterprises, one of the largest owners of local newspapers in the U.S. … The company notified regulators in Maine of the incident on Wednesday, telling them that it discovered the leak of sensitive information on May 28.

SecureTheVillage

Events

• June 17: SecureTheVillage's Cybersecurity Connect Discussion Group. Recent developments in cybersecurity and privacy laws and regulations. Discussion led by Robert Braun, Partner, Jeffer Mangels Butler & Mitchell LLP, Chair of the JMBM Cybersecurity and Privacy Group. Cybersecurity Connect is where cybersecurity professionals, IT leaders, attorneys, risk managers, executive leaders, educators, investors, and law enforcement come together to discuss challenges, exchange ideas, and strengthen our collective defenses. June 17, 3:45 - 5:00 PDT.

Programs

• Protect your business

• Protect your nonprofit

• The MSP Cybersecurity Peer Group

Guides for families and individuals

• How Hackable Are You? Strengthen your cybersecurity and privacy defenses with our free updated 13-step guide.

• Guide to Password Managers. What you need to know to get a password manager that's right for you.

• After a Disaster: A Guide to Keep Your Phone Secure, Safeguard Your Information, and Avoid Being Scammed. This is a concise guide on how to protect yourself from scams in the aftermath of a local disaster, whether it's an earthquake, major fire, hurricane, or other crisis.

SecureTheVillage FREE Newsletters. Sign up or share with a friend!

• Cybersecurity News of the Week & Weekend Patch Report. Our award winning newsletter, now on Substack. Essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned.

• Family Protection Newsletter: Our monthly newsletter for non-cyber experts. For your parents, friends, and those who need to protect themselves in a digital world.

Section 2: Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware.

Please. Please. Please. Talk to your kids. … SecureTheVillage Parent's Guide. Coming Soon.

‘Sextortion’ Scams Involving Apple Messages Ended in Tragedy for These Boys: Criminals exploit the trust teens have in iPhone messaging, and use the platform to make relentless demands for money. … Shannon Heacock told her 16-year-old son, Elijah, to go to bed early one night in February. There was a district basketball playoff the next day in their hometown of Glasgow, Ky. … Heacock coached the high-school cheer team. Elijah had made props and was planning to help her set up. At 10:24 that night, he texted her about getting coffee at the next day’s event. … An hour after Heacock silenced her phone and went to sleep, her daughter woke her up. Elijah had been found bleeding in the laundry room, from what turned out to be a self-inflicted gunshot wound. … He died the next morning.

Freeze Your Credit. #1 in our How Hackable Are You? guide.

Stay Alert: Hackers Are Selling Repackaged Data Stolen From AT&T: The data—which includes dates of birth, 44 million SSNs of AT&T customers, and more—is not new, but it could leak to an uptick in phishing scams, so be on the lookout for sketchy messages…. Hackers are peddling the data of millions of AT&T users on a Russian dark web forum. … The data includes full names, dates of birth, phone numbers, email addresses, physical addresses, and 44 million Social Security Numbers (SSNs). It has been available since May 15, according to cybersecurity publication Hackread, which first spotted it. … There's a huge global market for this type of personal data, with criminals all over the world buying stolen data to attempt everything from credit card fraud to identity theft.

Always be suspicious. #3 in our How Hackable Are You? guide.

Dangerous new Android malware adds fake contacts to your phone while draining bank accounts — how to stay safe: A new Android malware strain is making the rounds online that makes it incredibly difficult to distinguish who’s actually calling you as it was recently updated with the ability to add fake contacts to your phone. … As reported by BleepingComputer, the malware in question is called Crocodilus, and it was first discovered back in March of this year by Threat Fabric. While it was initially used to target crypto users in Turkey to drain their wallets, the malware is now being distributed on a global scale and is currently being used to target the best Android phones in the U.S., Spain, Argentina, Brazil, Indonesia and India.

Section 3: Smaller Businesses and Nonprofits: A Discipline of Cybersecurity.

As Business Email Compromise attacks get more sophisticated, it become ever more important to make sure everyone in your organization knows to verify all requests for payments. Always be Suspicious. Don’t trust. Verify.

AI gives superpowers to BEC attackers: Attackers use business email compromise to pretend to be company executives, vendors, or other trusted parties and trick employees into sending them money. AI makes these attacks more effective -- but also puts new tools in the hands of defenders. … As much as it has been used to defend and make some taxing jobs easier, AI is also being extensively employed by attackers, helping them collect specific data that is used on business email compromise (BEC) attempts. AI is already getting better in deep research and with that making impersonation scams no longer as easy to identify and stop.

If you're using salesforce, make sure your people know about these attacks. Always be Suspicious. Don't trust. Verify.

Google: Hackers target Salesforce accounts in data extortion attacks: Google has observed hackers claiming to be the ShinyHunters extortion group conducting social engineering attacks against multi-national companies to steal data from organizations' Salesforce platforms. … According to Google's Threat Intelligence Group (GTIG), which tracks the threat cluster as 'UNC6040,' the attacks target English-speaking employees with voice phishing attacks to trick them into connecting a modified version of Salesforce's Data Loader application. … The attackers impersonate IT support personnel, requesting the target employee to accept a connection to Salesforce Data Loader, a client application that allows users to import, export, update, or delete data within Salesforce environments.

Cybersecurity Nonprofit of the Week … Sightline Security

Our kudos this week to Sightline Security, a nonprofit that helps nonprofits secure and protect their critical information. Sightline’s mission is to equip, empower, and support nonprofits to navigate and embed cybersecurity into their organizations with confidence. Kudos to Sightline Security for their cyber support to the vital under-served nonprofit community. We're grateful to Sightline for the major role in the development of LA Cybersecure ™. Like SecureTheVillage, Sightline Security is a fellow-member of Nonprofit Cyber.

Section 4: Weekend Patch Report

Keeping your computers, smartphones, notepads and other devices patched and updated is #4 on SecureTheVillage's How Hackable Are You Guide. The following lists current versions of common software programs. Items in Bold have been updated. Updates are usually available from within the program. If not, updates can be downloaded from the company's website. Even as patching is increasingly automated, it's important to double-check that it's being done.

• 7-Zip 24.09.

• Adobe Acrobat Reader 25.001.20521

• AVG updated to 25.5.3382.

• Apple iOS 18.5

• Apple iPadOS 18.5

• Apple macOS Sequoia 15.5

• Apple macOS Sonoma 14.7.6

• Apple macOS Ventura 13.7.6

• Apple watchOS 11.5

• Apple tvOS 18.5

• Apple vision OS 2.5

• Apple Safari 18.5

• Brave updated to 1.79.119.

• CCleaner updated to 6.36.11508.

• Chrome updated to 137.0.7151.69.

• Discord updated to 1.0.9194.

• Dropbox updated to 225.4.4896.

• Edge updated to 137.0.3296.68.

• Evernote updated to 10.140.3.

• ExpressVPN 12.102.0.40

• Firefox updated to 139.0.1.

• Foxit Reader 2025.1.0.27937.

• Google Drive for Desktop updated to 109.0.3.0.

• iTunes 12.13.7.1.

• KeePass 2.57.1.

• Malwarebytes updated to 5.3.1.188.

• Microsoft 365 & Office updated

• Microsoft Windows

• Notepad++ 8.8.1.

• OneDrive updated to 25.091.0512.0001.

• OneDrive 25.065.0406.0002.

• Opera Chromium updated to 119.0.5497.70.

• Spotify updated to 1.2.65.255.

• Teams 25094.310.3616.953.

• TeamViewer 15 updated to 15.66.5.

• TeamViewer 15.65.6.

• Thunderbird updated to 139.0.1.

• Zoom updated to 6.4.12.64384.

Comments

[chloe]

Truly heartwarming to see someone like Amir Khan stepping in to help recover such a significant loss from crypto scams. $35,000 is not just a number it represents someone’s trust, hard work, and hope. In a world where so many fall victim to online fraud with little chance of justice, this act of support and advocacy makes a real difference. Thank you, Amir, for using your platform to bring light to an issue that affects so many. You’ve not just helped recover money you’ve helped restore faith. Y’all can get in touch with him via WhatApp + ONE -SEVEN- ZERO- ONE- SIX- ONE- ZERO- NINE - ZERO- EIGHT- ONE if you have been a victim he could also help you