Top 5 Cybersecurity News Stories June 13, 2025

By Editorial Team | June 13, 2025

Cybersecurity threats are constantly evolving as threat actors seek access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of. No story is too big or small as we look at threats from espionage to security flaws in everyday devices:

1. Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks

Former members of the Black Basta ransomware group have re-emerged under the CACTUS ransomware operation, employing new tactics to breach corporate environments. These include phishing via Microsoft Teams by impersonating IT staff, leveraging remote access tools like Quick Assist and AnyDesk, and executing Python-based payloads to establish command-and-control channels.

Additionally, email bombing is used to obscure security alerts. Analysts report significant infrastructure overlap with Black Basta, suggesting an evolution rather than dissolution of the original group. These developments reflect a broader trend of ransomware affiliates shifting strategies to maintain effectiveness.

2. Rust-based Myth Stealer Malware Spread via Fake Gaming Sites Targets Chrome, Firefox Users

A new Rust-based malware known as “Myth Stealer” is actively targeting Windows users through phishing campaigns. Distributed via malicious Microsoft Word documents, the malware is designed to harvest sensitive information, including login credentials, browser data, and cryptocurrency wallets.

Its use of the Rust programming language enhances evasion capabilities and complicates detection by security tools. The campaign employs legitimate cloud platforms to host payloads, further obscuring its malicious intent. Myth Stealer’s modular design and rapid propagation underscore the increasing sophistication of modern infostealers, posing a significant threat to both individuals and organizations.

3. Zero-click AI data leak flaw uncovered in Microsoft 365 Copilot

A critical zero-click vulnerability has been discovered in Microsoft 365 Copilot that could expose sensitive organizational data without user interaction. Security researchers at WithSecure revealed that AI-powered Copilot features can inadvertently surface internal documents when users perform seemingly benign queries.

The flaw stems from how Copilot indexes and retrieves organizational data, potentially leading to unauthorized information disclosure. Although Microsoft acknowledged the issue, they classify it as expected behavior under current design principles. This raises serious concerns over data governance and AI model transparency within enterprise environments.

4. SmartAttack uses smartwatches to steal data from air-gapped systems

A novel attack method dubbed “SmartAttack” demonstrates how smartwatches can be exploited to exfiltrate data from air-gapped systems. Developed by researchers at Ben-Gurion University, the technique involves malware that modulates electromagnetic signals emitted by a computer’s processor, which are then received by a nearby smartwatch equipped with a customized app.

This side-channel attack enables data theft without any physical connection or network access. Although still theoretical, SmartAttack highlights growing concerns around unconventional data leakage vectors and the need for heightened physical and electromagnetic security in isolated environments.

5. Hacker targets other hackers and gamers with backdoored GitHub code

United Natural Foods Inc. (UNFI), a major supplier to Whole Foods and other retailers, disclosed a cybersecurity incident that disrupted portions of its operations. The company confirmed the breach occurred on June 9, 2025, affecting some backend systems and causing temporary business interruptions.

UNFI is collaborating with third-party cybersecurity experts and law enforcement to investigate the scope and impact. While customer-facing services remain operational, the incident highlights ongoing threats to supply chain resilience and the food distribution sector’s vulnerability to cyberattacks.