In today’s cybersecurity news…
Iranian-backed spearphishing campaign seeks out cybersecurity experts
A new spearphishing campaign has been targeting Israel-based journalists, cybersecurity experts and computer science academic in Israel. Using a technique that has been seen many times before, the group is sending emails and WhatsApp messages from people posing as assistants to technology executives or researchers, seeking to “to coax the victim into joining a meeting, claiming they needed their immediate assistance on an AI-based threat detection system to counter a surge in cyberattacks targeting Israel since June 12.” The messages point to faked Gmail login pages or Google Meet invitations. The messages appear to be crafted through Generative AI due to their structured layout and the absence of any grammatical errors. Security company CheckPoint attributes this action to groups affiliated to APT35.
Microsoft fixes Outlook bug causing crashes when opening emails
This fix addresses a known issue that causes the Classic Outlook email client to crash when opening emails or starting a new message. According to BleepingComputer, “the bug impacts users across all Microsoft 365 Office channels who updated Outlook for Microsoft 365 earlier this month.” The cause of the problem, the Microsoft Outlook team says, is that “Outlook cannot open the Forms Library and that the emerging cases for this issue are on virtual desktop infrastructure (VDI).” The bug has now been addressed across multiple channels, and non-security updates for Outlook 2016 and Outlook 2019 will be released on July 1st and July 8th, respectively.
Cisco’s double ISE Vulnerability warning
The company announced patches for two critical-severity vulnerabilities on Wednesday, one in the Identity Services Engine (ISE) and the other in the Cisco ISE Passive Identity Connector (ISE-PIC). Both have CVE numbers (CVE-2025-20281 and CVE-2025-20282) and both are rated the maximum severity score of 10/10. They impact specific APIs within the affected products. These bugs are not related or dependent on one another, and Cisco says software versions affected by one flaw may not be impacted by the other.
Glasgow City Council suffers cyberattack
This attack started on June 19 and is being attributed it to a supply chain issue involving a third-party contractor’s supplier. Services that have been rendered unavailable for the time being include online forms and calendars relating to services such as permits, official certificates, and many more. The city council cannot yet confirm whether data was exfiltrated from its environment but is “operating on a precautionary basis as though it has.” No financial systems were compromised, the council added.
Huge thanks to our sponsor, ThreatLocker
Arrested hacker IntelBroker charged
Following up on two stories we covered last year, the U.S. Justice Department has charged a British national known online as IntelBroker with “hacking dozens of companies around the world, stealing and selling sensitive data, and causing over $25 million in damages.” The 25-year old, whose real name is Kai West, was “arrested in France in February and is currently awaiting extradition to the U.S., where he could face up to 20 years in prison if convicted.” According to his indictment, West infiltrated more than 40 companies, allegedly selling sensitive information such as customer data, patient health records, Social Security numbers and health plan details.
Judge warns of constant attacks on PACER system
The Public Access to Court Electronic Records (PACER) platform allows judges and lawyers to file court documents electronically, however modernization is desperately needed to fend off constant attacks from increasingly sophisticated hackers. Federal Judge Michael Scudder told members of the House Judiciary Committee that “about 200 million harmful cyber events were prevented from penetrating court local area networks in fiscal 2024.” Documents at risk include sealed indictments, names of cooperating witnesses and arrest and search warrants. He added that “external experts and members of his committee have concluded that PACER is unsustainable due to cyber risks and must be replaced with a more modern system in the coming years due to its increasing vulnerability to hacks.”
Microsoft 365 Direct Send abused to send phishing emails
Direct Send is a little-known Microsoft 365 feature that “allows on‑premises devices, applications, or cloud services to send emails through a tenant’s smart host as if they originated from the organization’s domain. It’s designed for use by printers, scanners, and other devices that need to send messages on behalf of the company.” It also does not require any authentication. Researchers at Varonis have announced that a phishing campaign that exploits this feature is targeting more than 70 organizations across all industries, with 95% of the victims based in the United States. It is run through a PowerShell command. To mitigate this threat, Varonis recommends enabling the “Reject Direct Send” setting in the Exchange Admin Center, which Microsoft introduced in April 2025.
Man who hacked organizations to advertise security services pleads guilty
Kansas City resident, Nicholas Michael Kloster, 32 has pleaded guilty to charges of accessing a protected computer and obtaining information, as well as reckless damage to a protected computer during unauthorized access. Specifically, he hacked into a gym, where he modified his own membership fee to $1/ month, and then emailed the gym’s owner, describing his ‘hacking’ activities and offering his cybersecurity services. He also hacked into a non-profit organization and used his own employer’s credit card to “to make unauthorized purchases, including a thumb drive designed for hacking.” Kloster is now facing up to five years in prison, a $250,000 fine, and three years of supervised release, along with paying restitution to the victims.