This Month in Cybersecurity, the June 2025 edition is here featuring curated highlights and concise summaries of the most significant cybersecurity and data privacy events from June 2025. 
Let’s dive in!
1. Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hard-Coded Credentials
Researchers from Symantec have identified multiple widely-used Chrome extensions that expose sensitive user information due to unencrypted (HTTP) transmissions and embedded secret API keys. This vulnerability potentially enables adversaries to intercept data, execute adversary-in-the-middle attacks, inflate API usage costs, or spoof data. Developers are advised to transition to HTTPS, store credentials securely server-side, and regularly rotate API keys, while users should consider temporarily uninstalling vulnerable extensions until security fixes are implemented.
| Date: | Jun 5, 2025 |
|---|---|
| Source: | The Hacker News |
| Author: | Ravie Lakshmanan |
2. Cisco Warns of Credential Vuln on AWS, Azure, Oracle Cloud
A critical “static credential” vulnerability (CVE-2025-20286) in Cisco Identity Services Engine (ISE) deployed on AWS, Microsoft Azure, and Oracle Cloud Infrastructure (OCI) platforms could allow attackers to remotely access sensitive data, alter system configurations, or disrupt services. Due to improperly generated credentials, Cisco ISE instances on identical cloud platforms share the same login details, making exploitation straightforward. Cisco has acknowledged the existence of a proof-of-concept exploit but indicates no current evidence of active exploitation.
| Date: | Jun 5, 2025 |
|---|---|
| Source: | Dark Reading |
| Author: | Kristina Beek |
3. Linux Flaws Chain Allows Root Access Across Major Distributions
Researchers from Qualys uncovered two linked Linux vulnerabilities (CVE-2025-6018 and CVE-2025-6019) that, when exploited together, allow attackers to escalate privileges from an unprivileged user to root across major distributions including Ubuntu, Debian, and SUSE. The first flaw enables remote or unprivileged users to impersonate local physical users, while the second, present in libblockdev via the widely-used udisks service, allows escalation from this intermediate privilege level to root. Users are advised to promptly apply patches or, temporarily, enforce stricter Polkit rules to mitigate the risks.
| Date: | Jun 20, 2025 |
|---|---|
| Source: | Security Affairs |
| Author: | Pierluigi Paganini |
4. 16 Billion Apple, Facebook, Google And Other Passwords Leaked
Researchers uncovered an unprecedented leak involving 16 billion login credentials, passwords for major platforms including Apple, Facebook, and Google, thought to originate from multiple infostealer operations. This data, found in huge collections, represents a fresh and substantial cybersecurity threat, enabling phishing, credential stuffing, and account takeovers. Cybersecurity experts emphasize the urgency of switching to secure password practices, adopting passkeys, implementing multi-factor authentication, and proactively using password managers and dark web monitoring tools to mitigate the associated risks.
| Date: | Jun 20, 2025 |
|---|---|
| Source: | Forbes |
| Author: | Davey Winder |
5. AI Training Ruled Fair Use
In a landmark decision, Judge Alsup ruled in Bartz v. Anthropic that using lawfully acquired works to train AI large language models (LLMs) qualifies as fair use, dismissing infringement claims related to destructively scanned purchased books. However, the court ruled differently for pirated copies Anthropic downloaded, which remain subject to infringement claims. This influential ruling focuses solely on the AI training stage, setting a critical precedent for ongoing AI and copyright litigation.
| Date: | Jun 24, 2025 |
|---|---|
| Source: | CopyLeft Currents Blog |
| Author: | Heather J Meeker |
6. Microsoft 365 ‘Direct Send’ Abused to Send Phishing as Internal Users
An active phishing campaign abuses Microsoft 365’s “Direct Send” feature, designed for devices like printers, to send emails appearing to originate internally, bypassing email security checks. Researchers from Varonis identified attacks impacting over 70 organizations primarily in U.S. sectors like financial services and healthcare. Mitigation includes disabling Direct Send via Microsoft’s new “Reject Direct Send” option, enforcing strict DMARC and SPF policies, and training employees to recognize phishing attempts.
| Date: | Jun 26, 2025 |
|---|---|
| Source: | Bleeping Computer |
| Author: | Lawrence Abrams |
7. Microsoft Changes Windows in Attempt to Prevent Next CrowdStrike-style Catastrophe
Following a significant outage caused by a faulty CrowdStrike anti-malware update in 2024, Microsoft announced a private preview allowing antivirus software vendors to build their applications outside the Windows kernel, improving stability and recovery in case of errors. Previously, antivirus software had kernel-level access, which increased system vulnerability during faulty updates. Microsoft also introduced a “Quick Machine Recovery” (QMR) feature in Windows 11 to automatically fix boot-related issues without manual IT intervention, set to release alongside these changes in the upcoming Windows 11 24H2 update.
| Date: | Jun 27, 2025 |
|---|---|
| Source: | Ars TECHNICA |
| Author: | Andrew Cunningham |
Conclusion
Well, that’s a wrap for the ‘This Month in Cybersecurity - June 2025 edition.’ In case we missed out any interesting news article, you can share them in the in the Passbolt community forum: https://hubs.li/Q02bCy160 
