Good Morning Security Gang!

Welcome to your comprehensive cybersecurity briefing for Wednesday, June 18, 2025. Today's show brings you breaking developments across the cyber landscape, from major financial institutions under attack to the deadly consequences of data broker surveillance, plus critical vulnerability patches and international cyber warfare escalations.

Breaking: UBS Hit by Supply Chain Cyberattack

In a developing story that broke just hours ago, Swiss banking giant UBS confirmed that sensitive bank information was stolen during a cyberattack targeting one of their external suppliers. The breach affected multiple companies through supply chain vendor ChainIQ, which disclosed last week that they and 19 other organizations were compromised in an attack that resulted in data being published on the dark web.

Swiss media reports indicate that personal information of over 130,000 UBS employees is now available online. While UBS emphasizes that no client data was compromised, the incident highlights the persistent vulnerabilities in third-party vendor relationships that continue to plague major financial institutions.

Scania Breach Exposes Insurance Data Through Stolen Credentials

Swedish heavy vehicle manufacturer Scania, a member of the Volkswagen Group with 59,000 employees and $20 billion in annual revenue, suffered a significant cybersecurity incident when threat actors used compromised credentials to breach their financial services systems.

The attackers, operating under the handle "Hensi," successfully infiltrated insurance.scania.com and stole insurance claim documents, which are now being offered for sale exclusively on the dark web. The breach occurred in May when info-stealer malware captured credentials from external IT partners, allowing unauthorized access to Scania's systems.

This incident underscores the critical importance of multi-factor authentication and identity management controls, as the attackers were able to bypass security measures using stolen credentials alone. The breach was followed by direct extortion attempts against Scania employees via ProtonMail, representing a new trend where attackers focus on data theft and blackmail rather than traditional ransomware deployment.

Cambodia-Thailand Border Tensions Spill Into Cyberspace

Geopolitical tensions between Cambodia and Thailand have escalated into the digital realm following a border skirmish on May 28 that resulted in the death of a Cambodian soldier. Cambodian hacktivist groups have intensified cyber operations against Thai entities, launching denial-of-service attacks and website defacements targeting government, academic, and private sector organizations.

The cyber campaign, which began in March, stems from decades-old territorial disputes along the 500-mile border between the two nations, with the 11th-century Praveer Temple serving as a particular flashpoint. While these attacks are primarily politically motivated rather than sophisticated criminal operations, they demonstrate how regional conflicts increasingly manifest in cyberspace.

OpenAI Secures $200 Million Defense Department Contract

The Department of Defense has awarded OpenAI a landmark $200 million contract to enhance AI capabilities across military operations, including cybersecurity defense initiatives. This partnership marks the launch of "OpenAI for Government," designed to integrate advanced AI solutions into federal operations.

The pilot program, managed through the DoD's Chief Digital and Artificial Intelligence Office, will focus on transforming administrative operations from healthcare delivery for service members to program acquisition data analysis and proactive cyber defense capabilities. The contract represents a significant investment in frontier AI technologies to address critical national security challenges in both warfighting and enterprise domains.

Data Brokers Linked to Minnesota Lawmaker's Murder

A shocking domestic terrorism case has brought renewed scrutiny to the data broker industry following the murder of Minnesota State Representative Melissa Hortman and her husband, along with attempted murders of two additional state representatives. FBI investigators discovered a list of 11 data broker websites in the perpetrator's vehicle, revealing how the attacker used these services to obtain detailed personal and family information about his targets.

The case has reignited congressional discussions about regulating the data broker industry, with Senators Amy Klobuchar and Ted Cruz having previously proposed legislation to prevent data brokers from selling lawmakers' information online. The incident highlights the potential security risks posed by the largely unregulated collection and sale of personal data, though experts debate whether data brokers directly contribute to violence or primarily enable privacy violations and predatory behavior.

Asana Warns of Cross-Organization Data Exposure

Project management platform Asana has disclosed a significant data exposure incident affecting its new Model Context Protocol (MCP) feature, which caused sensitive information to leak between different organizations for over a month. The flaw, discovered on June 4, was due to a logic error in the MCP system rather than a cyberattack.

Exposed data potentially included task-level information, project metadata, team details, comments, discussions, and uploaded files. Given Asana's widespread use in enterprise environments, the breach may have exposed confidential business information that could create privacy and regulatory compliance issues for affected organizations.

Russian SuperCard Malware Targets NFC Payment Systems

Russian cybersecurity researchers have identified the first domestic attacks using SuperCard malware, a malicious variant of legitimate NFC Gate software designed to steal banking data through near-field communication systems. The malware represents a modified version of software originally created to relay NFC data between devices, which criminals have weaponized to siphon funds from victim bank accounts.

Previous European attacks involved using compromised Android smartphones to relay data from victims' physical payment cards to attacker-controlled devices, with stolen data then used for fraudulent ATM transactions. Security experts recommend using RFID-blocking cases for contactless payment cards and ensuring mobile devices require unlocking before NFC payments can be processed.

Critical Security Updates Released

Multiple vendors have issued important security patches this week. Google addressed three new vulnerabilities in Chrome 137, including two high-severity issues, with updates now available across Windows, macOS, and Linux platforms. Beyond Trust released fixes for critical vulnerabilities in their Remote Support and Privileged Remote Access products, including a server-side template injection flaw (CVE-2025-53009) with a CVSS score of 8.6 that could lead to remote code execution.

Veeam patched two security defects in their Backup and Replication software, including a critical vulnerability (CVE-2025-23121) with a 9.9 CVSS score that allows domain users to execute arbitrary code on backup servers. Additionally, security researchers are warning of renewed exploitation attempts against a Zyxel vulnerability (CVE-2023-28771) that was previously used in coordinated attacks against Danish critical infrastructure.

UK Fines 23andMe $3 Million for Data Breach

The UK Information Commissioner's Office has imposed a £3 million fine on genetic testing company 23andMe for security failings that led to a "profoundly damaging" data breach in 2023. The breach exposed sensitive personal information, family histories, and health conditions of thousands of UK users. Information Commissioner John Edwards emphasized that unlike passwords or credit card numbers, genetic information cannot be changed or reissued once compromised.

However, critics argue the fine is insufficient given the severity and lasting impact of exposing irreversible biometric data, particularly as 23andMe faces bankruptcy proceedings.

Action Items for Security Professionals

• Immediate Actions:

  • Update Chrome to version 137.0.7151.119+ immediately

  • Apply Beyond Trust patches for CVE-2025-53009 if using affected products

  • Update Veeam Backup and Replication to version 12.3.2

  • Review and patch Zyxel devices against CVE-2023-28771

• Identity Security Review:

  • Audit multi-factor authentication implementation across all systems

  • Review third-party vendor access controls and credential management

  • Implement impossible travel detection and geolocation-based access controls

  • Evaluate info-stealer malware detection capabilities

• Personal Security Measures:

  • Consider RFID-blocking cases for contactless payment cards

  • Configure mobile devices to require unlocking before NFC payments

  • Review personal data broker exposure and opt-out where possible

  • Monitor for unusual account activity across all financial accounts

• Organizational Preparedness:

  • Review supply chain risk assessment procedures

  • Update incident response plans to include data extortion scenarios

  • Evaluate cross-tenant data isolation in SaaS applications

  • Assess regulatory compliance implications of third-party data sharing

✅ Story Links:

https://www.wsj.com/finance/banking/ubs-says-data-stolen-in-cyberattack-on-supplier-ea0e5217?mod=cybersecurity_news_article_pos1

https://www.bleepingcomputer.com/news/security/scania-confirms-insurance-claim-data-breach-in-extortion-attempt/

https://therecord.media/pro-cambodian-hacktivists-target-thai-websites-amid-border-dispute

https://www.securityweek.com/openai-to-help-dod-with-cyber-defense-under-new-200-million-contract/

https://therecord.media/alleged-killer-minnesota-lawmaker-data-brokers-list

https://www.bleepingcomputer.com/news/security/asana-warns-mcp-ai-feature-exposed-customer-data-to-other-orgs/

https://therecord.media/supercard-nfc-banking-malware-russia

https://www.securityweek.com/chrome-137-update-patches-high-severity-vulnerabilities/

https://www.securityweek.com/code-execution-vulnerabilities-patched-in-veeam-beyondtrust-products/

https://www.securityweek.com/zyxel-firewall-vulnerability-again-in-attacker-crosshairs/

https://www.bleepingcomputer.com/news/security/uk-fines-23andme-for-profoundly-damaging-breach-exposing-genetics-data/

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1

🚨 Important Links to Follow:

👉Website:

CISO Talk by James Azar

The latest news and topics from a cybersecurity practitioners discussing Cybersecurity, Privacy, Technology & Geo-Politics. I am a two times Founder and Chief Information Security Officer. All opinions are my own

👉Listen here: https://linktr.ee/cyberhubpodcast

✅ Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/

👉Twitter (X): https://twitter.com/cyberhubpodcast

👉Instagram: https://www.instagram.com/cyberhubpodcast

🤝 For Business Inquiries: info@cyberhubpodcast.com

=============================

🚀 About The CyberHub Podcast.

The Hub of the Infosec Community.

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.