Major Data Breaches and Leaks

• AT&T (USA): Telecom giant AT&T suffered another massive data leak, with hackers exposing 86 million customer records containing decrypted Social Security numbers, full names, addresses, dates of birth, and other PII. The trove – originally stolen by the ShinyHunters group – was re-posted to a popular cybercrime forum. magedata.ai

• Coinbase (Insider Leak): A data breach at cryptocurrency exchange Coinbase was traced to bribed insiders at a third-party support contractor (TaskUs in India). Leaked data was exposed after an employee was caught photographing her screen. cybersecurity-help.cz

• LexisNexis Risk Solutions: Personal info for over 364,000 individuals was accidentally exposed via a public GitHub repo due to a developer error. Internal systems were not breached. blog.senthorus.ch

• Kelly & Associates (USA): A breach potentially exposed the data of 500,000 people, including names, SSNs, and financial info. Nearly 19,000 affected in Maine. magedata.ai

Significant Cyberattacks and Incidents

• Optima Tax Relief (Ransomware): U.S.-based firm hit by Chaos ransomware, which stole 69 GB of client data and encrypted systems. bleepingcomputer.com

• Tupolev (Russia): Ukraine’s GUR breached Russia’s Tupolev aerospace firm, exfiltrating 4.4 GB of classified data. bleepingcomputer.com

• São José do Rio Preto (Brazil): Hackers brought down all municipal IT systems including public health infrastructure. cybermaterial.com

• Other Notable Incidents:

  • Lazarus Group attempted a phishing attack on BitMEX.
  • Chaos ransomware also claimed a breach of Salvation Army.
  • Everest ransomware leaked 12 GB from Abu Dhabi’s Dept. of Culture and Tourism. cyfirma.com

Critical Vulnerabilities and Patches

• Chrome Zero-Day (CVE-2025-5419): Actively exploited bug in V8 JavaScript engine prompted emergency patch. thehackernews.com

• Android June Security Update: Fixed 34 high-severity vulnerabilities including a privilege escalation flaw. cyberscoop.com

• Roundcube RCE (CVE-2025-49113): Over 84,000 Roundcube instances exposed to active exploitation. bleepingcomputer.com

• HPE StoreOnce: Multiple CVEs including auth bypass (CVSS 9.8) affecting versions before 4.3.11. bleepingcomputer.com

Government and Industry Cyber Responses

• Germany Fines Vodafone €45M: For lax oversight and weak eSIM security. bleepingcomputer.com

• U.S. Takedown of BidenCash: DOJ seized 145 domains, shutting down a major stolen card marketplace. justice.gov

• White House Executive Order (June 6): Focus on supply chain security, post-quantum crypto, and AI cybersecurity. therecord.media

• Industry Collaboration: Microsoft, Google, Mandiant, and others standardizing threat actor naming conventions. mapletronics.com

Miscellaneous Developments

• Teens Join Ransomware Gangs: CBS report on young hackers joining BlackCat/ALPHV (e.g. “Scattered Spider”). mapletronics.com

• Leaky Chrome Extensions: Symantec found extensions leaking data via HTTP and hardcoded secrets. mapletronics.com

• Ransomware Surge: Honeywell report notes 46% jump in attacks against critical infrastructure. automation.com

• Meta/Google Tracking Controversy: Researchers found apps using local port sniffing to bypass Android privacy protections. cybersecurity-help.cz

Conclusion

The week’s developments underscore the increasing sophistication and frequency of cyberattacks, particularly via ransomware, insider threats, and software vulnerabilities. Third-party risk is a recurring theme, and international cooperation and standards-setting are showing promise on the defensive front.

Organizations are advised to:

• Review third-party risk management.
• Patch promptly.
• Monitor for insider threats.
• Contribute to community intelligence sharing.

Cybersecurity is a shared responsibility—awareness and collective defense are more vital than ever.

Sources

• BleepingComputer – Vodafone fine, Optima ransomware, Roundcube RCE, Ukraine hacks Tupolev – June 2025

• CyberScoop – Android June 2025 security update (34 vulnerabilities) – June 3, 2025

• The Hacker News – Chrome zero-day CVE-2025-5419 (V8 JavaScript exploit) – June 3, 2025

• Cybersecurity Help (CZ) – Coinbase insider breach & BidenCash takedown – Weekly summary June 6, 2025

• Mage Data / SecureFact – Weekly roundup (AT&T leak, Kelly breach, medical data exposure) – June 9, 2025

• MapleTronics – This Week in Cybersecurity – June 6, 2025 (BlackCat teens, Chrome extensions, threat naming)

• U.S. Department of Justice – DOJ press release on BidenCash domain seizure – June 4, 2025

• The Record (Recorded Future) – Trump cybersecurity executive order – June 9, 2025

• Honeywell / Automation.com – Cyber Threat Report (46% increase in ransomware) – June 4, 2025

• CyberMaterial News – Hack cripples Brazil city systems – June 9, 2025