Read Time: 8 minutes

Brought to you by:

Howdy friends!

Hope all your summers are kicking off nicely. Last week I wrote the newsletter from the hotel the night before Sleuthcon. - Well the conference blew me away. Here is my trip report. It’s officially a “can not miss” event for me.

The other thing I messed with this week while traveling - finally getting my hands on loading up some MCP servers into Cursor. If you haven’t done this yet, or even if you tried all of this more than 3 months ago, you’ll have your mind blown.

If you want to see me make any content on AI assisted coding, let me know when you vote in the poll above. (It has space for a comment after you vote) - I’ve been wanting to make some videos but it’s fairly off topic for my channels.

ICYMI

🖊️ Something I wrote: U.S. labs keep finding undocumented cellular radios hidden inside some Chinese-made solar inverters & battery packs

🎧️ Something I heard: I binged Neville Medhora’s podcast on my planes this week. Neville is just one of those hyper likable and highly intelligent guys that you like to listen to. I’ve been aware of him for a while but never knew he had a podcast.

📣 Something You’ll Love: I caught a demo of Material years ago, and left saying “That is just how Google Workspace should work out of the box.” - the most no brainer security tool I’ve ever seen.*

🎤 Something I said: is the retail industry cooked? cyber crime wave

🔖 Something I read: How my friend Evan has been shipping code fast with AI at his SIEM startup RunReveal. His setup is sick, and his ship speed is proof in the pudding.

*Sponsor

Vulnerable News

UNFI Cyberattack Halts Deliveries to Whole Foods and 30,000+ Grocery Stores

UNFI just got smacked with a cyberattack that's putting a serious dent in grocery deliveries across the country. The wholesale giant discovered unauthorized activity on June 5th and had to take critical systems offline, which means Whole Foods and thousands of other stores are dealing with empty shelves and delayed shipments. They're running manual processes with paper bills of lading while trying to get back online.

Anyone remember when the DEFCON hotel got hacked and they had to break out the old cachunk credit card carbon paper machines? (read more)

Who’s Really Logging In? Future-Proof Your Zero Trust Framework*

Imagine this: someone who sounds like your employee, looks like your employee, and even knows all the right things to say… but they’re not your employee.

With AI-powered deepfakes and social engineering attacks getting scarily convincing, identity is becoming the weakest link, especially during onboarding, support, and recovery flows. And in a world where teams are remote, global, and always online, even MFA is starting to show its cracks. That’s where smarter identity verification comes in.

Join Persona’s live demo on June 25 to see how you can verify employee identities at every stage of the lifecycle, without slowing anyone down. We’ll show you how it works seamlessly with tools like Okta and Cisco Duo and keeps your HR and IT teams happy.

Register now.

*Sponsored

Breaking down ‘EchoLeak’, the First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 Copilot

Pretty nasty zero-click vulnerability in Microsoft 365 Copilot that lets attackers automatically steal sensitive data just by sending an email. The attack exploits how Copilot's RAG system works - basically, they craft an email with hidden instructions that bypass Microsoft's prompt injection filters, then use some clever markdown tricks to exfiltrate whatever sensitive info Copilot has access to through Microsoft Graph.

They got around Microsoft's XPIA classifiers by phrasing malicious instructions like they're meant for the email recipient, not the AI. Then they bypassed link redaction using reference-style markdown that Microsoft didn't catch, and finally worked around Content Security Policy restrictions by bouncing requests through Microsoft Teams URLs. They're calling it an "LLM Scope Violation" - I’m not really sure why this is different than “Prompt injection,” which is what it feels like to me, maybe I’m missing something. Microsoft has now patched it, but this is a good write-up. (read more)

23andMe says 15% of customers asked to delete their genetic data since bankruptcy

First thought: Good. Second thought: should be higher. (read more)

Belarusian hackers taunt Kaspersky over report detailing their attacks

Belarusian hacktivist group Cyber Partisans is throwing shade at Kaspersky after they published a detailed analysis of the group's tools. The hackers suggest Kaspersky's deep dive might be damage control since their attacks succeeded against Kaspersky-protected targets. The report revealed two previously unknown tools: Vasilek (a backdoor using Telegram for C2) and Pryanik (a persistent logic bomb wiper). The group has been hitting Russian and Belarusian targets since 2020, including a notable attack on Belarus' railway system that disrupted Russian weapons transport.

While they acknowledged some of their "noisy" tools were bound to be discovered, they claim most ops are now classified. They thanked Kaspersky for the free publicity and hoped similar groups would emerge to "deal blows to the Kremlin regime." (read more)

New ‘SmartAttack’ Steals Air-Gapped Data Using Smartwatches

I f’n love wild attack channels like this. People who figure this stuff out are just on a another level.

A researcher from Ben-Gurion University demonstrated how smartwatches can be used to steal data from air-gapped systems through ultrasonic signals(?!) The "SmartAttack" technique uses a compromised computer to transmit sensitive data (like keystrokes and encryption keys) via inaudible ultrasonic frequencies between 18-22 kHz. A malware-infected smartwatch picks up these signals through its microphone and forwards them to attackers. Testing showed data could be exfiltrated at 50 bits per second from up to 6 meters away - not blazing fast, but enough to grab credentials or keys.

This joins the growing list of creative air-gap bypass techniques we've seen, like the recent RAMBO attack using RAM radio signals. While SmartAttack requires both system compromise and a cooperating insider with an infected smartwatch, it's a solid reminder that air gaps aren't perfect. The researcher suggests some practical mitigations like banning wearables in secure areas and using ultrasonic monitoring/jamming systems. (read more)

Inside a Dark Adtech Empire Fed by Fake CAPTCHAs

A fantastic deep-dive into how VexTrio, one of the oldest malicious traffic distribution systems, connects to a web of sketchy ad networks and Russian disinformation campaigns.

The investigation started with researchers tracking "Doppelganger" (a pro-Russian disinfo network) and led them to discover LosPollos - a Breaking Bad themed ad network that's been pushing malware, dating scams, and fake CAPTCHA notifications through compromised WordPress sites. GoDaddy reports nearly 40% of compromised sites in 2024 redirected to VexTrio via these LosPollos "smartlinks."

LosPollos and its sister network TacoLoco are run by Adspro Group (registered in Czech Republic and Russia) through Swiss hosting providers. When researchers started publishing findings, LosPollos suddenly "suspended" operations and the malware traffic shifted to other TDS networks overnight. The investigation connects at least four other Russian-based push notification scam networks, suggesting this is part of a larger organized crime operation controlling malicious adtech infrastructure. (read more)

Google Cloud and Cloudflare hit by widespread service outages

Major outages hit both Google Cloud Platform and Cloudflare, with cascading effects across the internet. Cloudflare is seeing authentication failures in Access and WARP connectivity issues, while also reporting problems with Workers KV, Durable Objects, and several other core services. On the Google side, multiple GCP services are down including Bigtable, Console, Storage, and IAM.

The blast radius seems pretty wide - Downdetector is lighting up with tens of thousands of reports from users having trouble accessing services like Spotify, Discord, AWS, and Snapchat. Just before I hit publish, I saw they put up their post-mortem too. (read more)

Graphite spyware used in Apple iOS zero-click attacks on journalists

Hey! When I tell you about an iOS zero-day vulnerability that Apple says is being exploited and advise you to update, you should listen! - This is one of those that I made content about back in February, and now we’re finally finding out more details.

Paragon's Graphite spyware has been caught targeting journalists through iOS zero-click attacks. CitizenLab confirmed two victims - an anonymous European journalist and Ciro Pellegrino from Fanpage.it - were hit in early 2025 using CVE-2025-43200, a zero-day that let attackers execute code through maliciously crafted iCloud photo/video links. The spyware delivery was completely silent, using iMessage as the vector and connecting back to Paragon's C2 infrastructure hosted on EDIS Global. (read more)

Dozens arrested across Asia in global infostealer malware crackdown

A major infostealer takedown operation just wrapped up across Asia with 32 arrests and over 20k malicious IPs/domains knocked offline. The most interesting bust was in Vietnam, where police caught 18 suspects running a scheme selling business accounts to cybercriminals - complete with all the classic evidence seizures (computers, SIM cards, docs).

Hong Kong police identified 117 C2 servers spread across 89 ISPs, while the broader operation (spanning 26 countries) nabbed 41 servers and recovered 100GB+ of stolen data. They're targeting the usual suspects - Lumma, Risepro, and Meta infostealers. This follows May's Lumma takedown that killed 2,300 domains, though the Russian infrastructure proved resilient. Group-IB helped coordinate, and authorities are now reaching out to 216k potential victims. (read more)

Misconfigured HMIs Expose US Water Systems to Anyone With a Browser

Censys researchers stumbled onto a pretty alarming discovery while doing routine internet scans. They spotted some TLS certificates with "SCADA" in the name and decided to poke around, only to find hundreds of water utility control dashboards just sitting there on the public internet. Live tank levels, chlorine pump controls, the whole nine yards. 40 of these systems had zero authentication - anyone with a browser could start flipping switches at water treatment plants. What the flying f.

The good news is that responsible disclosure actually worked here. Instead of the usual slow drip of individual notifications, Censys sent a bulk report to the EPA and the HMI vendor. Within nine days, 24% of the exposed systems got locked down, and by the end it went from over 300 exposed systems down to fewer than 20. (read more)

Eggs in a Cloudy Basket: Skeleton Spider’s Trusted Cloud Malware Delivery

Great intel report from DomainTools - FIN6 (aka Skeleton Spider) has been getting creative with their social engineering game. These financially motivated crooks are now sliding into recruiters' DMs on LinkedIn and Indeed, playing the eager job seeker role before following up with phishing emails containing fake resume links.

One neat trick they are using here is no clickable links in the emails - they make you manually type URLs like "bobbyweisman[.]com" to dodge automated security filters.

They've got fake resume sites that look legit but include some sneaky filtering - if you're coming from a VPN, cloud IP, or look like a security researcher, you just get a boring text resume. But if you pass their checks and complete a CAPTCHA, boom - you get a ZIP file with a disguised .LNK file that drops the more_eggs backdoor. (read more)

Miscellaneous mattjay

Parting Thoughts:

Community was foundational in launching and propelling my career. Community is the only reason I can stand being in Texas during the summer months. Community is the point. Today, I invite you to embrace discomfort on the road to a more vulnerable you.

Stay safe, Matt Johansen
@mattjay