Highlights from the cybersecurity world
1. Xiaomi’s vulnerability exposes millions to unauthorised access to their phones
A severe security flaw affecting millions of users has been found in Xiaomi's interoperability application protocols. The vulnerability, with a CVSS score of 9.6, allows attackers to bypass authentication and gain unauthorised access to victim devices.
This issue affects the 3.1.895.10 app version. Xiaomi has released a patched version (3.1.921.10) that resolves the problem and restores proper verification.
2. A major vulnerability in Notepad++ can result in complete system control
A critical privilege escalation vulnerability has been identified in Notepad++ version 8.8.1, potentially affecting millions of users. This flaw allows attackers to gain SYSTEM-level privileges through binary planting. The issue is linked to an uncontrolled executable search path and was found in the installer released on May 5, 2025.
Notepad++ has released version 8.8.2 to fix this vulnerability by implementing secure library loading practices. Users are urged to update immediately to mitigate the risk. Experts also recommend additional security measures, such as running installers in secure directories, maintaining up-to-date endpoint security, employing application whitelisting, and monitoring installation processes.
3. A bug in OneDrive causes search results to seem blank
A OneDrive issue causes certain users' search results to look blank, although files are available. The impacted files are in the drive and accessible via direct navigation, but they are not visible when users try to find them through the search feature.
Microsoft has still not presented a workaround. The sole alternative for afflicted persons is to manually search their file systems for the relevant documents.
4. Major Windows 365 Cloud PCs Security Updates
Microsoft announced key security updates for Windows 365 Cloud PCs on June 18, 2025. The changes include:
- New default configurations prioritising data protection by disabling clipboard, drive, USB, and printer redirections.
- Advanced security features like virtualisation-based security (VBS), Credential Guard, and hypervisor-protected code integrity (HVCI) for Windows 11 Cloud PCs.
- IT admins must manually override redirection settings via Intune or GPOs, while USB mice and keyboards remain unaffected.
The upgrades will be brought in through Intune policies beginning in late 2025, disrupting user processes, particularly in businesses that rely significantly on connectivity. IT teams are advised to communicate these changes to end users and establish procedures for enabling necessary redirections.
5. A record-breaking 7.3 Tbps DDoS attack successfully stopped by Cloudflare
In mid-May 2025, Cloudflare successfully halted the largest identified distributed denial-of-service attack. The attackers unleashed a catastrophic 7.3 terabits per second attack that delivered 37.4 terabytes of malicious traffic in just 45 seconds, breaking the previous record by 12%.
The attack targeted a hosting provider which used Cloudflare's Magic Transit. It was swiftly contained by zero-touch architecture with anycast routing and gossip protocol, demonstrating unmatched scalability.
6. Record-breaking data breach exposed 16 billion passwords
One of the hottest cybersecurity news stories is the revelation of what could be the largest data breach in history. The leaked group of 30 datasets include 16 billion credentials for accessing various online services, such as Facebook, Google, GitHub, Telegram, Zoom, Apple, and government services.
Given the severity of this breach, consumers and organisations must take proactive measures to protect their digital identities, most importantly: start using a password manager solution and switch to passkeys wherever possible.
7. Android botnet malware leads to full control of victims’ devices
A new Android botnet malware named AntiDot poses a serious threat to mobile security, allowing cybercriminals extensive control over infected devices. Its key features include screen recording, SMS interception, and sensitive data exfiltration through application logs. AntiDot’s command and control infrastructure uses WebSocket protocols for real-time communication. The malware is typically distributed as "Update.apk," which deceives users into granting critical accessibility permissions. Be careful!
8. 20+ Apps on Google Play used to steal cryptocurrency wallet credentials
A phishing operation involving over 20 malicious applications on the Google Play Store designed to steal cryptocurrency wallet credentials has been identified. These apps impersonate legitimate wallets and exchanges, using compromised developer accounts that had previously hosted legitimate apps. The campaign presents significant financial risks, as cryptocurrency transactions are nearly irreversible.
Although Google has removed most of the malicious apps, some remain active. Experts recommend downloading apps only from verified developers, checking reviews, and avoiding apps that request sensitive information. Users should enable Google Play Protect, use multi-factor authentication, and employ reputable antivirus software plus biometric security features.
9. Fake holiday booking websites infect devices with malware
A sophisticated campaign has targeted holiday travellers with fake booking websites that mimic legitimate platforms like Booking.com. This operation, which began gaining momentum in early 2025, utilises social engineering tactics and exploits users' quick dismissal of cookie consent banners to deliver malware. The primary tool used in this campaign is XWorm, a remote access trojan (RAT) that allows attackers to gain full control over infected systems and steal data.
The campaign poses significant risks to individual users and organisations, including potential data breaches and intellectual property theft.
10. Major Google Cloud outage affected millions of users
On June 12, 2025, Google Cloud experienced a major outage due to a critical failure in its API management system, affecting numerous services for up to seven hours and impacting millions of users. The issue stemmed from a null pointer exception in the Service Control binary, which manages API authorisation and quota policies.
Google implemented extensive remediation measures, including freezing changes to the Service Control stack, modularising its architecture to allow API requests to be served even during failures, auditing systems using globally replicated data, and enforcing feature flag protection for critical binary changes.
11. Anubis Ransomware can permanently erase data without an option for recovery
Anubis ransomware employs a dual-threat approach, combining file encryption with a “wipe mode” that erases file contents, making recovery impossible, even if the ransom is paid.
The wiper functionality maintains file structures but erases data. Additionally, Anubis ransomware also deletes Volume Shadow Copies to disable further recovery options on affected systems.
This tactic signifies a substantial escalation in ransomware methods, with the Anubis group targeting sectors like healthcare, engineering, and construction in Australia, Canada, Peru, and the U.S.
12. KB5060999 and KB5060842 Windows 11 updates enhance security
Microsoft has released KB5060999, a new cumulative update for Windows 11 versions 22H2 and 23H2 (OS Builds 22621.5472 and 22631.5472). The primary goal of this update is to strengthen operating system security. The Windows 11 servicing stack update (KB5058546) is also included, which aims to increase the component's dependability when installing updates.
Microsoft has also rolled out the June 2025 Patch Tuesday update for Windows 11, version 24H2. This update, KB5060842 (OS Build 26100.4349), addresses critical security vulnerabilities and incorporates enhancements from the previous preview update, KB5058499, which was released on May 28, 2025.
13. Microsoft June 2025 Patch Tuesday
Microsoft's June 2025 Patch Tuesday addresses 66 vulnerabilities, including one zero-day vulnerability that is presently exploited and one zero-day flaw that is publicly disclosed. The security update covers a wide range of software products. Users are urged to update their software immediately, especially considering that there are 10 critical vulnerabilities requiring immediate IT admin attention.
14. Microsoft Defender for Endpoint reached a significant security milestone
Microsoft has made an important cybersecurity achievement. Its Defender for Endpoint software has successfully confined 120,000 compromised user accounts and safeguarded over 180,000 devices from attacks in the past six months. This accomplishment comes against a remarkable 275% spike in ransomware attacks over the last 18 months, demonstrating the rising cyberthreats organisations are experiencing.
Stay tuned and keep your system safe! If you need help, contact us for expert advice!