NDAY Security Blog

NDAY Security Blog - June 2025 Cybersecurity Breaches

NDAY Security Monthly Breach Digest

Explore highlights from the latest cybersecurity events in June 2025, with expandable summaries and detailed reports from May, April, and March available below.

June 2025 Cybersecurity Breaches: What You Need to Know

1. 16 Billion Credential Leak

Researchers uncovered a massive aggregation of approximately 16 billion login credentials, one of the largest leaks in history, combining infostealer malware data and past breaches.

  • Cause: Infostealer malware and aggregated breach data
  • Impact: Increased risk of account takeovers and identity theft

2. Hawaiian Airlines and WestJet Breaches

Both airlines confirmed breaches using help-desk MFA bypass techniques, potentially linked to the Scattered Spider group, compromising customer and operational data.

  • Cause: Social engineering and MFA bypass
  • Impact: Disruption of airline operations and passenger data exposure

3. Salt Typhoon Espionage Campaign Targeting Cisco IOS XE

Chinese state-sponsored group Salt Typhoon exploited a critical Cisco IOS XE vulnerability, targeting Canadian telecom routers for espionage.

  • Cause: State-sponsored exploitation of software vulnerability
  • Impact: Compromised telecom infrastructure and national security concerns

4. Iran State Television Broadcast Hijacking

Hackers hijacked Iran’s state TV broadcast on June 19, displaying unauthorized protest footage during prime time.

  • Cause: Cyber-activism targeting broadcast systems
  • Impact: Disrupted state media and amplified geopolitical messaging

5. 4chan and Turkish-Affiliated Website Defacements

Hackers defaced 4chan and Turkish-affiliated websites on June 5, driven by ideological motives.

  • Cause: Cyber-activism via website defacement
  • Impact: Reduced platform trust and user engagement

Conclusion

June’s incidents highlight the escalating scale of credential leaks, state-sponsored espionage, and cyber-activism, underscoring the need for robust cybersecurity measures.

Previous Months

May 2025 Cybersecurity Breaches: What You Need to Know

1. Marks & Spencer Hit by Scattered Spider Group

Hackers exploited a third-party contractor to breach M&S systems, suspending online orders and contactless payments. Estimated damage: £300 million.

  • Cause: Social engineering via third-party vendor
  • Impact: Services halted, customer data exposed

2. 184 Million Passwords Leaked from Unprotected Database

A massive trove of credentials was found on an exposed server, impacting major platforms like Google and PayPal. Likely stolen via infostealer malware.

  • Cause: Infostealer malware + unsecured cloud server
  • Impact: Password reuse attacks and identity fraud

3. Chinese APT Targets Czech Government

APT31, linked to the Chinese government, infiltrated the Czech foreign ministry’s unclassified systems. NATO and the Czech Republic condemned the act.

  • Cause: State-sponsored espionage
  • Impact: System rebuilds and diplomatic tension

4. Commvault SaaS Breach via Zero-Day Vulnerability

Commvault’s Metallic SaaS platform was breached through CVE-2025-3928, compromising Microsoft 365 backups for multiple organizations.

  • Cause: Zero-day vulnerability
  • Impact: SaaS supply chain integrity questioned

5. AI Impersonation of Trump Chief of Staff

Deepfake audio and messages impersonated Susie Wiles, sending fake pardon requests to contacts. The FBI has launched an investigation.

  • Cause: AI deepfake phishing
  • Impact: Political manipulation risk

6. Dior Customer Data Breach

Dior disclosed a breach of names, contact data, and order histories. No payment information was accessed.

  • Cause: Server compromise
  • Impact: Targeted phishing risk, brand damage

Conclusion

May’s attacks highlight the broad spectrum of threat actors—state-sponsored, criminal, and AI-driven. Third-party risk, SaaS platforms, and misinformation are top concerns heading into summer 2025.

April 2025 Cybersecurity Breaches: What You Need to Know

1. Boeing Data Leak from LockBit Ransomware Group

LockBit released stolen Boeing data including internal communications and supplier contracts after the company refused to pay a ransom.

  • Cause: Ransomware exploit
  • Impact: Intellectual property theft; vendor exposure

2. French Hospital System Offline from Coordinated Cyberattack

Hackers shut down regional hospital systems in France, delaying surgeries and emergency response operations.

  • Cause: Hospital IT infrastructure breach
  • Impact: Care delays; temporary facility outages

3. Marks & Spencer Breach Begins via Third-Party Access

M&S was compromised over Easter weekend through a vendor, causing operational disruptions that extended into May.

  • Cause: Social engineering through contractor
  • Impact: E-commerce and payment system shutdowns

Conclusion

April highlighted vulnerabilities in critical infrastructure and retail systems. These incidents stressed the importance of securing vendor relationships and ransomware readiness.

March 2025 Cybersecurity Breaches: What You Need to Know

1. AT&T Confirms Massive Data Breach

AT&T disclosed that the personal data of 73 million customers was leaked on the dark web. The data included Social Security numbers, email addresses, and more.

  • Cause: Third-party breach
  • Impact: Millions of sensitive records exposed

2. UnitedHealth Subsidiary Change Healthcare Targeted by Ransomware

Ransomware disrupted prescription transactions across the U.S. via a breach at Change Healthcare.

  • Cause: Ransomware attack
  • Impact: Nationwide pharmacy delays

3. Sisense Breach Compromises Corporate Credentials

Unauthorized access to data analytics firm Sisense resulted in compromised credentials for enterprise clients.

  • Cause: Internal intrusion
  • Impact: SaaS trust weakened

Conclusion

March highlighted vulnerabilities in telecom, healthcare, and enterprise SaaS environments—further proof that proactive defense is essential.