Cyber Briefing: 2025.06.10

Google bug leaks phone numbers, Roundcube flaw hits 84K servers, Skitnet evades detection. TxDOT breached, UNFI deliveries disrupted, HFS phished. FBI appoints cyber chief, Texas forms Cyber Command.

Jun 10, 2025

👉 What's the latest in the cyber world today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. Google Bug Exposed Any User's Phone Number

A security researcher discovered a critical vulnerability in a legacy Google account recovery form that allowed attackers to systematically brute-force and obtain the phone numbers of any Google user. By abusing the JavaScript-disabled form and bypassing security with IPv6 address rotation and valid BotGuard tokens, the researcher could make 40,000 attempts per second using just a target's name and a partial number hint. After the researcher, BruteCat, reported the issue in April 2025, Google initially deemed it low-risk but later upgraded the severity and awarded a $5,000 bounty for the disclosure. Google confirmed on June 6, 2025, that it fully deprecated the vulnerable endpoint, closing the attack vector which could have led to widespread phishing and SIM-swapping attacks.

2. Roundcube RCE Flaw Risks 84,000 Servers

A critical remote code execution vulnerability, CVE-2025-49113, has been discovered in Roundcube Webmail, leaving over 84,000 unpatched installations worldwide exposed to attacks. The flaw, affecting a decade of Roundcube versions, allows an authenticated attacker to exploit a session handling weakness to achieve PHP object injection and ultimately take control of the server. Although Roundcube released patches on June 1st, hackers quickly reverse-engineered them and weaponized an exploit within 48 hours, which is now reportedly being sold on underground forums. Given the webmail client's widespread use and the rapid weaponization of the flaw, administrators are urged to update immediately to prevent potential data compromise and system takeovers.

3. New Skitnet Malware Arms Ransomware Gangs

A sophisticated new malware tool called Skitnet, also known as "Bossnet," is being adopted by ransomware operators like Black Basta and Cactus to enhance their post-exploitation capabilities and evade security. This multi-language malware uses a Rust-based loader to execute a Nim-based payload in memory, which then establishes a stealthy DNS-based reverse shell for command and control. Skitnet achieves resilient persistence through a sophisticated DLL hijacking technique, using a legitimate digitally signed ASUS executable to load its malicious library at every system startup. The malware's availability on underground forums as a Malware-as-a-Service (MaaS) highlights the industrialization of cybercrime, providing advanced tools for data theft and double extortion schemes.

For more alerts, click here!

Check Jobs

💥 Cyber Incidents

4. Texas DOT Breach Leaks 300K Crash Reports

The Texas Department of Transportation is warning of a data breach after hackers used a compromised account to access and download nearly 300,000 crash reports from its Crash Records Information System. Discovered on May 12th, the breach exposed sensitive personal information including names, addresses, driver's license numbers, and car insurance policy details contained within the stolen reports. Although TxDOT confirmed its internal systems were not breached and no money was stolen, it began notifying victims on May 26th, warning them to be wary of targeted phishing attempts. The state agency has shut down the compromised account and, despite claiming no legal requirement to inform the public, has created a dedicated call line for those impacted by the incident.

5. Cyberattack Disrupts UNFI Food Deliveries

United Natural Foods (UNFI), North America's largest publicly traded food distributor and a primary supplier for Whole Foods, has suffered a cyberattack that is disrupting its operations. The company discovered the incident on Thursday, June 5th, and proactively took certain systems offline, which has temporarily impacted its ability to fulfill and distribute customer orders. UNFI has notified law enforcement and engaged external cybersecurity experts to investigate the breach, while implementing business continuity plans and workarounds to continue servicing its customers. While the nature of the attack and whether data was stolen remains undisclosed, this incident highlights the food and agriculture sector's ongoing vulnerability to disruptive cyberattacks.

6. Illinois HFS Employee Phishing Leaks Data

The Illinois Department of Healthcare and Family Services (HFS) is alerting the public to a data breach affecting 933 individuals after a hacker successfully phished one of its employees in February 2025. The attacker sent a deceptive email from another compromised government account, leading to the HFS employee's emails and documents being breached. Stolen information includes highly sensitive data such as names, Social Security numbers, driver's licenses, and financial details related to child support and Medicaid. HFS, which notified all affected individuals by May 23rd, is now advising victims to place fraud alerts or security freezes on their accounts with consumer reporting agencies.

For more incidents, click here!

Click to Read

📢 Cyber News

7. FBI Taps Brett Leatherman As New Cyber Chief

Career FBI official Brett Leatherman has been named the new assistant director of the bureau’s Cyber Division, taking over for the recently retired Bryan Vorndran. Leatherman, who has over two decades of experience including leading the National Cyber Investigative Joint Task Force, pledged to "impose cost on our cyber adversaries" and make their activity unsustainable. He succeeds Vorndran, who is credited with making the FBI more aggressive in its cyber operations, shifting its focus from just arrests to include infrastructure disruption and clawing back ransom payments. This strategy, which Leatherman praised, also included popularizing joint agency advisories to give the private sector greater insight into digital threats and improve resilience.

8. Texas Creates Largest US State Cyber Command

Texas Governor Greg Abbott has signed House Bill 150 into law, establishing the Texas Cyber Command as the largest state-based cybersecurity department in the United States. Funded with a $135 million investment, the new San Antonio-based agency will launch a cyber threat intelligence center and coordinate incident response to protect against what the governor called "constant attack" from foreign actors. The command is designed to leverage the region's significant cyber expertise by partnering with key federal agencies already located in the area, including the Sixteenth Air Force, NSA, and FBI. Governor Abbott, who declared the command an emergency legislative item, stated its ultimate mission is to prevent and protect against cyber breaches and make Texas a national leader in cybersecurity.

9. WordPress Fight Leads To New FAIR Manager

A collective of former WordPress developers, backed by the Linux Foundation, has launched the FAIR Package Manager, a new independent distribution system for trusted WordPress plugins and themes. This launch is a direct response to a recent legal conflict between hosting giants Automattic and WP Engine, which saw the latter banned from the official WordPress.org update platform amid mutual accusations and cease-and-desist letters. The FAIR Package Manager provides a vendor-neutral, decentralized alternative that returns control to developers and hosts, aiming to unify the ecosystem and build security into the software supply chain. By replacing reliance on a single company's APIs and allowing hosts to set up their own mirrors, the project seeks to ensure the long-term stability and sustainability of the WordPress platform.

For more news, click here!

Check Events

📈Cyber Stocks

As U.S. markets open on Tuesday, June 10, 2025, leading cybersecurity stocks are trading slightly lower amid broader market caution and ongoing valuation adjustments:

Zscaler (ZS): Trading at $299.90, down 1.07%. The stock pulls back modestly after a strong run, though demand for Zero Trust and SASE solutions remains high.
Varonis (VRNS): Trading at $50.65, nearly flat at −0.02%. Investor sentiment remains steady as interest in data-centric security continues.
Palo Alto Networks (PANW): Trading at $196.33, down 1.65%, as recent gains are tempered by overall tech sector softness, despite strength in AI-driven security offerings.
CrowdStrike (CRWD): Trading at $464.39, down 0.90%. The stock dips slightly following conservative revenue guidance, but analysts maintain bullish long-term targets.
Fortinet (FTNT): Trading at $102.08, down 2.75%. The decline follows a period of strong gains, with fundamentals still supported by healthy revenue and buyback momentum.

💡 Cyber Tip

Check Your Google Account Privacy Settings

A now-fixed bug in Google’s account recovery system allowed attackers to guess and reveal the full phone numbers linked to any Google account. This could have enabled phishing or SIM-swapping attacks.

✅ What you should do

Review your Google account settings and consider limiting who can see your phone number.
Enable two-factor authentication (2FA) using an app or security key, not just SMS.
Be alert for suspicious messages or calls, especially ones asking for verification codes or personal information.
Use a strong, unique password for your Google account and avoid reusing it across services.
Monitor your accounts for signs of SIM-swap attempts, such as loss of cellular service or unexpected security alerts.

🔒 Why this matters

Even though the vulnerability has been fixed, phone numbers exposed through it could still be used in scams or account hijacking attempts. Staying cautious helps protect your identity and data.