What'd I Miss? June 20 - 22, 2025

Sherpa Intelligence: Your Guide Up a Mountain of Information!

This Information Security and Data Privacy news roundup includes items from Friday through Sunday, so that you can hit the ground running on Monday morning.

These news roundups are not comprehensive and focus on news that may have been overlooked or under reported, and from lesser-known sources like local press.

This Sherpa Intelligence newsletter is curated by Tracy Z. Maleeff (aka InfoSecSherpa) and is just the tip of the iceberg of the research, OSINT, and information security research services we provide.

---

---

Get Sherpa Intelligence for customized research, reports, news monitoring and more!

---

Friday, June 20 - Sunday, June 22, 2025

---

Friday, June 20th

1. Aflac hit by cyberattack amid broader insurance sector targeting
   (Insurance Business)
   - The breach was discovered on June 12, its internal cyber response protocols were enacted immediately, and the intrusion was contained within hours; incident appears to align with a series of intrusions reported in recent weeks by other insurers, including Erie Insurance and Philadelphia Insurance Companies.

2. How a Cyber Security Expert Became a Guerilla Surf Forecaster
   (Surfer)
   - Duune, a rebel platform helping surfers score the best waves, is taking on Big Surf Forecasting; we speak with the founder of Duune, Jack Austin.

3. International Association of Ports & Harbors (IAPH) launches port cyber security guidelines for emerging tech
   (Lloyd’s List)
   - IAPH’s list of recommendations include measures to detect, mitigate and protect against the risks of new cyber threats associated with technologies, including quantum computing, AI, drones, IoT, 5G, automation and green energy.

4. Mitigating cyber-enabled cargo theft
   (CCJ Digital)
   - The National Motor Freight Traffic Association (NMFTA) rolled out its Cybersecurity Cargo Crime Reduction Framework, offering some of the most common ways cyber-enabled cargo theft is perpetrated, along with some basic actions companies can implement to reduce risk.

---

More from Sherpa Intelligence: Don't Let Mis(s) Information Take the Crown

---

Saturday, June 21st

1. Iranian hackers target Albania in retaliation for hosting dissidents
   (Politico Europe)
   - Homeland Justice, a group the Albanian government has directly tied to Iran’s Islamic Revolutionary Guard Corps (IRGC), launched a cyberattack on the capital of Tirana on Friday.

2. Kenya acquires advanced cyber tools sparking privacy concerns
   (The Eastleigh Voice)
   - Through a tender issued on Tuesday, June 17, by the Information and Communications Technology Authority (ICTA), Kenya is seeking to purchase high-performance internet gateway perimeter firewalls, internal network protections, and a central management system.

3. FCC Probes Biden-Era 'Cyber Trust Mark' Program Over 'Concerning' Ties to China
   (PC Magazine)
   - The GOP-led FCC is investigating a Biden-era initiative to award smart home devices a "US Cyber Trust Mark," which is basically the cybersecurity equivalent of the EnergyStar labels. FCC Chairman Brendan Carr says he's concerned that the company contracted to manage the Cyber Trust Mark testing process has "potentially concerning ties to the government of China."

---

More from Sherpa Intelligence: OSINT Basecamp - Ground News

---

Sunday, June 22nd

1. Cloudflare: World Record 7.3Tbps DDoS Attack Hits Mystery Target
   (PC Magazine)
   - The attack originated from over 122,145 source IP addresses across 161 countries. Almost half of the attack traffic came from Brazil and Vietnam, with roughly a quarter each. Another third originated from Taiwan, China, Indonesia, Ukraine, Ecuador, Thailand, the United States, and Saudi Arabia.

2. Forensic Lab With Links to Montana DOJ Leaks Phone Extracts
   (JayeLTee Substack)
   - One of the exposed network shares, called “Evidence”, was listing multiple TBs of data, and some of the directories were named in a way that made them easy to match to media reports due to how severe the cases were; with a few searches I linked two of them to a cop suicide and a homicide case.

3. ‘We’re Not Naming Care Bears.’ Hacker Code Names Are Getting Too Cute
   (The Wall Street Journal) *paywall*
   - Cartoonish naming conventions for potentially catastrophic cyberattacks are dividing security professionals.

---

More from Sherpa Intelligence: Listen Up! NeedleStack by Authentic8, Episode 79

---