What'd I Miss? June 6 - June 8, 2025

Sherpa Intelligence: Your Guide Up a Mountain of Information!

This Information Security and Data Privacy news roundup includes items from Friday through Sunday, so that you can hit the ground running on Monday morning.

These news roundups are not comprehensive and focus on news that may have been overlooked or under reported, and from lesser-known sources like local press.

This Sherpa Intelligence newsletter is curated by Tracy Z. Maleeff (aka InfoSecSherpa) and is just the tip of the iceberg of the research, OSINT, and information security research services we provide.

---

---

Get Sherpa Intelligence for customized research, reports, news monitoring and more!

---

Friday, June 6 - Sunday, June 8, 2025

---

Friday, June 6th

1. ChatGPT used for evil: Fake IT worker resumes, misinfo, and cyber-op assist
   (The Register)
   - Fake IT workers possibly linked to North Korea, Beijing-backed cyber operatives, and Russian malware slingers are among the baddies using ChatGPT for evil, according to OpenAI's latest threat report.

2. New Cyber Blueprint to Scale Up the EU Cybersecurity Crisis Management
   (European Union Agency for Cybersecurity)
   - The necessity for a revised cyber crisis management Blueprint was driven by the evolution of the cybersecurity threat landscape where geopolitics accelerated the need for stronger cyber crisis management as anticipated in an ENISA report and as outlined in the EU’s first ever report on the State of Cybersecurity in the Union.

3. The North Face customers’ personal information compromised in cyber attack
   (Fashion Dive)
   - Data breach was an attack called credential stuffing, The North Face attacker got the usernames from a separate source and not from the company and The North Face disabled the affected passwords.

---

Read about my recent trip to Ireland: Conference Recap: Security BSides Dublin

---

Saturday, June 7th

1. Are You a Spy? Anthropic Has a New AI Model for You
   (PC Mag)
   - The Claude Gov model will provide improved handling of classified documents and better support for foreign languages that are critical to US security interests, Anthropic says.

2. FBI Warns of BADBOX 2.0 Botnet Surge in Chinese Devices
   (Bank Info Security)
   - A China-based botnet operation called BADBOX 2.0 has infected more than 1 million off-brand Android smart devices globally, the malware-laced devices primarily manufactured in China, range from low-cost TV streaming devices and projectors to digital picture frames and car infotainment systems.

3. Kazakhstan: Territorial defence, information security, and lessons from history
   (Caliber)
   - Kazakh President Kassym-Jomart Tokayev stressed the importance of factoring in risks in the sphere of information security and ensuring the reliable operation of critical systems.

---

African news: Africa Information Security News Roundup for January-March 2025

---

Sunday, June 8th

1. Hackers Using Fake IT Support Calls to Breach Corporate Systems, Google
   (Hack Read)
   - UNC6040 doesn’t rely on exploits or security vulnerabilities- instead, it counts on human error. The attackers call employees and walk them through approving a connected app inside Salesforce. But this isn’t just any app, it’s often a modified version of Salesforce’s legitimate Data Loader tool.

2. Look for These 7 New Technologies at the Airport
   (IEEE Spectrum)
   - In this new world, your face is your boarding pass, your electronic luggage tag transforms itself for each new flight, and gate scanners catch line cutters trying to sneak onto the plane early.

3. Ukraine’s intel strikes Russian Railways in cyber hit - Details
   (RBC-Ukraine)
   - Cyber specialists of Ukraine’s military intelligence have attacked the online system of Russian Railways; the official website of Russian Railways (RZD) is currently down.

---

Listen Up! Podcast Spotlight: Afternoon Cyber Tea with Ann Johnson

---