June 30, 2025 – Cyber Briefing

👉 What’s happening in cybersecurity today?

Bluetooth flaw in Airoha chipsets allows eavesdropping via headphones, Scattered Spider hackers now targeting airlines, and Silver Fox group spreads malware via fake software sites. Horizon Healthcare hit by ransomware exposing patient data, Compumedics breach affects sleep study patients, and UK’s Richard Lander School shuts down after a cyberattack.

🚨 Cyber Alerts

1. Bluetooth Flaw Lets Hackers Spy On You

Security researchers discovered critical vulnerabilities in a widely used Airoha Bluetooth chipset affecting numerous popular audio devices. The flaws impact dozens of headphones and speakers from major brands including Sony, Bose, and Marshall. An attacker within Bluetooth range can potentially exploit the issues to eavesdrop through a microphone or steal a user’s contacts and call history. Although the chip manufacturer created a fix, device makers have not yet released the necessary firmware updates to the public.

2. Scattered Spider Hackers Target Airlines

The FBI has warned that the cybercrime group known as Scattered Spider is now actively targeting the airline industry. This group uses advanced social engineering techniques to impersonate employees, tricking IT help desks into granting them access to secure systems. The hackers often target high-value C-suite accounts to steal sensitive data, extort the company, and deploy ransomware. In response, security experts are urging aviation companies to immediately strengthen their internal identity verification processes to prevent these attacks.

3. Hackers Use Fake Software To Spread Malware

A Chinese hacking group known as Silver Fox is distributing malware through fake websites that advertise popular software. The campaign delivers the Sainbox remote access trojan and the open-source Hidden rootkit to unsuspecting victims. These attacks primarily target Chinese-speaking users with malicious installers designed to look like legitimate software. This method provides the attackers with stealth and system control without requiring significant custom malware development.

💥 Cyber Incidents

4. Data Breach at Horizon Healthcare RCM

Horizon Healthcare RCM, a revenue cycle management firm, suffered a ransomware attack and data breach in late December. The attack exposed a wide range of patient information, including health insurance data and, in some cases, Social Security numbers and financial details. The company’s public notice was transparent about the ransomware and strongly implied that it paid a demand to have the stolen data deleted. However, the total number of affected patients and which of its many healthcare partners were impacted remains unknown.

5. Compumedics Breach Hits 10 Health Clients

The sleep disorder diagnostic vendor Compumedics suffered a data breach that exposed patient data from Northern Light Health. The breach occurred between February and March 2025 and compromised files containing names, medical records, and sleep study results. While a subset of patients may have had Social Security numbers exposed, Northern Light Health believes its patients’ financial and insurance data were not involved. Compumedics has since enhanced its security, and all individuals who were affected by the incident have been notified by mail.

6. Cyberattack Closes Richard Lander School

Richard Lander School in Cornwall, England, closed for two days due to a major cybersecurity incident affecting its IT systems. The school has very limited access to its data, which impacts its ability to function and properly safeguard its students. While an investigation into the incident is ongoing, officials have stated there is no evidence of a personal data compromise. The school administration will provide an update to parents on Tuesday regarding the operational plans for the rest of the week.

📢 Cyber News

7.NATO Deal Boosts Cyber Defense Spending

NATO allies have agreed to increase their defense spending to a new target of five percent of GDP within a decade. The goal includes 3.5 percent for core defense and 1.5 percent for indirect spending like cybersecurity capabilities. This increase is seen as a direct response to decades of U.S. criticism about burden-sharing, largely amplified by President Trump. Despite the new agreement, some allies have already expressed reluctance to meet the target, and the rules for spending remain vague.

8. Unpatched Exploits Are Top Ransomware Threat

A new report found that exploited vulnerabilities are the top cause of ransomware attacks for the third straight year. While the average recovery cost for victims is $1.53 million, the report notes that data encryption rates have actually dropped. Key operational factors enabling these attacks include a lack of internal cybersecurity expertise and insufficient staffing capacity. The findings highlight the critical need for organizations to prioritize proactive vulnerability management to combat these ongoing threats.

9. Microsoft RIFT Tool Fights Rust Malware

Microsoft has released a new open-source tool called RIFT to combat the growing threat of Rust-based malware. The Rust language is being used to create complex malware that is much larger and harder to reverse engineer than traditional programs. RIFT helps analysts by automatically identifying library code in Rust binaries, allowing them to focus on the malicious logic. By releasing the tool on GitHub, Microsoft aims to equip the cybersecurity community to better defend against these evolving threats.

Get Shield 360

💡 Cyber Tip

📚 Cyber Book

A Short & Happy Guide to Privacy and Cybersecurity Law by Jon Garon

Click to See Events

That concludes today’s briefing. You can check the top headlines here!

Copyright © 2025 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.