This Week in Cyber 13th June 2025

Analyst Insight

This week in cyber, we have seen more attacks against large retailers, with this week, health food wholesaler “United Natural Foods” suffering a major cyberattack. The firm is a primary supplier for retailer “Whole Foods” with reports of the attack disrupting food supply chains. We have also seen a new zero-click AI vulnerability affecting Microsoft’s Copilot, allowing attackers to extract sensitive data. An operation from INTERPOL saw 20,000 IP addresses relating to information stealers being seized with threat actor infrastructure dismantled and a critical vulnerability left 84,000 Roundcube webmail instances vulnerable to exploitation. Read more in this week in cyber.

Health Food Wholesaler United Natural Foods Suffers Major Cyberattack

This week, United Natural Foods a large American health food distributor, primarily supplying Whole Foods has suffered a major cyberattack. “We have identified unauthorized activity in our systems and have proactively taken some systems offline while we investigate,” the company said in a statement to CNN. The firm has notified relevant law enforcement authorities and hired external cybersecurity experts to investigate the incident. Some Whole Foods locations are reporting empty shelves due to the incident, showing the severity of the attacks.

June Patch Tuesday: Microsoft Releases Fixes for 66 Vulnerabilities

Microsoft’s June 2025 Patch Tuesday rolled out fixes for 66 vulnerabilities, including two critical zero-days that have been actively exploited. One of the key flaws, CVE-2025-33053, is a remote code execution vulnerability in WebDAV, which was used in attacks by the "Stealth Falcon" group targeting a defence firm in Turkey. Attackers could exploit this flaw if a user clicks a malicious WebDAV URL, allowing arbitrary code execution. The second zero-day, CVE-2025-33073 affects Windows SMB, where an attacker could escalate privileges to SYSTEM level via a specially crafted script sent over the network. For more detailed information, visit Microsoft’s Security Response Center (MSRC).

Microsoft Copilot Zero-Click AI Vulnerability Discovered

A newly discovered zero-click AI vulnerability named “EchoLeak” within Microsoft Copilot could potentially enable attackers to exfiltrate sensitive data without interaction. Researchers at Aim Labs conducted the attack on the AI assistant and reported their findings to Microsoft, identifying it as CVE-2025-32711 with a critical (9.3) severity score.

The attack begins by sending a normal-looking email with hidden instructions designed to manipulate Copilot. Since the prompt sounds human and unrelated to Copilot, it bypasses Microsoft’s protections. Later, when the user asks a relevant question, Copilot’s RAG system pulls in the email as context. The hidden prompt activates, causing Copilot to include sensitive data in a crafted image link. Some markdown formats trigger the browser to auto-load the image, silently sending the data to the attacker.

INTERPOL Operation Secure: 20,000 IP Addresses Linked to Infostealers Seized

INTERPOL's Operation Secure, conducted between January and April 2025, has successfully seized over 20,000 malicious IP addresses and domains linked to infostealer malware. This global initiative involved law enforcement from 26 countries, with support from multiple cybersecurity companies identifying and dismantling cybercriminal infrastructure. The operation led to the seizure of 41 servers and more than 100 GB of data. Additionally, 32 individuals were arrested, and over 216,000 potential victims were notified to mitigate further risks. 

84,000 Roundcube Webmail Instances Vulnerable to Critical Remote Code Execution Flaw

A critical vulnerability (CVE-2025-49113) affecting Roundcube webmail has been identified and is currently being actively exploited. The flaw impacts all versions from 1.1.0 through 1.6.10 and allows for remote code execution through a deserialization issue tied to improper input handling.

Security researcher Kirill Firsov discovered the vulnerability, and although a patch was issued on June 1, 2025, attackers have already reverse-engineered the fix and exploited it. Over 84,000 vulnerable instances remain exposed online, many in shared hosting environments and institutional deployments. Organizations are strongly advised to upgrade to Roundcube version 1.6.11 or later.