Weekly Cybersecurity Newsletter: Top Threats and Breaches, June 13

Introduction

In this weekly cybersecurity roundup, we cover recent attacks that have impacted large companies, massive breaches and critical vulnerabilities. If you're looking to keep up with current threats and protect your digital infrastructure, you're in the right place.

‍

Incidents in Spain: user and employment

‍

Cyberattack on InfoJobs

On June 4, InfoJobs confirmed that attackers accessed it through Credential Stuffing using stolen credentials and accessed a “significant amount” of candidate data. There was no breach in their infrastructure, but the incident highlights the risk of reusing passwords,

Immediate measures taken:

• Notification to affected users.
• Reinforced security monitoring and protocols.
• Collaboration with authorities and experts.

‍

Impact on the supply chain and retail

‍

Cyberattack paralyzes food distribution

On June 5, United Natural Foods Inc. (UNFI), the main supplier of Whole Foods, suffered a computer attack that left empty shelves in the US and Canada. The incident interrupted distribution to more than 30,000 stores and caused an 8.5% drop in the value of their shares.

Retail under siege: M&S, Victoria's Secret and Cartier

• Marks & Spencer partially restored its online sale after a ransomware attack attributed to the group Scattered Spider, which affected contactless and click & collect in April-May.
• Victoria's Secret temporarily closed its website after a breach detected on May 24, and postponed its results report.
• Cartier confirmed the leak of personal data (names, emails, countries), although without compromising payments or passwords

‍

State threats and global ransomware

‍

FBI alert on North Korean campaign

The FBI and CISA issued a Critical alert due to a wave of ransomware attacks Play, which has hit more than 900 organizations in North America, Europe and South America. The warning urges strengthening international collaboration and cyber hygiene.

‍

Massive data breaches and new fraud tactics

‍

Record breach: 4 billion records exposed

Cybernews researchers revealed a leak of 4,000 million records (631 GB), including financial data, WeChat and Alipay, with a high risk of identity theft and advanced phishing.

‍

AI-powered fraud: UK Finance report

During 2025, 3.3 million frauds (more than £1 billion stolen) were reported. AI, deepfakes and voice cloning are being used by criminals, surpassing traditional financial institutions in agility.

‍

Other notable incidents

• Google warns about UNC6040 group which attacks Salesforce customers via vishing, compromising critical data.
• LexisNexis experienced a breach that exposed 364,000 people's data via GitHub.
• Advanced mobile spying attacks target cell phones in high-profile campaigns, especially in the U.S.

‍

Key Recommendations

1. Strengthen vulnerability management: prioritizes CVE assets from the KEV Catalog.
2. Adopt multifactor authentication and phishing defense to prevent vishing and deepfakes.
3. Perform regular mobile vulnerability assessments and device security.
4. Reinforce response plans to supply chain disruptions, essential for retail and logistics.

‍

Conclusions

In these last two weeks, we have witnessed disruptive attacks in key sectors, unprecedented leaks and AI-driven fraud tactics. It is essential that companies strengthen their defenses, collaborating closely and taking an approach proactive in cybersecurity.

🔗 Share this digest with your contacts.

👉 Don't wait any longer, schedule a consultancy to assess your risks and vulnerabilities. SCHEDULE