Weekly Cybersecurity Recap - 16 June 2025

Introduction

From Discord’s invite link abuse to a spike in JavaScript malware infections, last week brought a wave of new cyber threats and vulnerabilities. High-profile platform issues, phishing campaigns, and a revealing report on the cybersecurity struggles of small businesses highlight a week filled with complexity. Here's a categorized recap of the top security stories.

Malware and Threat Campaigns

Discord Invite Link Hijacking Delivers AsyncRAT and Skuld Stealer Targeting Crypto Wallets

Attackers are hijacking expired Discord invite links to redirect users to malicious servers hosting AsyncRAT and Skuld stealer. These attacks capitalize on a weakness in Discord’s link system, allowing old, once-trusted invites to be repurposed and weaponized for malware delivery. Users clicking these links via social media or forums may unknowingly expose themselves to credential theft and remote access.

Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month

A large-scale infection campaign has compromised over a quarter million legitimate websites using JavaScript code known as “JSFireTruck.” The malware is obfuscated using a quirky but potent technique called JSFuck, which uses only symbols to execute commands. Researchers warn this method makes it harder to detect and remove.

TeamFiltration Abused in Entra ID Account Takeover Campaign

Threat actors are using the pentesting tool TeamFiltration to automate account takeovers across over 80,000 Entra ID accounts. This tool simulates attack techniques like password spraying, credential theft, and persistent access through OneDrive, requiring only a sacrificial Office 365 account and API access to initiate. Proofpoint reported the campaign shows significant automation and scale.

Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks

Despite the collapse of the Black Basta brand, former affiliates are launching new attacks using familiar tactics - email bombs, phishing via Microsoft Teams, and Python-based persistence. This resurgence suggests a pivot in tactics rather than a retreat, emphasizing the importance of endpoint detection and behavioral monitoring.

Web and Platform Exploits

WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network

VexTrio and its affiliate services, including Help TDS and Disposable TDS, have been linked to a sprawling cybercriminal operation. Their network uses compromised WordPress sites and fake adtech companies - like Los Pollos and Taco Loco - to redirect users into phishing sites and scams. Victims are funneled into everything from fake gift card schemes to malicious app downloads, forming a profitable underground web of fraud.

Researchers Uncover 20+ Configuration Risks, Including Five CVEs, in Salesforce Industry Cloud

Salesforce Industries (formerly Vlocity) has been found to contain over 20 risky configurations and five critical CVEs. The flaws affect everything from data mappers and integration procedures to FlexCards and OmniScripts, exposing organizations to internal and external data leakage. Researchers urge enterprises using these tools to audit configurations urgently.

Researchers Detail Zero-Click Copilot Exploit 'EchoLeak'

A zero-click vulnerability dubbed EchoLeak allowed attackers to exfiltrate data from Microsoft Copilot users via prompt injection. The flaw, disclosed by Aim Security, highlights the emerging attack surface in generative AI tools. Microsoft has since patched the issue, but the event underscores the need for secure AI prompt handling.

Industry and Risk Insights

Smaller organizations nearing cybersecurity breaking point

Small and midsize businesses are reporting a steep decline in confidence in their cybersecurity posture. According to new research, 35% now believe they are inadequately protected - seven times more than in 2022. Overstretched IT teams and underfunded defenses are making them prime targets in supply chain attacks.

The path to better cybersecurity isn’t more data, it’s less noise

Modern SOCs are overwhelmed. With thousands of daily alerts, teams struggle to identify real threats amidst the noise. A Vectra AI survey shows 71% of analysts worry about missing critical incidents, and over half admit they can’t keep pace. Reducing noise and enhancing signal clarity may be the only way forward.

Incidents and Breaches

WestJet probes cybersecurity incident affecting app and internal systems

WestJet Airlines is investigating a breach that disrupted access to its app and back-end systems. While the scope is unclear, specialized teams are working with law enforcement and Transport Canada. It’s the latest in a series of airline and travel industry incidents over the past year.