[Week of June 16, 2025]

Last week in cybersecurity, major updates were released by leading tech vendors, new attack vectors targeting artificial intelligence and collaboration tools were uncovered, and law enforcement agencies launched large-scale operations to dismantle cybercriminal infrastructure. Here’s a round-up of the most important developments:

Vulnerability Highlights

• Microsoft Monthly Security Update Released

Microsoft has issued its latest Patch Tuesday updates, addressing multiple critical and high-severity vulnerabilities across Windows, Office, Azure, and other enterprise products. Organizations are urged to prioritize these patches, especially for zero-day exploits disclosed in the wild.

• Adobe Fixes 254 Vulnerabilities

Adobe has released updates across its product suite, resolving 254 security vulnerabilities. Several of these are critical, affecting widely used tools such as Adobe Acrobat, Reader, and Illustrator. These flaws could allow for remote code execution, privilege escalation, and information disclosure if left unpatched.

Active Attack Campaigns

• Black Basta Uses Microsoft Teams and Python Scripts

The Black Basta ransomware group has adopted a new attack vector using Microsoft Teams as a social engineering channel combined with malicious Python scripts. This method has enabled the deployment of ransomware payloads in targeted enterprise environments, highlighting the growing threat posed by lateral phishing within collaboration platforms.

• AI Safety Exploited – TokenBreak Attack on LLMs

A novel method dubbed "TokenBreak" has emerged, designed to bypass content moderation and safety guardrails of large language models (LLMs). By manipulating token input patterns, attackers can trick LLMs into producing restricted outputs—posing significant risks for AI-integrated systems.

• Brute-Force Attack Targeting Apache Tomcat Interfaces

A coordinated brute-force campaign is actively targeting exposed Apache Tomcat Manager interfaces. The attack aims to gain administrative access and deploy malicious web shells. System administrators are advised to implement strong authentication, restrict public access, and monitor for login anomalies.

Global Cybersecurity News

• Operation Secure: Interpol Takes Down 20,000+ Malicious IPs

In a major win for global cyber defense, Interpol's Operation Secure has dismantled over 20,000 IP addresses associated with cybercrime infrastructure linked to 69 malware variants. The operation led to arrests and infrastructure takedown across several countries.

• Microsoft 365 Copilot Targeted via Zero-Click AI Exploit

Researchers have identified a "zero-click" vulnerability in Microsoft 365 Copilot, which allows attackers to exfiltrate sensitive data without user interaction. The exploit leverages flaws in AI-driven features, raising concerns about the security of AI-integrated productivity tools.

• 80,000 Microsoft Entra ID Accounts Targeted

A massive Account Takeover (ATO) campaign has been launched against Microsoft Entra ID (formerly Azure AD), targeting more than 80,000 accounts. The threat actors use an open-source pentesting toolkit named TeamFiltration, which automates enumeration, password spraying, and credential harvesting against cloud identity systems.

Recommendations

• Patch immediately: Apply the latest updates from Microsoft and Adobe without delay.
• Monitor collaboration tools: Enhance logging and user behavior monitoring for Microsoft Teams.
• Secure exposed interfaces: Lock down Apache Tomcat panels and deploy WAF rules.
• Audit AI deployments: Validate that AI models and APIs are properly sandboxed and do not leak sensitive data.
• Strengthen identity protections: Implement MFA and review login patterns for anomalous access in Microsoft Entra ID.

Microsoft June 2025 Patch Tuesday: 68 Vulnerabilities Addressed, Including CoPilot & WebDAV Zero-Day Exploits

Release Date: 10 June 2025
Total Vulnerabilities Fixed: 68
Severity Ratings: Critical, High, Medium
Source: Microsoft Security Update Guide – June 2025

Microsoft has issued its June 2025 Monthly Security Update, addressing a total of 68 vulnerabilities spanning across a broad array of its platforms and products. This release includes fixes for critical vulnerabilities actively exploited in the wild, including those affecting Microsoft CoPilot and WebDAV.

Key Highlights

• Critical Zero-Day Exploits Identified:

WEBDAV Vulnerability – A critical remote code execution (RCE) flaw that could allow unauthenticated attackers to compromise systems via crafted WebDAV requests.

Microsoft 365 CoPilot Vulnerability – An exploited-in-the-wild issue involving data exfiltration through AI functionality, highlighting growing concerns over AI-related attack surfaces.

Comprehensive Coverage:
Vulnerabilities affect a wide range of Microsoft services and components across Windows OS, .NET, Office Suite, Visual Studio, and security infrastructure.

Affected Products

The following Microsoft products and services are impacted:

• Operating System Components:
  Windows Kernel, Windows Installer, Windows SMB, Windows DHCP Server, Windows Recovery Driver, Windows Netlogon, Windows Kernel, RRAS, LSASS, LSA, WebDAV, DWM Core, and more.

• Security and Identity Services:
  Windows Local Security Authority Subsystem Service (LSASS), KDC Proxy Service (KPSSVC), Windows Security App.
• Developer & Automation Tools:
  .NET, Visual Studio, Power Automate, Windows SDK, Microsoft AutoUpdate (MAU).
• Office Suite Applications:
  Microsoft Word, Excel, Outlook, PowerPoint, SharePoint.
• AI and Productivity Tools:
  Microsoft 365 CoPilot
  Nuance Digital Engagement Platform
  Windows Hello
• Remote Access and Desktop Services:
  Windows Remote Desktop Services, Remote Access Connection Manager, Remote Desktop Client.
• Storage and Logging:
  Windows Storage Management Provider, Common Log File System Driver, Storage Port Driver, Standards-Based Storage Management Service.

Vulnerability Breakdown

Notable CVEs from June 2025 Update:

• CVE-2025-47966 – Critical RCE in WebDAV
• CVE-2025-47162 to CVE-2025-47176 – Multiple memory corruption and privilege escalation flaws
• CVE-2025-33053, CVE-2025-33064 – Microsoft CoPilot vulnerability linked to AI data leakage
• CVE-2025-32711 to CVE-2025-32725 – Privilege escalation and authentication bypass risks in Windows core services
• CVE-2025-24065 to CVE-2025-24069 – Code execution vulnerabilities across Microsoft Office apps
• CVE-2025-30399 – Nuance Digital Platform zero-click vulnerability
• CVE-2025-47977 – High severity flaw in Microsoft AutoUpdate mechanism

These vulnerabilities span across different impact levels, including remote code execution (RCE), privilege escalation, information disclosure, security feature bypass, and denial of service (DoS).

Recommended Actions

• Immediate Patch Deployment: Prioritize patching systems vulnerable to WebDAV and CoPilot-related CVEs, especially those exposed to external networks.
• Review Endpoint Monitoring Policies: Enhance telemetry and logging for components affected in this update.
• Update Automation Pipelines: Integrate the latest updates into enterprise deployment tools (e.g., SCCM, Intune, WSUS).
• AI Risk Review: Assess Microsoft CoPilot use cases and security posture, especially in environments handling sensitive data.

Reference & Patch Guidance

For a full list of affected CVEs and detailed patching instructions, refer to Microsoft's official release notes:

🔗 Microsoft Security Update Guide – June 2025

Adobe Security Update – 254 Vulnerabilities Patched (June 2025)

Date Published: June 10, 2025
Category: Cybersecurity | Vulnerability Management | Adobe Security Updates

Adobe has released a critical monthly security patch addressing 254 vulnerabilities across a wide range of its software products. This June 2025 update includes vulnerabilities rated as High and Medium severity, impacting several widely used Adobe applications.

Key Highlights

• Total Vulnerabilities: 254
• Severity Level: High and Medium (CVSS Scoring)
• Most Impacted Product: Adobe Experience Manager (225 CVEs)
• Release Reference: Adobe Security Bulletin – June 2025

Affected Adobe Products

The following Adobe products are affected in this release:

• Adobe InCopy
• Adobe Experience Manager (AEM) – Cloud Service
• Adobe Commerce
• Adobe InDesign
• Adobe Acrobat Reader
• Adobe Substance 3D Sampler
• Adobe Substance 3D Painter

These vulnerabilities include critical flaws such as arbitrary code execution, memory corruption, privilege escalation, and potential data exposure.

Vulnerability Breakdown

Notable CVEs from June 2025 Update:

A total of 254 CVEs (Common Vulnerabilities and Exposures) have been disclosed, with 225 of them affecting Adobe Experience Manager (AEM) Cloud Service alone. This volume highlights the increased attack surface for enterprise-level digital experience platforms and underscores the importance of proactive patching. This patch cycle includes critical issues ranging from arbitrary code execution to memory corruption and privilege escalation.

Some of the most impactful vulnerabilities include:

CVE-2025-30327, CVE-2025-47107, CVE-2025-46840, CVE-2025-47108, CVE-2025-47111, CVE-2025-47091, CVE-2025-47093, CVE-2025-47094, CVE-2025-47114, CVE-2025-43581, CVE-2025-43573, CVE-2025-43576, and many more.

Organizations relying on Adobe for creative, content, or customer experience solutions are advised to take immediate action to mitigate risks.

Recommended Actions

1. Review the full list of vulnerabilities in Adobe’s official security bulletin.
2. Apply patches immediately, especially for AEM Cloud Service deployments.
3. Inform IT and cybersecurity teams to test and deploy patches across environments.
4. Enable automated updates where feasible to ensure continuous protection.
5. Monitor system logs for signs of potential exploitation.

Why This Matters

Unpatched vulnerabilities are one of the leading causes of cyberattacks, including ransomware infections and unauthorized access. Enterprises leveraging Adobe tools—especially in digital publishing, e-commerce, or creative cloud environments—must act swiftly to reduce exposure.

Stay Updated

Crowe Cybersecurity recommends regular patch reviews and real-time threat monitoring to stay protected.

Crowe Cybersecurity Advisory recommends organizations stay proactive in patch management and conduct routine vulnerability risk assessments, especially with the rising complexity of AI-integrated systems and remote work infrastructure.

Need support? Contact our Cyber Risk team for enterprise patching strategies or vulnerability remediation audits.

Stay informed and stay secure.

For consultation or tailored cybersecurity advisory, contact our team at Crowe UAE, +971 55 343 8693, manesh.nair@crowe.ae