Cybersecurity Update 28 June - 11 July 2025

United States of America

Cloudflare Blocks AI Scrapers. On 1 July 2025, Cloudflare announced that it intends to “block known AI web crawlers by default to prevent them from “accessing content without permission or compensation.” “If the Internet is going to survive the age of AI, we need to give publishers the control they deserve and build a new economic model that works for everyone – creators, consumers, tomorrow’s AI founders, and the future of the web itself,” said Matthew Prince, co-founder and CEO of Cloudflare. Cloudflare went on to say, “instead of a blanket block or uncompensated open access, we want to empower content owners to monetize their content at Internet scale.” As such, the company concurrently launched Pay Per Crawl, a monetization tool that allows publishers to charge AI firms for data access. This includes the ability to set terms and prices for bot traffic. Early adopters include major publishers like Gannett, Associated Press, Fortune, Reddit, Time, Stack Overflow, and at least 40 others eager to replace evaporating search referrals with fresh AI revenue. It will also force AI companies to clarify their purpose – if their crawlers are used for training, inference, or search – to help website owners decide which crawlers to allow. The new service targets large language model builders like OpenAI, Google, Meta, and Anthropic, many of whom have been accused of scraping copyrighted content without

consent. (Cloudflare, TechReview, Wired, The Verge, Security Week, TechRepublic, Cloudflare, ShellyPalmer)

US Justice Department Seize 29 North Korean Laptop Farms. On 30 June 2025, the

Department of Justice (DoJ) announced that it took law enforcement actions against 29 laptop farms in 16 States, resulting in charges, arrests, plea agreements, and seizures of 29 financial accounts, 21 fraudulent websites, and approximately 200 computers. The operation targeted North Korea's fraudulent IT worker schemes. These schemes target and steal from U.S. companies and are designed to evade sanctions and fund the North Korean regime’s illicit programs, including its weapons programs. Thousands of North Korean cyber operatives have been trained and deployed by the regime to blend into the global digital workforce and systematically target U.S. companies. Once employed, the North Korean IT workers received regular salary payments, and they gained access to, and in some cases stole, sensitive employer information such as export controlled U.S. military technology and virtual currency. In at least one case, North Korean IT workers gained access to “sensitive employer data and source code, including International Traffic in Arms Regulations (ITAR) data,” after they were hired by a California-based defense contractor that develops artificial intelligence-powered equipment and technologies. On 3 July 2025, Microsoft said it suspended 3,000 Outlook and Hotmail email accounts it believed were created by North Korean IT workers as part of a larger effort to help companies address the costly scheme. DOJ notes that these malicious actors were assisted by individuals in the United States, China, United Arab Emirates, and Taiwan, and successfully obtained employment with more than 100 U.S. companies. U.S. residents created front companies and fake websites to bolster the credentials of North Korean IT workers while also

housing laptops that allowed the workers to remotely access devices provided by the victim companies. (DOJ Press Release, TechCrunch, Wired, TheRecord, AP, TheRecord)

Ingram Micro Ransomed. On 3 July 2025, Ingram Micro Holding Corporation

(Ingram) identified ransomware on certain of its internal systems. The ransomware

gang SafePay has claimed credit for the attack. The group uses a modified version of

LockBit code dating back to 2022. Outages have caused shipping delays, stalled cloud

services, and there could be a breach customers' sensitive information. The company

has taken steps to secure the relevant environment, including proactively taking certain

systems offline and implementing other mitigation measures. Ingram Micro is one of

the world's largest business-to-business technology distributors and service providers,

offering a range of solutions including hardware, software, cloud services, logistics,

and training to resellers and managed service providers worldwide. Through Ingram

Micro Xvantage™, its AI-powered digital platform, Ingram offers a comprehensive

business-to-consumer-like experience, integrating hardware and cloud subscriptions,

personalized recommendations, instant pricing, order tracking, and billing automation.

(CybersecurityDive, Ingram SEC 8K, Ingram Press Release, The Register,

BleepingComputer)

SolarWinds Settles with SEC. On 2 July 2025, the SEC and SolarWinds inclusive of Tim

Brown (their CISO) reached a preliminary settlement to end litigation tied to the 2020 Russia-linked cyber espionage campaign. The parties “have reached a settlement in principle that would completely resolve this litigation,” the SEC said in a filing last week with the federal judge in New York who is overseeing the commission’s lawsuit against the company. (Reuters, CybersecurityDive, SEC)

Pentagon May Put SpaceX at the Center of a Sensor-to-Shooter Targeting Network.

RDT&E FY 26 Budget request outlines the administration’s plan to cancel a fleet of orbiting data relay satellites managed by the Space Development Agency and replace it with a capability that primarily relies on SpaceX's Starlink constellation. While details of the Pentagon's plan remain classified, the White House proposal would commit $277 million in funding to kick off a new program called "pLEO SATCOM" or "MILNET." Managed in a partnership between the Space Force and the National Reconnaissance Office (NRO), MILNET is designed to use military-grade versions of Starlink Internet satellites to create a "hybrid mesh network" the military can rely on for a wide range of applications. This will be essential for the Administration’s Golden Dome project. MILNET will comprise at least 480 satellites. (RDT&E Fiscal 26 Plans, ArsTechnica, BreakingDefense)

Zero-day: Bluetooth Vulnerability gap turns millions of headphones into listening stations. On 26 June 2025, Germany security company ERNW published its discovery of a serious security vulnerability in many Bluetooth headphones that allows attackers to read data from the devices remotely and take over connections. Millions of devices from various manufacturers are suspected to be affected; updates to resolve the problem are not yet available. The vulnerabilities are located in Bluetooth SoC (System-on-Chip) from the Taiwanese manufacturer Airoha, which is particularly popular for “True Wireless Stereo” (TWS) headphones. Using Airoha chips, small in-ear headphones can reproduce stereo sound from playback devices such as smartphones without latency. Well-known manufacturers such as Sony, JBL, Marshall, and Bose use it in some cases, but also install Bluetooth technology from other suppliers. (Heise)

Agentic AI Deployment Accelerates Despite Risks. On 26 June 2025, KPMG published their latest KPMG AI Quarterly Pulse Survey. 82% of leaders believe that their industry’s

competitive landscape will look different in the next 24 months. The uptick comes as Gartner predicts that more than 40% of agentic AI projects will be canceled by the end of 2027. “The data shows just how quickly AI agents are moving out of pilots and into production – and that momentum will only accelerate,” said Steve Chase, Vice Chair of AI & Digital Innovation, KPMG. “What makes this moment unique is that leaders increasingly see agents not just as a way to cut costs, but as a way to rethink growth and create new value. But we’ve seen firsthand, both in our own journey and with clients, how transformation at this pace puts real pressure on the foundations of AI: trust, governance, data, leadership alignment, and workforce readiness. The organizations that invested early in these areas are now scaling with confidence and positioning themselves to lead in this next phase.” Yet, “most agentic AI projects right now are early stage experiments or proof of concepts that are mostly driven by hype and are often misapplied,” said Garnter analyst Anushree Verma. “This can blind organizations to the real cost and complexity of deploying AI agents at scale, stalling projects from moving into production. They need to cut through the hype to make careful, strategic decisions about where and how they apply this emerging technology.” (CIODive, KPMG)

International Items of Interest

Airlines Targeted by Scattered Spider. On 30 June 2025, Quantus Airlines detected unusual activity on a third-party platform used by a Qantas call center. The malicious actor was able to steal the data of at least 6 million customers. Hawaiian Airlines and WestJet were also targeted over the weekend. On 2 July 2025, the FBI issued a warning that the cybercriminal group Scattered Spider is launching extortion attacks against entities in the aviation sector. The FBI states, “these actors rely on social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access. These techniques frequently involve methods to bypass multi-factor authentication (MFA), such as convincing help desk services to add unauthorized MFA devices to compromised accounts.” “Once inside, Scattered Spider actors steal sensitive data for extortion and often deploy ransomware.” They went on to warn that "anyone" in the airline industry could be at risk, from vendors to contractors, which makes sense given airlines are by nature an enormous attack surface. At WestJet, the malicious actor compromised the airline's data centers and Microsoft Cloud environment by "performing a self-service password reset for an employee, which enabled them to register their own MFA and obtain remote access to the network through Citrix. (FBI Statement, FoxNews, CybersecurityDive, WSJ, SecurityAffairs, TechCrunch, TheRecord, Reuters, BleepingComputer, CNN, Forbes)

European Business Leaders Urge the Commission to Pause Implementation of the EU AI Act. On 26 June 2025, business and technology leaders (Airbus, ASML, Mistral, and industry associations) urged European officials to "stop the clock" on enforcing the EU's AI Act. They warned the regulation could put "Europe's AI ambitions at risk.” CCIA Europe stresses that additional time would allow the legal framework to be completed, give companies a fair compliance window, and ensure the Act supports – rather than hinders – GPAI development across the European Union. (GovInfoSecurity, WSJ, CCIA)

Canada Bans China's Hikvision. On 27 June 2025, Canada’s Minister Mélanie Joly stated,

“Following a National Security Review under the Investment Canada Act, the Government of Canada has ordered Hikvision Canada Inc. to cease all operations in Canada and close its Canadian business. The government has determined that Hikvision Canada Inc.’s continued operations in Canada would be injurious to Canada’s national security. This determination is the result of a multi-step review that assessed information and evidence provided by Canada’s security and intelligence community.” Apart from banning Hikvision Canada's operations, the decision also bans all government organizations and crown corporations from buying and using Hikvision equipment. Hikvsion makes surveillance cameras and other electronics. (Bloomberg, Security Affairs, Bleeping Computer)

Germany Wants DeepSeek Booted from App Stores. On 27 June 2025, the Berlin

Commissioner for Data Protection asked Apple and Google to remove the Chinese AI app — Deepseek — from its stores, citing violations of Europe's strict privacy laws. Using Article 16 of the Digital Services Act (DSA) - Germany is allowed to report illegal content on platforms to the respective operators. The regulator has accused DeepSeek's parent of collecting data about German residents without consent and sending it to China. The Commissioner requested DeepSeek to voluntarily remove its apps from app stores in Germany this year by 6 May 2025, but the company refused to comply. (BleepingComputer, DE Commissioner)

The EU’s New Cybersecurity Law for the Space Sector. On 25 June 2025, the European

Commission announced its proposal to introduce a new “Space Act” that would impose cyber-resilience obligations on entities operating in the space sector, including both infrastructure located in space and ground infrastructure supporting it. Under the Space Act, space operators will have wide-ranging requirements including in relation to: “all hazards” risk management; cybersecurity risk assessments; asset management and access rights; encryption; testing; incident response and regulatory notification; and supply chain management. The space sector is already within the scope of NIS 2, and NIS 2 obligations will apply to the space sector in full until the Space Act comes into force. Once the Space Act comes into force, it will override the cybersecurity risk management

obligations set out in NIS 2. The current draft of the Space Act proposes that obligations would come into force on 12 January 2030. (EU Space Act, Skadden)

Morocco Introduced National Cybersecurity Strategy 2030. On 11 June 2025, the Minister

of Digital Transition and Administration Reform, Amal El Fallah Seghrouchni, announced a new national strategy aimed at strengthening the country's cybersecurity defenses. The strategy focuses on proactive risk management, systematic cybersecurity audits, and embedding security standards early in digital project design. Public sector cybersecurity awareness will be enhanced through training programs led by the General Directorate for Information Systems Security (DGSSI). The government also plans to bolster critical infrastructure protection by mapping interdependencies and encouraging the establishment of organizational SOCs. Morocco will also invest in cybersecurity R&D at academic institutions, including the Cybersecurity Innovation Center launched in June 2025 at Mohammed V University. In parallel, the government will strengthen inter-agency coordination by establishing communication channels between key national stakeholders for sharing threat intelligence and responding to cyber incident (DGSSI Cyber Strategy, Press Release)

European Union Announces New Quantum Strategy. On 2 July 2025, the European

Commission put forward a strategy to make Europe a global leader in quantum technology by 2030. The strategy focuses on five areas: research and innovation, quantum infrastructures, ecosystem strengthening, space and dual-use technologies, and quantum skills. Specific actions are identified to meet the strategy’s objectives, such as:

• launching the quantum Europe research and innovation initiative;

• establishing a quantum design facility and six quantum chips pilot lines;

• launching a pilot facility for the European quantum internet;

• expanding the network of Quantum Competence Clusters across the EU andestablishing the European quantum skills academy in 2026; and

• developing a quantum technology roadmap in space with the European Space Agency and contributing to the European armament technological roadmap.

(EU Quantum Strategy, EuroNews, Encryption Consulting)