23andMe fined £2.31m over major data breach

The UK Information Commissioner’s Office (ICO) has fined genetic testing company 23andMe £2.31 million following a 2023 data breach that compromised the personal information of over seven million users, including 150,000 in the UK.

The stolen data included family trees, health reports, ethnicity profiles, dates of birth, home addresses, and profile photos. The breach also exposed a dataset of nearly one million individuals identified as having Ashkenazi Jewish heritage, raising serious concerns about how such data could be misused.

“This was a profoundly damaging breach,” said UK Information Commissioner John Edwards. “It exposed sensitive personal information, family histories, and health data.”

The ICO’s investigation, conducted jointly with Canada’s privacy watchdog, revealed repeated failures to safeguard data. The fine represents the most severe penalty available to the regulator and highlights the critical need for organisations to ensure robust protections for personal and genetic information in an era of rising cyber threats.

North Korean hackers use Deepfakes in Zoom attacks on Mac users

Cybersecurity researchers have uncovered a sophisticated new campaign by North Korean hacking group BlueNoroff targeting macOS users through deepfake Zoom calls. In a June 11 incident investigated by Huntress, attackers impersonated company executives using AI-generated video during a fake Zoom meeting, tricking a tech firm employee into installing malware.

The deception began via Telegram, with attackers sharing a Calendly link disguised as a Google Meet invite. Victims were lured to a fake Zoom domain, where deepfakes of senior leadership advised downloading a fake extension to fix microphone issues.

This triggered the installation of a malware chain, including a backdoor, keylogger, screen recorder, and a cryptocurrency-stealing infostealer targeting over 20 wallets.

The campaign demonstrates a dangerous evolution in social engineering, combining AI deepfakes, impersonation, and advanced macOS malware. Security experts warn Mac users not to assume immunity, as targeted attacks on Apple devices continue to rise with growing enterprise use.

Asefa Hit by Qilin Ransomware in Major Insurance Sector Breach

Spanish insurer Asefa, a subsidiary of French mutual insurance group SMABTP, has confirmed a cyberattack that disrupted parts of its IT infrastructure. The incident follows a claim by the Qilin ransomware gang that it exfiltrated over 200GB of sensitive data, including financial documents, passport scans, and files linked to FC Barcelona’s Camp Nou redevelopment.

Asefa stated that its core insurance services remain operational and that internal systems are being restored. Its website has been taken offline while a full cybersecurity audit is conducted.

Qilin, responsible for over 300 global attacks in the past year, listed Asefa on its dark web portal. Researchers warn the leak could lead to identity theft, fraud, and reputational harm—particularly due to the high-profile client mentioned.

As one of southern Europe’s most significant insurance breaches this year, the attack raises new concerns for regulatory scrutiny and cyber risk across the insurance sector.

CISA urges federal agencies to patch actively exploited Linux Kernel vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert to federal agencies regarding a critical Linux kernel vulnerability (CVE-2023-0386) that’s now under active exploitation. The flaw, found in the OverlayFS subsystem, allows local users to escalate privileges to root by exploiting improper ownership management in setuid file execution across mounts.

Patched in January 2023 and publicly disclosed two months later, the flaw affects major Linux distributions including Ubuntu, Debian, Red Hat, and Amazon Linux with kernel versions below 6.2. Proof-of-concept exploits have been circulating on GitHub since May 2023, heightening the urgency for patching.

Under Binding Operational Directive 22-01, federal agencies must mitigate the vulnerability by 8 July. CISA added the flaw to its Known Exploited Vulnerabilities (KEV) catalogue, calling it a "frequent attack vector" that poses a "significant risk."

Qualys researchers also warn that two newly discovered LPE bugs could similarly grant root access on major Linux systems.

BeyondTrust patches critical RCE flaw in remote access solutions

BeyondTrust has released urgent security patches addressing a critical vulnerability (CVE-2025-5309) in its Remote Support (RS) and Privileged Remote Access (PRA) platforms. The flaw, discovered by Jorren Geurts of Resillion, is a Server-Side Template Injection issue in the platforms’ chat feature, which could allow unauthenticated attackers to execute arbitrary code remotely on affected servers.

Remote Support and PRA are widely used by IT teams for secure system access and support. BeyondTrust confirmed that cloud systems were patched as of 16 June 2025 and is urging on-premises customers to update manually if automatic patching isn’t enabled.

To mitigate risk until patches are applied, the company recommends enabling SAML authentication and disabling certain features like the Representative List.

This alert follows a December breach involving three BeyondTrust zero-days, later linked to Chinese state hackers targeting the U.S. Treasury. The company serves over 20,000 customers globally, including 75% of Fortune 100 firms.

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.