Securewave Threat Intelligence

A Wave of Breaches: June 2025 Cybersecurity Highlights

As we crossed into the summer of 2025, cybersecurity risks hit new heights. Two major events shaped headlines: the massive 16 billion credential leak impacting users globally, and a sophisticated insurance-sector breach traced to the “Scattered Spider” threat group.

The 16 Billion Credential Leak

In mid‑June, cybersecurity researchers confirmed a staggering breach—a compilation of over 16 billion usernames, passwords, and login URLs tied to platforms like Apple, Google, and Facebook. This data wasn’t stolen from a single company, but aggregated via infostealer malware and past breaches. [Source: Tom’s Guide]

Experts warn that credential reuse across services dramatically increases risks. As a result, security professionals are urging users and enterprises to:

• Immediately change passwords and enable multifactor authentication (MFA)
• Adopt passkey-based or passwordless login systems
• Use password managers and dark-web monitoring tools

Scattered Spider Targets U.S. Insurance Sector

Around June 12, Aflac was hit by a targeted social-engineering attack linked to the notorious group known as “Scattered Spider”, which also struck Erie Insurance and Philadelphia Insurance Companies. [Source: NY Post]

The attackers impersonated tech‑support staff to manipulate internal users—highlighting the continuing threat posed by phone‑based social engineering. Affected individuals are being offered 24 months of credit monitoring and identity protection services.

Key Takeaways for Security Teams

• Preparedness is essential: Even legitimate sectors like insurance and retail are now frequent targets.
• Educate your people: Vishing and help‑desk impersonation remain powerful attack vectors.
• Assume credentials are compromised: Require MFA, enforce password hygiene, and deploy privilege monitoring.
• Plan for double‑extortion: Groups like Scattered Spider and Play ransomware may exfiltrate data before encrypting it.

Beyond June: Broader Patterns in Cyber Threats

The June incidents were not isolated. Other major breaches included:

• United Natural Foods’ June 5th cyberattack disrupted supply-chain and operations for days [Source: Wall Street Journal]
• The international distribution firm Ingram Micro suffered a SafePay ransomware incident impacting ordering platforms and partners
• McLaren Health Care systems in Michigan were breached mid‑June, exposing health and identity data of over 740,000 individuals

These events highlight how industries such as retail, healthcare, and logistics are all within attackers’ crosshairs.

How Securewave Helps You Stay Resilient

Securewave Threat Intelligence provides early warning and context‑rich analysis on emerging incidents like these. Our platform delivers:

• Real‑time scanning of leaked credential databases and infostealer drops
• Profiles on extortion groups like Scattered Spider, Play, and SafePay
• IoC alerts, forensic guidance, and response templates tailored to threat actors
• Post‑incident reports for proactive security improvements

With Securewave, you get more than alerts — you get empowerment. Stay informed, stay vigilant, and stay protected.