Cyber Intelligence Weekly

Cyber Intelligence Weekly (June 15, 2025): Our Take on Three Things You Need to Know

By
Posted on Jun 15 / 2025

Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe

Before we get started on this week’s CIW, I’d like to highlight an upcoming informative webinar that will highlight the changes coming down the pipe with HIPAA.

🔍 HIPAA is changing. Is your organization ready?

Join our experts, Josh Fleming, MSITM and Stephen Dyson, Senior Cybersecurity Managers, as they break down the proposed updates and what they mean for healthcare providers, payers, and partners.

Moderated by Cybersecurity Manager Alyson Pisarcik, this session will cover:

⚫ What’s actually changing and who’s impacted

⚫ Real-world strategies to ease implementation

⚫ Third-party oversight and new contingency planning

⚫ Whether you should prepare now… or wait

Reserve your spot: https://lnkd.in/gfA-Gna6

Away we go!

1.  Critical Disruption: Cyberattack at UNFI Strains U.S. Grocery Supply Chain

United Natural Foods, Inc. (UNFI), one of the largest grocery distribution companies in the U.S.—is in the midst of an ongoing cybersecurity crisis that has upended its operations and triggered ripple effects across the grocery sector. As the primary distributor for Whole Foods and a supplier of over 250,000 products to retailers nationwide, any disruption at UNFI carries significant implications for grocery availability, particularly as summer demand surges.

The incident, which UNFI confirmed in its latest earnings report, involved unauthorized access to its IT systems. Although the company has not disclosed the specific type of attack, it acknowledged that systems have been taken offline and that order fulfillment is operating at reduced capacity. CEO Sandy Douglas noted that the company is working around the clock to restore systems safely and resume normal customer service, but acknowledged that orders are currently shipping on a “limited basis.”

For downstream customers and suppliers, the silence has been frustrating. One vendor told TechCrunch they were launching a new product in Whole Foods stores this week, only to find that UNFI deliveries never arrived—without any communication or guidance. Empty or understocked shelves at affected stores are now being reported, but the full scope of the operational fallout may not be visible until later this week.

With UNFI’s customer and supplier-facing platforms—like their web portals and VPN access—still offline, the event serves as a stark reminder of the fragility of digital supply chains. Despite $8.1 billion in quarterly revenue, UNFI’s long-term cybersecurity posture remains unclear, and questions linger about who is ultimately responsible for its cybersecurity oversight. As the company scrambles to recover, the broader industry watches closely, knowing that supply chain cybersecurity isn’t just a technology issue—it’s a business continuity imperative.

New Risks of Cross‑Tenant Token Forgery

A recent security incident, dubbed Storm‑0558, highlights a critical vulnerability in multi‑tenant identity architectures: cross‑tenant token forgery. At its core, the problem arises when a compromised signing key—intended for one domain (e.g., consumer accounts)—is accepted across multiple tenants, including enterprise environments.

How the Attack Worked

Key Theft – An attacker stole a private signing key originally used to issue tokens for Microsoft consumer accounts.

Token Forgery – Using this key, the attacker forged authentication tokens with adjusted claims (e.g., subject and tenant IDs), making them appear legitimate.

Tenant Confusion – Because Azure AD failed to distinguish between consumer and enterprise keys during validation, these forged tokens were accepted in enterprise contexts—granting the attacker unauthorized access to services like Outlook Web Access.

This breach underscores a fundamental flaw: outsourcing trust to a shared signing infrastructure without isolating key usage per tenant or domain can lead to sweeping access across environments.

Why It Matters Beyond Microsoft

  • Signature Trust is Universal – Any multi‑tenant deployment relying on shared signing keys (e.g., Keycloak realms, shared JWKS across tenants) faces this risk unless strict issuer/audience validation is enforced.
  • Tokens Are Dangerous – Attackers who obtain private keys can fabricate valid tokens indefinitely—modifying claims to escalate privileges or bypass restrictions.

Historical Context

This isn’t an isolated case. Similar token‑forgery incidents have originated from stolen SAML certificates during the SolarWinds breach, confusion over JWT algorithms (e.g., alg=none or HS256/RS256 mixups), and misuse of public keys as HMAC secrets.

Recommended Defenses

To protect against such threats:

  • Key Isolation – Ensure signing keys are strictly scoped per issuer and tenant. Avoid sharing JWKS across contexts.
  • Enforce Validation – Recipient systems must enforce claims validation for iss, aud, and tenant IDs to reject out‑of‑scope tokens.
  • Comprehensive Logging – Record key metadata (kid, iss, aud, sub, tid, roles) for every incoming token.
  • Anomaly Detection – Use SIEM solutions (e.g., Splunk, Elastic) to flag tokens signed by unfamiliar keys or with inconsistent tenant IDs.
  • Geolocation Correlation – Track session origins—multiple regions for a single user in short timeframes should trigger alerts.

Storm‑0558 serves as a powerful warning: when a signing key is compromised, attackers can gain cross‑tenant access if identity systems don’t enforce rigid tenant boundaries. Strengthening token validation, isolating keys, and actively monitoring authentication events are essential steps to defend modern, multi‑tenant environments against these far‑reaching threats.

2.  When Remote Access Becomes a Backdoor: SimpleHelp Exploited in Ransomware Surge

A critical flaw in SimpleHelp, a popular remote access platform used by IT teams for remote troubleshooting and monitoring, has become the latest vector for ransomware operations targeting the retail sector. The vulnerability, cataloged as CVE-2024-57727, is being actively exploited by threat actors to breach environments that rely on unpatched versions of the software. According to the Cybersecurity and Infrastructure Security Agency (CISA), this vulnerability has been leveraged since at least January to target utility billing platforms and retail networks across the U.S. and U.K.

Sophos researchers recently tied this exploitation to a spike in DragonForce ransomware attacks, a payload being used by several threat groups including the notorious Scattered Spider collective. These incidents often follow a double-extortion pattern, combining data theft with system encryption to increase pressure on victims. Simultaneously, law enforcement has confirmed that Play ransomware affiliates have also tapped into the same flaw, deepening concern about the breadth of exposure for organizations still using vulnerable instances of SimpleHelp.

CISA’s advisory underscores a growing trend: remote monitoring and management (RMM) tools are increasingly being used as attack launchpads. As with earlier exploits in tools like Kaseya and ConnectWise, the abuse of SimpleHelp reveals how deeply attackers understand the architecture of IT operations—and how easily these tools can turn into liabilities when left unpatched. The advisory serves as a reminder that endpoint control tools, if not properly secured, can become a conduit for devastating compromise.

With growing interdependence between software vendors and their customers, organizations must demand greater transparency and security accountability across their supply chains. A robust patch management program, combined with endpoint hardening and network segmentation, is no longer optional—it’s essential. In a world where your IT tools can be used against you, proactive defense is your best strategy.

Article content

CVE-Bench: Alarming Success Rates for AI Agents Exploiting Critical Web Vulnerabilities

Groundbreaking Vulnerability Testing Framework 

Researchers from the University of Illinois have introduced CVE-Bench, the first comprehensive benchmark designed to evaluate AI agent’s capabilities in exploiting real-world web application vulnerabilities (Zhu et al., 2025). This innovative framework focuses on critical-severity Common Vulnerabilities and Exposures (CVEs) with CVSSS 3.1 base score of 9.0 or higher, providing a more realistic assessment than previous benchmarks that relied on abstracted Capture The Flag (CTF) competitions or limited scenarios. CVE-Bench includes 40 high-severity vulnerabilities across diverse web applications, including content management systems, AI tools, and business platforms.

Sophisticated Sandbox Environment 

The researchers developed an advanced sandbox framework that creates containerized environments where AI systems can attempt to exploit vulnerable applications while enabling accurate evaluation of their success. The Framework standardizes eight specific attack types, including denial of service, file access, database modification, privilege escalation, and unauthorized administrator logins (Zhu et al., 2025). This methodology allows for comprehensive testing of how AI agents might discover and execute exploits against web vulnerabilities in scenarios that closely mirror real-world conditions while maintaining a controlled testing environment.

Concerning Success Rates 

Perhaps most alarming, the study found that current state-of-the-art AI agent frameworks can successfully exploit up to 13% of critical vulnerabilities in zero-day scenarios (i.e., where no prior information about the vulnerability is provided) and up to 25% in one-day scenarios (i.e., when given a high-level vulnerability description) (Zhu et al., 2024). The most successful agent, Teams of Agents (T-Agent), demonstrated significant capabilities when equipped with specialized tools like “sqlmap”, highlighting how tool integration dramatically enhances AI exploitation capabilities. These findings represent a substantial security concern as AI systems continue to evolve.

Security Implications and Recommendations 

These results underscore the growing cybersecurity risks posed by increasingly capable AI systems. Security professionals should consider the following actions to address these emerging threats:

  • Implement rigorous vulnerability management focused on high-severity web application flaws, prioritizing those that AI systems demonstrated success in exploiting.
  • Deploy advanced web application firewalls capable of detecting and blocking exploitation patterns associated with AI-driven attacks
  • Conduct continuous penetration testing specifically considering AI-based attack vectors.
  • Establish defense-in-depth strategies to contain potential breaches, assuming vulnerabilities may be discovered and exploited autonomously
  • Monitor the development of AI security research to stay informed about evolving capabilities and threats
  • Establish robust monitoring for unusual access patterns that might indicate automated exploitation attempts
     

Microsoft Unveils AI security Agents to Combat Growing Threat Landscape

AI Agents for Autonomous Security Functions 

Microsoft has announced a significant evolution of their Security Copilot platform with the introduction of AI agents designed to autonomously assist with critical security functions, according to a recent announcement from their Corporate Vice President of Security (Jakkal, 2025). These agents come in response to the overwhelming volume of cyber threats, with Microsoft Threat Intelligence now processing 84 trillion signals per day and detecting over 30 billion phishing emails and 7,000 password attacks per second targeting customer in 2024 alone (Jakkal, 2025).

New Microsoft and Partner-Built Capabilities 

The enhanced Security Copilot will include six Microsoft-built agents focusing on phishing triage, alert triage, conditional access optimization, vulnerability remediation, and threat intelligence briefing (Jakkal, 2025). Additionally, five partner-built agents from OneTrust, Aviatrix, BlueVoyant, Tanium, and Fletch will extend the platform’s capabilities to address privacy breach response, network supervision, SecOps tooling, alert triage, and task optimization. According to Blake Brannon, Chief Product and Strategy Officer at OneTrust, “an agentic approach to privacy will be game-changing for the industry. Autonomous AI agents will help our customers scale, augment, and increase the effectiveness of their privacy operations” (Jakkal, 2025).

Enhanced Governance for AI Security 

Microsoft is also strengthening its solutions for securing AI itself, addressing growing concerns about effective AI governance. Their recent report found that 5% of organizations have experienced an increase in security incidents from AI usage, yet 60% have not yet implemented AI controls (Jakkal, 2025). New capabilities include AI security posture management for multi-model and multi-cloud environments (extending beyond Microsoft Azure to include Google VertexAI and AWS), enhanced detection for emerging AI threats identified by OWASP, and controls to prevent risky access and data leaks into shadow AI applications.

Strategic Implementation Recommendations 

As AI becomes more deeply integrated into security operations and business processes, a comprehensive approach to both securing with AI and securing AI itself is essential. Security practitioners should consider the following actions:

  • Evaluate the new agentic apabilities as potential tools to address the overwhelming volume of security alerts and incidents
  • Prioritize implementing AI governance controls, particularly as Microsoft’s data suggests most have not yet done so despite experiencing security incidents
  • Implement granular access controls for AI applications using solutions like Microsoft Entra internet access
  • Deploy data loss prevention controls for AI applications through specialized tools like Microsoft Purview to prevent sensitive data leakage
  • Develop comprehensive security policies that address both the use of AI for security and the security of AI systems themselves
  • Consider phased implementation of autonomous AI agents, starting with high-volume, low-complexity security tasks

3.  Spyware in the Spotlight: Journalists Targeted by Paragon’s Covert Surveillance Tool

In the latest chapter of Europe’s growing spyware crisis, researchers have confirmed forensic evidence linking the Israeli mercenary surveillance firm Paragon to spyware infections on the phones of at least two European journalists. The spyware, known as Graphite, was deployed using a zero-click vulnerability in iOS, meaning the victims didn’t need to click or open anything to be compromised. Apple patched the exploited vulnerability—now designated CVE-2025-43200—in iOS 18.3.1, but the impact of the intrusion raises serious questions about accountability and the use of such tools against the press.

The Citizen Lab, working with consent from the targeted individuals, identified clear signs that Graphite spyware infected the devices of an unnamed European journalist and Ciro Pellegrino, a prominent journalist in Italy. In both cases, forensic analysis uncovered communications with a known Paragon-controlled server and messages from a unique iMessage account used in the attack, suggesting both targets were compromised by the same operator.

This revelation is particularly alarming given Pellegrino’s connection to Fanpage.it, a news outlet already linked to previous targeting attempts with the same spyware. Evidence suggests a broader campaign to monitor the newsroom, possibly under the auspices of a government client. A parliamentary report in Italy confirmed that the country's intelligence agencies had used Graphite in other cases, but stopped short of identifying the responsible party in this latest wave of targeting.

These findings underscore the ongoing risk spyware poses to civil society, particularly journalists. Despite regulatory scrutiny, commercial surveillance tools continue to proliferate, often without oversight or transparency. As more stories emerge of targeted journalists and political figures, the demand for accountability and safeguards around surveillance technologies grows more urgent.

Thanks for reading!

About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about

Are you ready to get started?