June Security Roundup
Published: 25 June 2025
From advanced AI hijacks to fresh Windows vulnerabilities, this month’s SOC bulletin covers what your security team needs to know and how to sharpen your defences.
Headlines:
- Critical Windows vulnerabilities in WebDAV and SMB
- EchoLeak attack hijacks AI assistants
- Mercenary spyware targets journalists via Apple Messages
- TokenBreak technique bypasses AI content filters
- Malicious Python package compromises AI pipelines
WebDAV and SMB flaws drive urgent Windows patching
Microsoft’s June 2025 Patch Tuesday addressed 65 to 70 CVEs across Windows platforms, including nine critical vulnerabilities. We’ve highlighted two standout risks this month:
- CVE-2025-33053: WebDAV Remote Code Execution flaw, actively exploited by Stealth Falcon APT
- CVE-2025-33073: SMB client privilege escalation vulnerability allowing SYSTEM-level compromise
Both vulnerabilities have a CVSS score of 8.8 and can enable lateral movement and major compromise if unpatched.
What’s the risk?
- RCE from malicious WebDAV URLs or legacy integrations
- Privilege escalation via malicious SMB servers
- Lateral movement and broad internal compromise
- Continued exposure on unpatched or legacy Windows systems
Recommended mitigation
Action point
Technical fixes should couple with user awareness training (e.g. avoiding clicking suspicious links) and email filtering to reduce exposure to malicious URLs.
EchoLeak attack hijacks AI assistants
A new attack dubbed ‘EchoLeak’ was disclosed this month, targeting Microsoft 365 Copilot and similar AI assistants.
The zero-click exploit allows attackers to trigger malicious behaviours simply by sending an email. Once processed by the AI assistant, the email’s hidden instructions can steal sensitive data and erase evidence of the breach.
Microsoft has now deployed a server-side patch, but the attack highlights emerging risks as AI assistants become embedded in business workflows.
What’s the risk?
- Covert theft of sensitive data through common business tools
- AI-driven automation exploited for unauthorised actions
- Supply chain compromise via trusted internal services
- Increased targeting of AI assistants by threat actors
Recommended mitigation
Action point
Review your AI and email security posture and include AI assistants in phishing simulations and incident response planning.
Mercenary spyware targets journalists via Apple Messages
Apple disclosed that a zero-click flaw (CVE-2025-43200) in its messages app had been exploited in attacks against civil society groups, including journalists.
The flaw was used to deploy Paragon’s Graphite spyware, allowing surveillance of victims’ devices.
Apple issued patches in February across affected devices. This attack reinforces the risks facing high-profile individuals and organisations that rely on consumer-grade communication platforms.
What’s the risk?
- Covert surveillance of targeted users
- Compromise of sensitive communications and files
- Potential spillover into corporate networks from personal devices
- Repeat exploitation of unpatched endpoints
Recommended mitigation
Action point
Ensure endpoint detection and mobile device management policies extend to BYOD and corporate iOS devices.
TokenBreak technique bypasses AI content filters
Researchers identified a new evasion technique called TokenBreak, which manipulates how large language models (LLMs) handle tokenisation. By changing a single character, attackers can fool moderation filters and push harmful content through undetected.
This discovery shows that AI content filters can be fragile and that attackers are rapidly finding ways to exploit weaknesses in LLM-driven services.
What’s the risk?
- Harmful or non-compliant content bypassing moderation
- AI-generated content used for disinformation or scams
- Reputational damage from unsafe AI outputs
- Increased regulatory scrutiny over AI governance
Recommended mitigation
Action point
Audit your AI-driven services for robustness against evasion techniques and ensure your AI risk management policies are evolving with emerging threats.
Malicious Python package compromises AI pipelines
A malicious package, chimera-sandbox-extensions, was discovered on PyPI, targeting AI development environments. Masquerading as a legitimate tool, the malware steals credentials and tokens from cloud and corporate environments using chimera-sandbox.
This is a growing example of supply chain attacks via public repositories and an attack vector that is increasingly targeting AI and ML development pipelines.
What’s the risk?
- Credential and token theft across cloud environments
- Supply chain compromise in development pipelines
- Elevated risk of lateral movement or privilege escalation
- Increased targeting of AI tools and dependencies
Recommended mitigation
Action point
Review your software supply chain security, especially in AI and data science environments, and implement least privilege for build and deployment systems.
From our blog
Certificate lifetimes are shrinking: What it means for your TLS/SSL strategy
TLS certificate lifetimes are about to get much shorter, with the first big change landing in March 2026. Manual renewal cycles will quickly become unmanageable, and automation will soon be essential.
If you have any systems with long-lived certificates or tricky renewal processes, now is the time to audit your setup and start planning for a more automated future.
Resources & References
Security Week: EchoLeak AI Attack Enabled Theft of Sensitive Data
Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists
Malicious Chimera Turns Larcenous on Python Index
Thanks to this month’s contributors from the Kocho SOC team: Nicci Smart and Jack Fisher.
Stay safe. Stay informed.
Let's talk!
30-day free trials and flexible contracts
Book a free Discovery Call and learn more about our AI-powered security operations service, XDR Rapid Protect.
Get more information on:
- 30-day free trials for new partnerships
- Flexible, 30-day contracts (no lock-in)
- Microsoft-funded proof of concepts
Don't Miss
Great security & compliance resources
