In June 2025, the Israel–Iran conflict has escalated beyond the battlefield, triggering waves of cyberattacks, disinformation, and spillover risks for organizations worldwide. CISOs must now consider geopolitical risk a core factor in their threat modeling.
From AI-powered ransomware to nation-state campaigns targeting critical infrastructure, here are the 10 most pressing cyber developments from the past 90 days — and what your org should be doing about them.
Top Cyber Threats & Breaches (Apr–Jun 2025)
- Iranian APTs Targeting U.S. Critical Infrastructure
The Food & Ag-ISAC and IT-ISAC issued a coordinated alert urging U.S. industries to adopt a “Shields Up” posture in light of Iranian cyber operations.
👉 Read more - Disinformation & Phishing Spillover
Politically motivated campaigns have triggered waves of disinfo, phishing, and DDoS that are beginning to affect U.S. networks and public systems.
👉 Read more - LLM-Enhanced Cybercrime
Threat actors are now wrapping large language models (LLMs) into phishing kits and malware generation tools. AI misuse is officially in the wild.
👉 Read more - Scattered Spider Targets U.S. Insurance
Google Threat Intelligence has identified a pivot by Scattered Spider toward insurance companies, exploiting help desk protocols via voice phishing and identity theft. - AI Ransomware Surge in META
Kaspersky reports a major increase in AI-powered ransomware-as-a-service in the Middle East, Türkiye, and Africa — blending polymorphic logic and stealth payloads. - Long-Term Iranian APT Operations in Middle East CNI
Since February, Iranian groups have infiltrated critical infrastructure using VPN credential theft and persistent web-shells across regional utilities. - LexisNexis Risk Solutions Breach (May 24)
Breach affected 364,000 individuals tied to law enforcement, credit, and insurance datasets. - Victoria’s Secret Cyberattack (May 29)
Internal systems were disabled and PII potentially exposed. Major blow to retail sector trust and logistics. - Coca-Cola Hit by Everest Ransomware (May 22)
Employee records from Coca-Cola were leaked, showing that even Fortune 100s are not immune to human-focused attacks. - United Natural Foods Incident (June 9)
This breach affected distribution networks, highlighting the fragility of supply chains in the food and beverage industry.
🛡️ What CISOs Should Be Doing Now
| Focus Area | Action Items |
|---|---|
| Nation-State Threats | Engage with ISACs, strengthen endpoint detection, monitor geopolitical indicators |
| AI-Augmented Threats | Deploy anomaly detection tailored to LLM behaviors, educate red teams on adversarial AI |
| Social Engineering & Identity | Revise help desk protocols, implement number-matching MFA, monitor for SIM swap attempts |
| OT & Supply Chain | Segment OT environments, verify supplier cyber hygiene, run tabletop incident simulations |
| PII Exposure | Audit IAM permissions, enforce access reviews, deploy real-time data leak prevention tools |
💬 Final Thoughts
The June 2025 threat landscape demands more than just awareness — it requires urgent and strategic defensive action. CISOs must now treat cyber resilience as a cross-functional priority, deeply intertwined with geopolitics, AI, supply chains, and employee risk.
Stay vigilant. Stay connected. And stay ahead.
Have a perspective on how your org is responding? Let’s connect.