Analyst Insight
This week in cyber, threat prevention and third-party risk have been a focus. Microsoft introduced new defences against email bombing within Defender for Office 365, using automated detection to shield inboxes from subscription-based denial-of-service attacks, highlighting the growing sophistication of nuisance-level threats. The International Criminal Court (ICC) in The Hague detected and contained a second targeted cyberattack in two years, with minimal disruption reported. In Australia, Qantas disclosed a breach involving a third-party platform that exposed customer data for up to six million individuals, reflecting continued risks in outsourced environments. Meanwhile, AT&T rolled out a Wireless Account Lock feature to help prevent SIM-swap fraud, giving users more control over unauthorized changes to their accounts. Read more in this week in cyber.
Microsoft Defender Introduces Protection Against Email Bombing
This week, Microsoft has introduced prevention of email bombing attacks built into their Microsoft Defender for Office 365 suite. Email bombing involved subscribing victims to a large number of legitimate newsletter and subscription services, each newsletter sends many emails to the victims inbox, making it harder for the victim to find legitimate emails. The new feature to prevent email bombing started rolling out in late June 2025 and is expected to reach all organisations by late July, it will be on by default. The “Mail Bombing” feature is now available for security operations analysts and administrators as a new detection type in Threat Explorer, the Email entity page, the Email summary panel, and Advanced Hunting.
ICC thwarts second “sophisticated” cyber‑attack in two years
The International Criminal Court (ICC) in The Hague detected and contained a “sophisticated and targeted” cyber‑attack late last week, the second of its kind since a major breach in 2023. The court discovered the attack via internal alert systems, the intrusion was contained with minimal disruption, and a full, ongoing impact assessment is now underway. The attack coincided with a nearby NATO summit but the ICC denies any link. While no evidence yet shows that confidential data was accessed, the court is securing its systems and continuing routine cyber hygiene measures.
Australia’s Largest Airline Discloses Cyberattack
On Monday, Qantas, Australia’s biggest airline revealed it had been hit by a cyberattack after hackers gained access to a third-party system holding customer information. While the airline says the breach has now been contained, they confirmed that a large amount of data was stolen in the incident. “On Monday, we detected unusual activity on a third party platform used by a Qantas airline contact centre. We then took immediate steps and contained the system. We can confirm all Qantas systems remain secure.” states Qantas. “There are 6 million customers that have service records in this platform. We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant. An initial review has confirmed the data includes some customers’ names, email addresses, phone numbers, birth dates and frequent flyer numbers.”
Google urges urgent Chrome update after fourth zero-day patch in 2025
Google has quietly released a critical update for Chrome to fix CVE‑2025‑6554, a zero-day vulnerability in the V8 JavaScript engine. This type-confusion bug allows attackers to read or write memory simply by forcing users to view a malicious page. Detected on June 25 by Google’s Threat Analysis Group, the flaw was actively exploited, prompting an immediate fix via configuration change and a full patch in Chrome 138.0.7204.96/.97 for Windows, 138.0.7204.92/.93 for macOS, and 138.0.7204.96 for Linux. This is the fourth Chrome zero-day Google has patched in 2025. Although the current attack scope seems limited, Google strongly urges everyone, especially users handling sensitive data to update and enable automatic browser updates.
AT&T Introduces “Wireless Account Lock” to Prevent SIM-Swap Attacks
AT&T has launched a new security feature, Wireless Account Lock, designed to block SIM-swapping attacks and other unauthorized changes. Through the myAT&T app, customers can toggle the lock on or off for postpaid, prepaid, and business accounts. Once enabled, it prevents actions like SIM or eSIM swaps, phone-number transfers, billing updates, adding lines, device upgrades, or changes to authorized users.
Notifications alert the primary account holder via email and every active number via text whenever the lock is switched on or off. Only those with primary or secondary account access can manage it. Similar protections already exist at other carriers, and AT&T says it won’t ask users to disable the feature. This extra layer ensures that even if login details are compromised, attackers still can’t hijack a customer’s mobile account.
Go Back
Blog & News
