---
title: "DMV Impersonation Scam, Scania Insurance Breach, Cock.li Records Exposed, Cybersecurity News [June 16, 2025] | DuoCircle"
description: "DMV Impersonation Scam, Scania Insurance Breach, Cock."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-26-of-2025/"
---

Quick Answer

Five incidents. Texts and emails impersonating state DMVs are demanding payment for fake unpaid tolls and traffic violations to harvest payment and personal data. Truck maker Scania confirmed an extortion attempt after attackers stole customer insurance documents through a compromised partner. Privacy-focused webmail provider Cock.li disclosed that more than 1 million user records, including hashed passwords and IP addresses, were exposed via a vulnerability in its old Roundcube installation. The Washington Post confirmed a targeted breach of journalists' Microsoft email accounts, attributed to a foreign government actor. And WestJet is investigating an active cyberattack disrupting internal systems and the airline's mobile app.

DMV Impersonation Scam, Scania Insurance Breach, Cock.li Records Exposed, Cybersecurity News \[June 16, 2025\]

Your browser does not support the audio element.

[ Download episode](https://media.mailhop.org/duocircle/images/2025/06/DMV-Impersonation-Scam-Scania-Insurance-Breach-Cock.li-Records-Exposed---Cybersecurity-News-June-16-2025.mp3) 

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-26-of-2025%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=DMV%20Impersonation%20Scam%2C%20Scania%20Insurance%20Breach%2C%20Cock.li%20Records%20Exposed%2C%20Cybersecurity%20News%20%5BJune%2016%2C%202025%5D&url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-26-of-2025%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-26-of-2025%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-26-of-2025%2F&title=DMV%20Impersonation%20Scam%2C%20Scania%20Insurance%20Breach%2C%20Cock.li%20Records%20Exposed%2C%20Cybersecurity%20News%20%5BJune%2016%2C%202025%5D "Share on Reddit") [ ](mailto:?subject=DMV%20Impersonation%20Scam%2C%20Scania%20Insurance%20Breach%2C%20Cock.li%20Records%20Exposed%2C%20Cybersecurity%20News%20%5BJune%2016%2C%202025%5D&body=Check out this article: undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-26-of-2025%2F "Share via Email") 

![cybersecurity news](https://media.mailhop.org/duocircle/images/2025/06/spf-record-7896.jpg) 

Cyberattacks and data breaches continue to hit hard this week! A scam targeting **U.S. residents** through [fake DMV messages](https://www.usatoday.com/story/tech/news/2025/05/30/dmv-text-message-scam/83944066007/) is harvesting sensitive data. At the same time, separate breaches have exposed insurance documents at Scania, journalist accounts at The Washington Post, and over a million records from Cock.li’s email service is included. _WestJet Airlines is also facing internal disruptions due to a cyberattack. Here’s a quick breakdown of the most important incidents and how to stay safe_.

## Phishing Scams Impersonating DMV Target U.S. Citizens for Personal Data

There’s a new [phishing scam](https://www.npr.org/2025/05/24/nx-s1-5410454/dmv-phishing-smishing-scam-phones-texts) tricking people in the U.S. by pretending to be messages from their local DMV, warning them about fake toll violations, and stealing their **personal information**.

Threat actors have been sending such [fake text messages](https://www.facebook.com/NewJerseyMVC/posts/pfbid023dUtJvUWT1JwxG4DEkM15wKyhFczhWV5kWxYmnGSFkpaM3QbYGzDHUcfp87vTU3El) since May. They look like they are from state motor vehicle departments and warn about unpaid tolls and threaten legal action or license suspension if people do not respond. They also use made-up legal codes to sound official and lead to websites that impersonate official DMV sites. Victims are first asked to **pay a small fee**, usually $6.99, then prompted to enter personal details like their name, address, email, phone number, and [full credit card information](https://www.infosecurity-magazine.com/news/cyber-attack-exposes-credit-card/).

Check Point researchers [found that the scam used](https://blog.checkpoint.com/research/dmv-themed-phishing-campaign-targeting-u-s-citizens/) a common setup for all states, hosted on [suspicious domains](https://www.securityweek.com/nsa-blocked-10-billion-connections-to-malicious-and-suspicious-domains/) using low-cost extensions like .cfd and .win. The websites share identical files and even code. Over 2,000 complaints have already been sent to the FBI’s Internet Crime Complaint Center, and many state agencies have issued warnings.

Users are urged to avoid clicking on unknown links in **texts and verify toll-related messages** directly with their state’s official DMV website.

[![scam used](https://media.mailhop.org/duocircle/images/2025/06/spf-record-6643.jpg)](https://media.mailhop.org/duocircle/images/2025/06/spf-record-6643.jpg)

## Scania Discloses Insurance Data Breach Linked to Extortion Effort

This week, [Scania](https://www.scania.com/group/en/home/about-scania/scania-in-brief/facts-and-figures.html) also confirmed a cyberattack that targeted its **Financial Services systems** and led to the theft of insurance claim documents.

The breach occurred when [threat actors](/phishing-protection/threat-actors-exploit-google-calendar-for-phishing-and-spoofing/) used login credentials from an external IT partner to access **Scania’s insurance platform**, “insurance.scania.com.” These credentials were likely stolen using [password-stealing malware](https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-password-stealing-malware-masked-as-fixes/). _Once inside, they downloaded documents linked to insurance claims, which may include personal, financial, or medical details_. Shortly after, the organizational employees began receiving emails from a ProtonMail address, with the attacker threatening to release the stolen data unless demands were met.

On the other hand, the [hacker, known online as “Hensi,”](https://x.com/H4ckmanac/status/1933102217562562836) has offered the stolen data for sale on a cybercrime forum (i.e., Dark Web), claiming exclusive access to documents from the **Scania insurance domain**. Some sample files were also leaked. The organization confirmed the incident and clarified that the compromised system had been taken offline and that an internal investigation was underway.

Scania continues to review the situation. Users and partners are advised to monitor their accounts and practice good password hygiene.

[![ hacker](https://media.mailhop.org/duocircle/images/2025/06/spf-record-check-6643.jpg)](https://media.mailhop.org/duocircle/images/2025/06/spf-record-check-6643.jpg)

## Cock.li Webmail Breach Exposes 1 Million User Records

Cock.li, a free email service, has [confirmed a major data breach](https://mail.cock.li/) affecting over a million users after attackers exploited a flaw in its old Roundcube webmail system.

The breach impacted everyone who logged into Cock.li since 2016, which is **about 1,023,800 users**. _It exposed email addresses, login timestamps, failed login attempts, language preferences, and a block of saved Roundcube settings and email signatures_. But that’s not all; around 10,400 users were affected more than the rest, as the breach also revealed third-party contact names, email addresses, vCards, and comments. However, no passwords, email content, or IP addresses were compromised, as they were not stored in the affected databases.

The incident followed unexplained service disruptions and was later confirmed when a hacker began [selling two stolen Cock.li databases](https://x.com/ReyXBF/status/1933555211185819835) online for at least one Bitcoin. Cock.li, known for its privacy stance and independent operation since 2013, acknowledged the issue and stated the attack likely happened through a known **Roundcube vulnerability**, [CVE-2021-44026](https://nvd.nist.gov/vuln/detail/cve-2021-44026). The service has since removed Roundcube permanently, admitting they should not have been using it in the first place.

[![Failed Login Attempts](https://media.mailhop.org/duocircle/images/2025/06/email-smtp-service-9043.jpg)](https://media.mailhop.org/duocircle/images/2025/06/email-smtp-service-9043.jpg)

It has been recommended to the users to kindly reset their passwords and switch to using **email clients via IMAP or SMTP** for safer access.

## Washington Post Email Breach Compromises Journalist Accounts

Several journalists at The [Washington Post](https://www.wsj.com/tech/cybersecurity/cyberattack-on-washington-post-compromises-email-accounts-of-journalists-70bf1300?mod=hp%5Flead%5Fpos6) had their [email accounts hacked](https://www.reuters.com/world/us/washington-post-investigating-cyberattack-journalists-wsj-reports-2025-06-15/) this week in what is believed to be a cyberattack.

_The breach was discovered on a Thursday evening, and by Sunday, June 15, staff were notified through an internal memo of a possible targeted intrusion in the newspaper’s email system_. The memo, signed by Executive Editor Matt Murray, confirmed that a limited number of Microsoft accounts were affected. The attack mainly focused on journalists who report on national security and economic policies.

Experts suggest the method used may be tied to advanced persistent threats, which are often backed by nation-states and known to exploit Microsoft Exchange systems. These attacks often rely on vulnerabilities in the Exchange servers. **Microsoft and security firms** like ESET have tracked such activity in the past as well, linking it to well-known hacker groups using [zero-day exploits](https://thehackernews.com/2023/09/mozilla-rushes-to-patch-webp-critical.html).

[![security](https://media.mailhop.org/duocircle/images/2025/06/spf-validator-6643.jpg)](https://media.mailhop.org/duocircle/images/2025/06/spf-validator-6643.jpg)

However, The **Washington Post** has not yet released public details about the threat actor behind the cyberattack. Users should update software regularly and avoid opening suspicious emails to stay protected.

## WestJet Probes Cyberattack Affecting Internal Operations

[WestJet is also investigating a cyberattack](https://www.westjet.com/en-ca/news/2025/advisory--cybersecurity-incident-) that has affected many of its internal systems and disrupted access to both its **website and the mobile application**.

It is one of the most prominent airlines in Canada, and [the cyberattack](https://www.reuters.com/sustainability/boards-policy-regulation/westjet-probes-cybersecurity-incident-affecting-app-internal-systems-2025-06-14/) is restricting users from logging into their accounts. _The organization has already activated its internal security teams and is working with law enforcement and Transport Canada to look into the issue and reduce the damage_. They stated that the safety of their operations and **protecting sensitive information** related to both passengers and employees is their top priority. Additionally, a formal apology has been intended to the customers for the inconvenience caused.

[![ ransomware ](https://media.mailhop.org/duocircle/images/2025/06/sender-policy-framework-6643.jpg)](https://media.mailhop.org/duocircle/images/2025/06/sender-policy-framework-6643.jpg)

Although access to **websites and apps** is being restored, some internal tools and services are still experiencing issues. The nature of the attack remains unclear, and it is not yet known if the systems were encrypted by [ransomware](/resources/locky-ransomware) or intentionally shut down by the airline as a precaution because WestJet has not responded to media queries about the details of the breach so far.

Operations remain safe, but passengers should keep an eye on official updates and avoid clicking on [suspicious links](https://redstone.bank/news/2024/09/dont-click-tips-for-identifying-and-handling-suspicious-links/).

Implementing [SPF](/resources/what-is-spf), [DKIM](/resources/what-is-dkim), and [DMARC](https://dmarcreport.com/what-is-dmarc/) protocols can **significantly strengthen** [email security](/) and help mitigate phishing, spoofing, and data breach risks across organizations.

## Topics

DKIMDMARCemail securitySecurityUpdates 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  News 5m  Apple Pay Scam, Crypto Fraud Victims, Retirement Phishing Loss, Cybersecurity News \[April 06, 2026\]  Apr 13, 2026 ](/blog/announcements/cyber-security-news-update-week-15-of-2026/)[  News 6m  Ransomware EDR Bypass, Apache Parquet Exposure, CISA Oil Threats, Cybersecurity News \[May 05, 2025\]  May 13, 2025 ](/blog/announcements/cyber-security-news-update-week-20-of-2025/)[  News 6m  GitHub Backdoor Threat, Cartier Data Breach, Fake RubyGems Steal, Cybersecurity News \[June 02, 2025\]  Jun 9, 2025 ](/blog/announcements/cyber-security-news-update-week-24-of-2025/)[  News 6m  Malicious npm Packages, Salesloft GitHub Breach, Malvertising Commit Trick, Cybersecurity News \[September 08, 2025\]  Sep 15, 2025 ](/blog/announcements/cyber-security-news-update-week-38-of-2025/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"DMV Impersonation Scam, Scania Insurance Breach, Cock.li Records Exposed, Cybersecurity News [June 16, 2025]","description":"DMV Impersonation Scam, Scania Insurance Breach, Cock.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-26-of-2025/","datePublished":"2025-06-23T15:01:16.000Z","dateModified":"2025-06-23T16:24:12.000Z","dateCreated":"2025-06-23T15:01:16.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-26-of-2025/"},"articleSection":"announcements","keywords":"DKIM, DMARC, email security, Security, Updates","wordCount":1088,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2025/06/spf-record-7896.jpg","caption":"cybersecurity news","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"News"},{"@type":"ListItem","position":3,"name":"DMV Impersonation Scam, Scania Insurance Breach, Cock.li Records Exposed, Cybersecurity News [June 16, 2025]","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-26-of-2025/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"News","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"DMV Impersonation Scam, Scania Insurance Breach, Cock.li Records Exposed, Cybersecurity News [June 16, 2025]","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-26-of-2025/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"DMV Impersonation Scam, Scania Insurance Breach, Cock.li Records Exposed, Cybersecurity News [June 16, 2025]","description":"DMV Impersonation Scam, Scania Insurance Breach, Cock.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-26-of-2025/","datePublished":"2025-06-23T15:01:16.000Z","dateModified":"2025-06-23T16:24:12.000Z","dateCreated":"2025-06-23T15:01:16.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-26-of-2025/"},"articleSection":"announcements","keywords":"DKIM, DMARC, email security, Security, Updates","wordCount":1088,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2025/06/spf-record-7896.jpg","caption":"cybersecurity news","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```