Weekly Cyber Update â May 26âJune 1, 2025: Breaches, Scams & Zero-Day Exploits
This weekâs update covers May 26âJune 1, 2025, with 20 critical cybersecurity stories. For everyone, weâve got breaches, scams, and easy safety tips. For pros, dive into zero-days, supply chain attacks, and botnet disruptions with technical insights. Plus, tools and questions to keep you sharpâletâs get started!
Cybersecurity for Everyone
Your online safetyâs under threat this week! Victoriaâs Secretâs site goes dark, fake AI tools spread malware, and TikTok videos trick users into downloading dangerous software. Protect yourself with our simple, actionable advice.
Top Stories
1. Victoriaâs Secret Website Taken Offline After Cyberattack 
- Summary: Hackers hit Victoriaâs Secret, forcing the site offline and raising fears of data theft.
- Why it matters: If youâve shopped there, watch for phishing emails or odd chargesâyour info might be at risk.
Read more
2. Fake AI Video Tools Spread Malware 
- Summary: Scammers push fake AI video apps that install malware to steal your data.
- Why it matters: Only download apps from trusted stores like Google Play or the App Storeâavoid random links.
Read more
3. TikTok Videos Trick Users into Malware Downloads 
- Summary: Cybercriminals use TikTok to spread videos that trick users into downloading malware.
- Why it matters: Be careful with links in videosâstick to official sources to keep your device safe.
Read more
4. Oversharing Online Puts You at Risk 
- Summary: Posting too much on social media makes you a target for scams and identity theft.
- Why it matters: Tighten your privacy settings and think twice before sharing personal details.
Read more
5. Phone Theft Spikes: Protect Your Device 
- Summary: Thieves are snatching phonesâeven locked onesâfor parts, and itâs on the rise.
- Why it matters: Use a strong passcode and enable tracking to keep your phone secure.
Read more
6. AI Voice Scams Target Ex-Government Workers 
- Summary: Scammers use AI-generated voices to trick former government staff into sharing sensitive info.
- Why it matters: Donât trust unexpected callsâalways verify the callerâs identity first.
Read more
7. Lumma Stealer Operation Busted, 2,300 Domains Down 
- Summary: Police seized domains behind Lumma Stealer, a malware that steals passwords and more.
- Why it matters: Use strong, unique passwords and two-factor authentication to protect your accounts.
Read more
8. Fake Chrome Extensions Steal Data, Push Ads 
- Summary: Over 100 malicious Chrome add-ons mimic legit tools to steal data and spam ads.
- Why it matters: Only install extensions from trusted sourcesâcheck your browser settings now.
Read more
9. Signal Stops Windows Recall from Snooping Chats 
- Summary: Signalâs update blocks Windows Recall from capturing screenshots of your private messages.
- Why it matters: Use privacy-focused apps like Signal to keep your conversations secure.
Read more
10. Marlboro-Chesterfield Pathology Data Breach Impacts 235,000 People 
- Summary: Hackers stole personal data from 235,000 people in a breach at a North Carolina lab.
- Why it matters: If youâre affected, monitor your accounts and consider freezing your credit.
[Read more]( As an assumption for this exercise: https://securityaffairs.com/178295/data-breach/marlboro-chesterfield-pathology-data-breach-impacted-235911-individuals.html)
Pro Insights: Advanced Cyber Threats (Advanced)
Tech pros, itâs a challenging week! Zero-days, supply chain attacks, and botnets target governments, logistics, and tech sectors. Sharpen your defenses with these technical insights.
Top Technical Updates
1. Chinese Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil 
- Summary: Hackers exploited flaws in SAP and SQL Server to target organizations in Brazil, India, and Southeast Asia.
- Why it matters: Patch your systems immediatelyâzero-days (new flaws hackers exploit) can lead to full system compromise.
Read more
2. New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora 
- Summary: Vulnerabilities in Ubuntu, RHEL, and Fedora allow attackers to steal password hashes from core dumps.
- Why it matters: Update your Linux systems nowâcore dumps can expose sensitive data if not secured.
Read more
3. Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware 
- Summary: Fake installers for VPNs and browsers drop Winos 4.0 malware to steal user data.
- Why it matters: Verify software sourcesâmalware can slip through if youâre not careful.
Read more
4. Operation ENDGAME Disrupted Global Ransomware Infrastructure 
- Summary: Law enforcement took down 300 servers and seized âŹ21.2 million in crypto, crippling ransomware networks.
- Why it matters: Ransomware is still a threatâensure your backups are secure and up to date.
Read more
5. Silent Ransom Group Targeting Law Firms, the FBI Warns 
- Summary: The Federal Bureau of Investigation warns that the Silent Ransom Group is using callback phishing to target law firms.
- Why it matters: Train staff on social engineeringâattacks like these can bypass technical defenses.
Read more
6. Leader of Qakbot Cybercrime Network Indicted in U.S. Crackdown 
- Summary: The U.S. indicted the leader of Qakbot, a botnet that infected over 700,000 devices.
- Why it matters: Botnets fuel DDoS and theftâmonitor your network for unusual traffic.
Read more
7. Hackers Use TikTok Videos to Distribute Vidar and StealC Malware via ClickFix Technique 
- Summary: Cybercriminals use TikTok to spread malware through fake software activation tips.
- Why it matters: Educate usersâsocial media can be a vector for sophisticated attacks.
Read more
8. New Tool Disables Windows Defender 
- Summary: âDefendnotâ tricks Windows into disabling Defender by posing as an antivirus.
- Why it matters: Keep Defender updated and monitor system changes to block bypasses.
Read more
9. Scattered Spider Targets Retail Sector 
- Summary: The group now targets U.S. retailers with social engineering and ransomware.
- Why it matters: Retail pros, tighten access controls and train staff on phishing.
Read more
10. CISA Flags Chromium, DrayTek, SAP Flaws 
- Summary: Cybersecurity and Infrastructure Security Agency listed exploited bugs in Chromium, DrayTek routers, and SAP NetWeaver.
- Why it matters: Patch these vulnerabilities immediatelyâhackers are actively exploiting them.
Read more
Takeaway
Breaches, scams, and zero-days are on the riseâstay vigilant!
Use strong passwords and two-factor authentication everywhere.
Download apps only from trusted stores.
Verify links, calls, and emails to avoid fakes.
Tools of the Week
- Bitwarden (Everyone) â A free, open-source password manager to securely store and generate strong passwords.
- Wireshark (Pros) â A powerful network protocol analyzer for deep packet inspection and troubleshooting.
Community Questions
- Everyone: Have you spotted any suspicious TikTok links or scam calls lately? Whatâs your top safety tip?
- Pros: How are you tackling supply chain risks like those in SAP and SQL Server? Share your strategy!
Stay Connected and Secure
Want more? Join the Crushing Security newsletter for fresh news and tips: Sign up here.
Drop your thoughts belowâletâs keep the conversation going!
Suggestions
Got ideas to improve these updates? Comment below, visit the feedback page, or ping Steve.