IT Security Weekend Catch Up – May 31, 2025

Comments
close searching

31.05.2025 | 23:57

IT Security Weekend Catch Up – May 31, 2025
avatar

badcyber

comments

IT Security Weekend Catch Up – May 31, 2025

Afraid of missing important security news during the week? We're here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. The scammer is always right - how Facebook protects scammers
  2. Behind the scenes of Paged Out! magazine – interview with Gynvael Coldwind
  3. U.S. spy agencies get one-stop shop to buy highly sensitive personal data
  4. Hacker who breached communications app used by Trump aide stole data from across US government
  5. Cetus Protocol hacked for more than $200 million
  6. U.S. sanctions cloud provider ‘Funnull’ as top source of ‘pig butchering’ scams

For the more technical

  1. By default, Signal doesn't Recall
  2. Microsoft closes 9-year-old feature request, open-sources Windows Subsystem for Linux
  3. BadSuccessor: Abusing dMSA to escalate privileges in Active Directory
  4. OneDrive File Picker flaw provides ChatGPT and other web apps full read access to users’ entire OneDrive
  5. Expression payloads meet mayhem - Ivanti EPMM Unauth RCE chain (CVE-2025-4427 and CVE-2025-4428)
  6. Thousands of Asus routers are being hit with stealthy, persistent backdoors
  7. PumaBot: Novel botnet targeting IoT surveillance devices
  8. Unpatched critical vulnerability in TI WooCommerce Wishlist plugin
  9. PhaaS the secrets: The hidden ties between Tycoon2FA and Dadsec's operations
  10. Text-to-Malware: How cybercriminals weaponize fake AI-themed websites
  11. Chasing Eddies: New Rust- based InfoStealer used in CAPTCHA campaigns
  12. PureHVNC RAT using fake high-level job offers from fashion and beauty brands
  13. A flyby on the CFO's inbox: Spear-phishing campaign targeting financial executives with NetBird deployment
  14. Katz stealer threat analysis
  15. Dissecting the macOS AppleProcessHub stealer: Technical analysis of a multi-stage attack
  16. DarkCloud stealer: Comprehensive analysis of a new attack chain that employs AutoIt
  17. The sharp taste of Mimo’lette: Analyzing Mimo’s latest campaign targeting Craft CMS
  18. NSIS abuse and sRDI shellcode: Anatomy of the Winos 4.0 campaign
  19. Pakistan Telecommunication Company (PTCL) targeted by Bitter APT during heightened regional conflict
  20. Operation Sindoor – anatomy of a digital siege
  21. Mark your calendar: APT41 innovative tactics
  22. Earth Lamia develops custom arsenal to target multiple industries
  23. New Russia-affiliated actor Void Blizzard targets critical sectors for espionage

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.


Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy! For the less technical The scammer is always right - how Facebook protects scammers Behind the scenes of Paged Out! maga 2025-05-31T23:57:19+02:00

Comments