Cybersecurity Decrypted #35: May 22 – 29

Last updated on Jun 6, 2025 1 Minute To Read
Caitlin Harris Written by Caitlin Harris
Laura Iannini Technical Review by Laura Iannini

📰 Headliness

  • Apple has prevented over $9 million in fraudulent transactions over the last five years, according to their latest annual App Store analysis report. $2 billion of transactions were prevented in 2024 alone. đź”—
  • Law enforcement authorities globally have severely disrupted DanaBot in an operation coordinated by Europol and Eurojust. The operation took down 300 servers and 650 domains, and issued arrest warrants for 20 targets. 🔗
  • An Iranian national is facing up to 30 years in prison after carrying out a ransomware attack on the city of Baltimore that caused $19 million worth of damage. 🔗
  • CISA has lost most of the top officials working at the agency. Five of six operational divisions and six of ten regional offices will have lost senior leaders by the end of this month, according to CISA’s new deputy director. 🔗
  • Researchers at Oasis Security have discovered a major security flaw in OneDrive. Caused by excessive OAuth permissions, the flaw enables File Picker to grant third-party web apps with access to a user’s entire OneDrive. 🔗

📡 Threat Watch

  • A breach affecting LexisNexis Risk Solutions has impacted over 360,000 individuals. The data broker giant informed customers that there was “no evidence that [their] data has been further misused” but has offered victims two years of identity protection services. đź”—
  • MathWorks, creator of MATLAB, has confirmed that a ransomware attack is behind an ongoing service outage. 🔗
  • Vietnamese threat actor UNC6032 is using fake AI video generators to spread malware, according to Google’s Mandiant research team. 🔗
  • Canadian electricity company Nova Scotia Power was hit by a ransomware attack that compromised customers’ personal information, including contact details, bank account numbers, and social insurance numbers. 🔗
  • Adidas customers’ data was stolen following a cyberattack on a third-party customer service provider. The stolen data includes names, email addresses, and phone numbers. 🔗
  • The DragonForce group is infecting SimpleHelp RMM instances with ransomware in order to target an MSP’s clients, according to Sophos researchers. DragonForce recently also claimed responsibility for attacks on UK retailers M&S, Co-Op, and Harrods. 🔗

🪲Patches And Updates

  • Google Chrome’s 137 update has addressed 11 vulnerabilities in the popular browser, including eight security flaws and two high-severity memory issues. đź”—
  • Mozilla’s FireFox 139 update has patched 10 vulnerabilities, including a high-severity issues that could have led to memory corruption and an exploitable crash. 🔗

🚨 Industry News

  • Salesforce announced plans to acquire Informatica in a deal worth $8 billion. The acquisition price includes Salesforce’s existing stake in the data management provider. đź”—
  • Zscaler announced plans to acquire MDR provider Red Canary. The deal is expected to complete in August. 🔗
  • Check Point has announced plans to acquire exposure management provider Veriti Cybersecurity. The deal is expected to close by the end of the second quarter. 🔗
  • Cisco has reimagined its Duo MFA product to offer a new, full stack Identity and Access Management solution. Existing Duo customers can now sign up to explore Duo IAM in public preview. 🔗
  • SonicWall has released its 2025 Cyber Threat Report, which noted increases in malware, IoT-based attacks, and encrypted threats. 🔗
  • CISA is collaborating with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) to release guidance on effective SIEM and SOAR implementation. 🔗

🌎 Global News

  • Following an extensive investigation, the Czech Republic has accused the Chinese government of attempted state-sponsored cyber espionage. Czech authorities haven’t yet confirmed whether the attack was successful. đź”—
  • According to a recent (Ukrainian) SSSCIP report, Russian threat actors have carried out over 200 successful attacks on Ukrainian media outlets since the start of the Russo-Ukrainian War three years ago. 🔗
  • The Russian APT group Void Blizzard is targeting NATO member states with cyber espionage attacks. According to Microsoft researchers, the group is likely collecting intelligence to support Russian objectives in the war against Ukraine. 🔗
  • Despite challenges from privacy experts, Meta is set to start training its AI models using EU users’ public Instagram and Facebook posts. Users can opt out by filling out forms within the two social media platforms. 🔗

🎙️The Expert Insights Podcast

The Expert Insights Podcast is your go-to source for insights from cybersecurity experts. We bring you weekly interviews from top cybersecurity thought leaders.

This week on the show:

  • Patrick Joyce, Global Resident CISO at Proofpoint, on the evolving role of the CISO and the importance of a collaborative mindset for modern security teams. Listen now.
  • Nicole Carignan, SVP for Security & AI Strategy and Field CISO at Darktrace, on how AI is evolving from a support tool to a key decision-making partner, and what that means for the future role of the analyst. Listen now.

Introducing Game Changers

Next Monday, we’re launching our new limited podcast series: Game Changers. The cyber threat landscape is evolving all the time. We need game changing ideas to outwit adversaries and prepare ourselves for future threats.

In each episode, we’ll focus on an individual or a company who has changed the game, disrupted the status quo, and pushed expectations to the limit. In this first series, we speak with Torq, Abnormal, Zama, and the Godfather of Zero Trust, John Kindervag.

Don’t miss the launch: subscribe today.

🔍 Expert Insights: Latest From Us

Don’t miss this week’s round of interviews & insights with cybersecurity experts and thought leaders.

That’s all for this week! 👋

How did you find this newsletter? Please send us any feedback to help us improve. Thanks for your support.

Expert Insights’ Cybersecurity Resources

Written By Written By
Caitlin Harris
Caitlin Harris Deputy Head Of Content

Caitlin Harris is the Deputy Head of Content at Expert Insights. As an experienced content writer and editor, Caitlin helps cybersecurity leaders to cut through the noise in the cybersecurity space with expert analysis and insightful recommendations.

Prior to Expert Insights, Caitlin worked at QA Ltd, where she produced award-winning technical training materials, and she has also produced journalistic content over the course of her career.

Caitlin has 8 years of experience in the cybersecurity and technology space, helping technical teams, CISOs, and security professionals find clarity on complex, mission critical topics like security awareness training, backup and recovery, and endpoint protection.

Caitlin also hosts the Expert Insights Podcast and co-writes the weekly newsletter, Decrypted.

Technical Review Technical Review
Laura Iannini
Laura Iannini Cybersecurity Analyst

Laura Iannini is a Cybersecurity Analyst at Expert Insights. With deep cybersecurity knowledge and strong research skills, she leads Expert Insights’ product testing team, conducting thorough tests of product features and in-depth industry analysis to ensure that Expert Insights’ product reviews are definitive and insightful.

Laura also carries out wider analysis of vendor landscapes and industry trends to inform Expert Insights’ enterprise cybersecurity buyers’ guides, covering topics such as security awareness training, cloud backup and recovery, email security, and network monitoring. Prior to working at Expert Insights, Laura worked as a Senior Information Security Engineer at Constant Edge, where she tested cybersecurity solutions, carried out product demos, and provided high-quality ongoing technical support.

Laura holds a Bachelor’s degree in Cybersecurity from the University of West Florida.