Cybersecurity Decrypted #35: May 22 – 29

Caitlin Harris Laura Iannini
Caitlin Harris, Laura Iannini Last updated on Jun 6, 2025

👋 Hello and welcome back to Cybersecurity Decrypted, your weekly cybersecurity news recap.

In the headlines this week:

  • 💰 Apple blocks $9 billion in fraud
  • 🌎 Global authorities take down huge ransomware kill chain
  • 🚔 Ransomware actor faces 30 years behind bars for Baltimore attacks

You can listen to a Decrypted briefing every week in your favorite podcast app. Listen now.

📰 Headliness

  • Apple has prevented over $9 million in fraudulent transactions over the last five years, according to their latest annual App Store analysis report. $2 billion of transactions were prevented in 2024 alone. 🔗
  • Law enforcement authorities globally have severely disrupted DanaBot in an operation coordinated by Europol and Eurojust. The operation took down 300 servers and 650 domains, and issued arrest warrants for 20 targets. 🔗
  • An Iranian national is facing up to 30 years in prison after carrying out a ransomware attack on the city of Baltimore that caused $19 million worth of damage. 🔗
  • CISA has lost most of the top officials working at the agency. Five of six operational divisions and six of ten regional offices will have lost senior leaders by the end of this month, according to CISA’s new deputy director. 🔗
  • Researchers at Oasis Security have discovered a major security flaw in OneDrive. Caused by excessive OAuth permissions, the flaw enables File Picker to grant third-party web apps with access to a user’s entire OneDrive. 🔗

📡 Threat Watch

  • A breach affecting LexisNexis Risk Solutions has impacted over 360,000 individuals. The data broker giant informed customers that there was “no evidence that [their] data has been further misused” but has offered victims two years of identity protection services. 🔗
  • MathWorks, creator of MATLAB, has confirmed that a ransomware attack is behind an ongoing service outage. 🔗
  • Vietnamese threat actor UNC6032 is using fake AI video generators to spread malware, according to Google’s Mandiant research team. 🔗
  • Canadian electricity company Nova Scotia Power was hit by a ransomware attack that compromised customers’ personal information, including contact details, bank account numbers, and social insurance numbers. 🔗
  • Adidas customers’ data was stolen following a cyberattack on a third-party customer service provider. The stolen data includes names, email addresses, and phone numbers. 🔗
  • The DragonForce group is infecting SimpleHelp RMM instances with ransomware in order to target an MSP’s clients, according to Sophos researchers. DragonForce recently also claimed responsibility for attacks on UK retailers M&S, Co-Op, and Harrods. 🔗

🪲Patches And Updates

  • Google Chrome’s 137 update has addressed 11 vulnerabilities in the popular browser, including eight security flaws and two high-severity memory issues. 🔗
  • Mozilla’s FireFox 139 update has patched 10 vulnerabilities, including a high-severity issues that could have led to memory corruption and an exploitable crash. 🔗

🚨 Industry News

  • Salesforce announced plans to acquire Informatica in a deal worth $8 billion. The acquisition price includes Salesforce’s existing stake in the data management provider. 🔗
  • Zscaler announced plans to acquire MDR provider Red Canary. The deal is expected to complete in August. 🔗
  • Check Point has announced plans to acquire exposure management provider Veriti Cybersecurity. The deal is expected to close by the end of the second quarter. 🔗
  • Cisco has reimagined its Duo MFA product to offer a new, full stack Identity and Access Management solution. Existing Duo customers can now sign up to explore Duo IAM in public preview. 🔗
  • SonicWall has released its 2025 Cyber Threat Report, which noted increases in malware, IoT-based attacks, and encrypted threats. 🔗
  • CISA is collaborating with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) to release guidance on effective SIEM and SOAR implementation. 🔗

🌎 Global News

  • Following an extensive investigation, the Czech Republic has accused the Chinese government of attempted state-sponsored cyber espionage. Czech authorities haven’t yet confirmed whether the attack was successful. 🔗
  • According to a recent (Ukrainian) SSSCIP report, Russian threat actors have carried out over 200 successful attacks on Ukrainian media outlets since the start of the Russo-Ukrainian War three years ago. 🔗
  • The Russian APT group Void Blizzard is targeting NATO member states with cyber espionage attacks. According to Microsoft researchers, the group is likely collecting intelligence to support Russian objectives in the war against Ukraine. 🔗
  • Despite challenges from privacy experts, Meta is set to start training its AI models using EU users’ public Instagram and Facebook posts. Users can opt out by filling out forms within the two social media platforms. 🔗

🎙️The Expert Insights Podcast

The Expert Insights Podcast is your go-to source for insights from cybersecurity experts. We bring you weekly interviews from top cybersecurity thought leaders.

This week on the show:

  • Patrick Joyce, Global Resident CISO at Proofpoint, on the evolving role of the CISO and the importance of a collaborative mindset for modern security teams. Listen now.
  • Nicole Carignan, SVP for Security & AI Strategy and Field CISO at Darktrace, on how AI is evolving from a support tool to a key decision-making partner, and what that means for the future role of the analyst. Listen now.

Introducing Game Changers

Next Monday, we’re launching our new limited podcast series: Game Changers. The cyber threat landscape is evolving all the time. We need game changing ideas to outwit adversaries and prepare ourselves for future threats.

In each episode, we’ll focus on an individual or a company who has changed the game, disrupted the status quo, and pushed expectations to the limit. In this first series, we speak with Torq, Abnormal, Zama, and the Godfather of Zero Trust, John Kindervag.

Don’t miss the launch: subscribe today.

🔍 Expert Insights: Latest From Us

Don’t miss this week’s round of interviews & insights with cybersecurity experts and thought leaders.

That’s all for this week! 👋

How did you find this newsletter? Please send us any feedback to help us improve. Thanks for your support.

Expert Insights’ Cybersecurity Resources