👋 Hello and welcome back to Cybersecurity Decrypted, your weekly cybersecurity news recap.
In the headlines this week:
- ⚖️ Justice is served to the attacker that stole 1.1TB of data from Disney
- 🚨 A hack targets a message archiving app used by U.S. government officials
- 🛍️ Harrods successfully defends against an attempted breach
Get Decrypted in your inbox every week.
📰 Headlines
- A California man has pleaded guilty to hacking Disney. The attacker stole 1.1TB of data from the company’s systems via a malicious app disguised as an AI image generator, which enabled him to access an employee’s device and steal login credentials and confidential data. 🔗
- Israeli company NSO Group has been ordered to pay Meta’s WhatsApp $168m after facilitating use of the platform to target over 1,400 users with Pegasus spyware, including journalists, human rights activists, and political dissidents. 🔗
- TeleMessage has temporarily shut down its Signal message archiving app while the company investigates a hack. According to reports, the attacker gained access to direct messages and group chats archived within the app, which was known to be used by U.S. government officials. 🔗
- Microsoft is investigating a new Microsoft 365 outage affecting multiple features and services across North America. The critical service issue has caused disruptions to Teams, OneDrive for Business, and SharePoint. 🔗
📡 Threat Watch
- Harrods successfully defended against an attempted breach carried out by the DragonForce ransomware group, following similar attacks against M&S and Co-Op. The U.K. NSCC is urging organizations to ensure they have appropriate measures in place to prevent and respond to attacks. 🔗
- CISA has added a recently disclosed critical security flaw to the KEV catalog. The vulnerability impacts the low-code, LLM-agnostic AI builder, Langflow. 🔗
- A campaign tracked by researchers at Arctic Wolf has seen the threat actor Venom Spider using fake resumes to phish HR departments. The campaign, which targets hiring managers and recruiters, runs multiple distractions whilst collecting payment data, intellectual property, and trade secrets. 🔗
- CISA has added two SonicWall vulnerabilities to the KEV catalog. The vulnerabilities affect SonicWall’s Secure Mobile Access (SMA), and are confirmed to have been exploited in the wild. 🔗
- The U.K.’s Legal Aid Agency, a public body that oversees billions in funding for criminal and civil cases, has been hit by a “security incident”. The agency cannot yet confirm whether any data was accessed. 🔗
🚨 Industry News
- Microsoft has unveiled a new AI agent for Copilot+ that can change Windows PC settings based on natural language prompts. 🔗
- CrowdStrike has released its latest State of SMB Cybersecurity Survey. Key takeaways include: a disconnect between security awareness and the ability to act; the fact that ransomware could shut down ¾ of micro-businesses; and that cost is the primary blocker to implementing security tools. 🔗
- Cyware has released a new threat intelligence solution for State, Local, Tribal, and Territorial (SLTT) governments in the U.S. According to Cyware CEO Anuj Goel, the platform offers “the threat visibility, automation, and cross-agency collaboration they need to better protect their communities.” 🔗
- CrowdStrike plans to lay off approximately 500 employees in fiscal 2026 in a plan to achieve $10b in annual recurring revenue. 🔗
- Google has released a May 2025 security update that fixes 50 Android vulnerabilities, including a bug being exploited in the wild. 🔗
- SysAid has released patches for four XXE injection vulnerabilities present in a previous on-premises version. 🔗
🌎 Global News
- The U.S. has announced plans to cut CISA’s budget by $491m. The proposed cuts come shortly after recent CISA layoffs, last-minute contract renewals for the MITRE CVE program, and the cancellations of contracts with security vendors. 🔗
- The National Security Agency (NSA) has been instructed by the Trump administration to cut up to 2,000 civilian roles in a bid to reduce the size of the federal government. The cuts are expected to take place by the end of this year. 🔗
- A Russia-linked threat actor group targeted several Romanian sites with DDoS attacks during Romania’s presidential election. Targets included official websites of the Ministry of Foreign Affairs, the Romanian government, the Constitutional Court, and several presidential candidates. 🔗
- The Peruvian government has denied that its federal digital platform was compromised, after ransomware group Rhysida tried to take credit for an alleged attack. 🔗
- Cyberattacks are costing U.K. businesses £64 billion per year in ransom payments, lost business, staff overtime, and legal costs, among others, according to recent research from ESET. 🔗
- An Indian court order has blocked the use of popular email encryption platform Proton Mail across the country. This comes following a legal complaint filed by a New Delhi-based firm, which alleged that its employees received emails sent via Proton Mail that contained obscene content. 🔗
🔍 Expert Insights: Latest From Us
Don’t miss this week’s round of interviews & insights with cybersecurity experts and thought leaders.
- Expert Insights: Reflections From RSAC 2025
- AI & Cybersecurity: 18+ Key Perspectives From Industry Experts
- What’s Next For Cybersecurity? 19+ Key Predictions From Cybersecurity Experts
- SIEM In 2025: A Deep Dive into Key Security Insights & Must-Know Stats
- RMM For MSPs In 2025: A Deep Dive into Remote Monitoring & Management Stats
- Privileged Access Management In 2025: A Deep Dive into Critical Stats & Insights
- Web Application Firewalls In 2025: A Deep Dive into the Latest Stats & Security Trends
- Endpoint Detection And Response In 2025: A Deep Dive into EDR Stats & Emerging Trends
- Email Encryption Buyers’ Guide 2025
That’s all for this week! 👋
How did you find this newsletter? Please send us any feedback to help us improve. Thanks for your support.
Expert Insights’ Cybersecurity Resources
