May 31, 2025

Hello all,

It seemed to me that this week was mercifully quiet on the global scale, with fewer massive holes and defects being revealed. That’s not so say that dirtbags took the week off, oh no, they already have plenty of the aforementioned flaws available to enable their nefarious activity. They were, unfortunately, still quite busy exploiting hard-coded passwords in routers, spamming out AI enhanced phishing emails, mining crypto currency, executing man-in-the-middle attacks to steal credentials, and more. And if that wasn’t enough, Google shocked the world with their launch of DeepMind Veo 3, an AI video generation platform that is terrifying in how realistic the videos appear. We are now at the point where you cannot believe your eyes or ears unless you see it in person. However, rest assured, I’m not an AI, yet. There were also quite a few interesting and new tech-related things that are not scary or disturbing that were introduced this week which you’ll find linked in our Other News Events of Note and Interest section. So be sure you check them out.

Headline NEWS:

• ConnectWise ScreenConnect has revealed a successful breach by “nation-state hackers”. One of the things that gives CISOs, IT Administrators, and Managed Service Providers chills in the night is the thought that their Remote Monitoring and Management systems (RMM) will get compromised and give a threat actor unrestricted access to hundreds, if not thousands of systems simultaneously. Apparently, this happened in November of last year, with a patch coming out in April of this year after it was discovered. ConnectWise says that a limited number of companies were affected by this breach but have been very stingy with details. It will be interesting to see if they will reveal any more at their upcoming IT Nation Secure conference in Orlando this coming week.
• Mozilla Firefox plugged a critical zero-interaction defect in the libvpx library that could have allowed a nefarious person to take over a system via the browser. Google Chrome also patched this same defect and several others. I highly recommend that you restart your browsers to apply any pending updates.
• Microsoft OneDrive was excoriated last week for the upcoming automatic integration of OneDrive personal with OneDrive for business. This week’s news is that a vulnerability has been found in the One Drive File Picker that grants full access to all files! This defect is due to lack of fine-grained control in OAuth scopes for OneDrive. Instead of following the principle of least privilege, it grants all privilege. Microsoft has been made aware of the flaw and is considering making changes. But since the user must grant OAuth access, Redmond considers this a user issue. You might want to check your OneDrive to see what access has been granted and to whom.

In Ransomware, Malware, and Vulnerabilities News:

• Mandiant flags fake AI video generators laced with malware. Threat Actors, exploiting the massive hype generated by AI image software, and AI video generators, have been seeding the internet with advertisements and websites promising the latest and greatest AI image and video generators. When unsuspecting victims download the software, they get infostealers and malware instead. If it seems too good to be true, it probably is.
• Fake Bitdefener Site Spreads Trio of Malware is another reminder that threat actors have lots of money to advertise and spin up, or hijack, sites to spread their evil payloads. You cannot trust a simple web search any longer. And the lock icon or shield on a site no longer means anything, threat actors’ sites have SSL Certificates too. The internet is a bit like the Yellow Brick road to the Emerald City, it is bright and beautiful, but unfortunately, there are plenty of places where you’ll find evil along the way.

In Other News Events of Note and Interest:

• Google’s Veo 3 AI model is scary good, and it is only going to get better. We knew for some time now that this technological leap was coming. Well, it’s here! The quality and availability of the content will only increase, while the hardware requirements will continue to decrease. The clock is at 11:59 for figuring out how to determine reality from deception as it relates to audio conversations or video meetings. AI, in the hands of threat actors, scouring the net for any information about you so that it can answer security questions and respond with your own personality traits while it impersonates your voice and likeness is only an internet minute away.

Musings:

As the reality is slowly dawning on the technological world that you will soon not be able to trust anything that is presented in a digital format, and that there is no way to be certain that what you see or hear is real, this could be the trigger that brings back in-person meetings. With that in mind, it might be a good time to invest in the airlines again.

Keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• ConnectWise Confirms ScreenConnect Cyberattack, Says Systems Now Secure
• ConnectWise breached in cyberattack linked to nation-state hackers
• Chrome Security Update – High-Severity Vulnerabilities Leads to Code Execution
• Critical Firefox 0-Interaction libvpx Vulnerability Let Attackers Execute Arbitrary Code
• Microsoft OneDrive File Picker Flaw Grants Apps Full Cloud Access — Even When Uploading Just One File
• OneDrive Gives Web Apps Full Read Access to All Files 

Ransomware, Malware, and Vulnerabilities News

• TSA issues major warning over USB charging ports for travelers at US airports
• US government sanctions tech company involved in cyber scams
• US DoJ Seizes 4 Domains Supporting Cybercrime Crypting Services in Global Operation
• Hackers Are Calling Your Office: FBI Alerts Law Firms to Luna Moth’s Stealth Phishing Campaign
• How CISOs can defend against Scattered Spider ransomware attacks
• Cloudflare CEO: LaLiga anti-piracy campaign will claim lives
• Police takes down AVCheck site used by cybercriminals to scan malware
• Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
• Germany doxxes Conti ransomware and TrickBot ring leader
• Mandiant flags fake AI video generators laced with malware
• Cybercriminals exploit AI hype to spread ransomware, malware
• GitHub MCP Exploited: Accessing private repositories via MCP
• GitHub becomes go-to platform for malware delivery across Europe
• New Self-Spreading Malware Infects Docker Containers to Mine Dero Cryptocurrency
• Apache Tomcat Vulnerability Allows Remote Code Execution – PoC Released
• New EDDIESTEALER Malware Bypasses Chrome’s App-Bound Encryption to Steal Browser Data
• Fake Bitdefender Site Spreads Trio of Malware Tools
• New Windows RAT Evades Detection for Weeks Using Corrupted DOS and PE Headers
• Botnet hacks 9,000+ ASUS routers to add persistent SSH backdoor
• Threat Spotlight: Hijacked Routers and Fake Searches Fueling Payroll Heist
• Hard-Coded Telnet Credentials Leave D-Link Routers Wide Open to Remote Code Execution
• Not Every CVE Deserves a Fire Drill: Focus on What’s Exploitable
• NIST Launches Metric to Measure Likelihood of Vulnerability Exploits
• Bitwarden Flaw Allows Upload of Malicious PDFs, Posing Security Risk
• Vulnerabilities found in NASA’s open source software
• Oracle TNS Flaw Exposes System Memory to Unauthorized Access
• Hackers are exploiting critical flaw in vBulletin forum software
• How to hack-proof your laptop’s Bluetooth
• Billions of cookies up for grabs as experts warn over session security
• Employees Searching Payroll Portals on Google Tricked Into Sending Paychecks to Hackers
• Street-Level QR Phishing: Cybercriminals Take Social Engineering to the Real World
• ChoiceJacking Attack Let Hackers Compromise Android & iOS Devices via Malicious Charger
• Hacktivism Reborn: How a Fading Cyber Threat Has Become a Modern Battleground
• Do-It-Yourself Cyberattack Tools Are Booming
• Russia-backed group hacked into networks of police and NATO, say Dutch authorities
• Why is China deep in US networks? ‘They’re preparing for war,’ HR McMaster tells lawmakers
• China, Taiwan trade accusations over cyberattacks
• Czech Republic Blames China-Linked APT31 Hackers for 2022 Cyberattack
• New Scan Uncovers 150K Industrial Systems Worldwide Vulnerable to Cyberattacks
• New PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto
• How ‘Browser-in-the-Middle’ Attacks Steal Sessions in Seconds
• How to spot phishing emails now that AI has cleaned up the typos
• From Infection to Access: A 24-Hour Timeline of a Modern Stealer Campaign
• Suspected InfoStealer Malware Data Breach Exposed 184 Million Logins and Passwords
• Data broker giant LexisNexis says breach exposed personal information of over 364,000 people
• 251 Amazon-Hosted IPs Used in Exploit Scan Targeting ColdFusion, Struts, and Elasticsearch
• Dark Partners cybercrime gang fuels large-scale crypto heists
• 5% of breaches now extend to fourth parties
• Adidas Confirms Cyberattack and Data Breach
• Hackers leaked Coca-Cola’s data after ransom threat
• Banking groups ask SEC to drop cybersecurity incident disclosure rule
• Ransomware Reporting site with great information
• Interlock ransomware gang deploys new NodeSnake RAT on universities
• DragonForce ransomware abuses SimpleHelp in MSP supply chain attack
• Iranian man pleads guilty to ransomware scheme that cost Baltimore over $19 million
• Victoria’s Secret takes down website after security incident
• Ransomware attack on MATLAB dev MathWorks – licensing center still locked down
• MathWorks, Creator of MATLAB, Confirms Ransomware Attack
• M&S hack may have been caused by security issues at Indian IT giant Tata Consultancy Services
• Nearly 70,000 impacted by ransomware attack on Sheboygan, Wisconsin
• Tiffany confirms data breach in South Korea following Dior incident 

Other News Events of Note and Interest

• Cool Tool: Top 10 useful Microsoft Edge keyboard shortcuts that increase your productivity
• US Defense Intelligence Flags Rivals’ Growing Military Use of Quantum Tech
• Judge dismisses class action lawsuit after attorney cites fake AI-generated precedent
• This classic 30-year-old Windows game is now free for Android users
• iOS 26, macOS 26, watchOS 26, iPadOS 26: Apple to Rebrand Device Software
• Java at 30: How a language designed for a failed gadget became a global powerhouse
• Texas governor signs online safety law in blow to Apple and Google
• CISA loses nearly all top officials as purge continues
• Knowledge Work Is Dying—Here’s What Comes Next
• Cybersecurity Teams Generate Average of $36M in Business Growth
• Mozilla fires off emergency patch to fix Nvidia GPU artifacting bugs in Firefox
• Opera announces Opera Neon, the first AI agentic browser
• The captcha paradox – prove you are human
• Homeland Security cuts off access to ChatGPT and other commercial AI
• AI Cheating Is So Out of Hand In America’s Schools That the Blue Books Are Coming Back
• First Case of AI Mimicking a “Terminator-Like” Scenario Surfaces; OpenAI LLMs Changes Computer Code In Order To Prevent Shutdown
• DeepSeek updates its R1 reasoning AI model, releases it on Hugging Face
• How Cursor is pioneering new coding frontiers with Claude Opus 4
• Elon Musk’s Tesla (TSLA) Targets June 12 Launch of Robotaxi Service in Austin
• Breakthrough DNA-based supercomputer runs 100 billion tasks at once
• This Google Chrome update could change the fundamentals of browsing
• Google’s Veo 3 AI model is scary good at generating videos. Creators and viewers should be prepared.
• Google celebrates 10 years of Google Photos with new editing tools
• Google DeepMind’s Demis Hassabis on AGI, Innovation and More
• Gmail’s AI summaries now appear automatically
• ChatGPT Image Generator Is in Microsoft Copilot Now: What You Can Do With It
• Microsoft’s ‘Majorana 1’ quantum chip promises a million qubits
• Microsoft wants Windows Update to handle all apps
• Microsoft wants to radically change the way you surf the web
• Microsoft reveals unexpected way that Windows 11 clean install can boost your PC performance
• Microsoft oversells Windows 11’s Smart App Control as a “top antivirus solution”
• Microsoft is updating Notepad with text formatting and Markdown support
• Windows 11’s sneaky new AI tool is a game-changer
• Windows 11 might fail to start after installing KB5058405
• Windows 11 gets big update with Settings, HDR improvements, and more in KB5058499
• Microsoft Authenticator now warns to export passwords before July cutoff
• Microsoft Entra Connect Update Replaces Traditional Username and Password Login Method
• Automattic says it will start contributing to WordPress again after pause