Top 5 Cybersecurity News Stories May 23, 2025

Cybersecurity threats are constantly evolving as threat actors seek access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of.  No story is too big or small as we look at threats from espionage to security flaws in everyday devices:

1. CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud Misconfigs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert concerning a suspected broad campaign targeting Software-as-a-Service (SaaS) platforms. The warning centers on Commvault’s Metallic Microsoft 365 backup solution, hosted on Azure, which may have been compromised through abused application secrets.

The breach, linked to nation-state actors, exploited a zero-day vulnerability (CVE-2025-3928), enabling remote code execution. Although Commvault found no evidence of data compromise, CISA urges organizations to audit SaaS configurations, limit privileges, apply network restrictions, and utilize web application firewalls to prevent similar attacks.

Read the full article on The Hacker News

2. AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation

Cybersecurity researchers have uncovered significant risks associated with default IAM roles in Amazon Web Services (AWS), particularly those automatically provisioned by services like SageMaker, Glue, EMR, and Lightsail. These roles often include overly permissive access rights, such as full S3 access, which can be exploited for lateral movement and privilege escalation across AWS services.

An attacker leveraging these roles could compromise sensitive resources, including CloudFormation and SageMaker environments. In response, AWS has revised the AmazonS3FullAccess policy applied to default service roles to address these concerns and limit potential abuse.

Read the full article on The Hacker News

3. Police arrests 270 dark web vendors, buyers in global crackdown

In a major international operation named “Operation RapTor,” law enforcement agencies across ten countries, including the U.S., Germany, U.K., and France, arrested 288 individuals involved in dark web criminal activities. Coordinated by Europol, the crackdown resulted in the seizure of over €184 million ($207 million) in cash and cryptocurrencies, over two tonnes of illegal drugs, and 180 firearms.

The operation targeted users of dismantled marketplaces such as Nemesis, Tor2Door, Bohemia, and Kingdom Market. This collaborative effort highlights the global resolve to disrupt cybercriminal operations exploiting the anonymity of the dark web.

Read the full article on BleepingComputer

 

4. 3AM ransomware uses spoofed IT calls, email bombing to breach networks

A 3AM ransomware affiliate leverages advanced social engineering techniques, including email bombing and spoofed IT support calls, to breach corporate networks. According to Sophos, attackers inundate victims with spam emails, then follow up with fake IT support calls to gain trust and initiate a Microsoft Quick Assist session.

This grants remote access, allowing threat actors to deploy tools such as QEMU, VBS scripts, and the QDoor backdoor. In one case, they exfiltrated 868 GB of data via GoodSync to Backblaze cloud storage. The incident underscores the urgent need for employee vigilance and fortified security protocols.

Read the full article on BleepingComputer

 

5. M&S says cyber hackers broke in through third-party contractor

Marks & Spencer (M&S) disclosed a cyberattack in April 2025, attributed to a breach via a third-party contractor using social engineering techniques. The incident bypassed the retailer’s internal security measures, resulting in the suspension of online sales operations, which are expected to resume fully by July.

The attack is projected to reduce M&S’s operating profit by £300 million ($403 million). While Tata Consultancy Services is known to manage M&S’s IT services, its direct involvement remains unconfirmed. The UK’s National Crime Agency is investigating the breach, allegedly linked to a group of young, English-speaking hackers.

Read the full article on Reuters

 

At DIESEC, our experts are ready to assist with all your cybersecurity needs. We ensure your system is safe and secure and provide training for your employees to avoid falling victim to social engineering tactics.

For more information, please contact us now!