Top 5 Cybersecurity News Stories June 06, 2025

Cybersecurity threats are constantly evolving as threat actors seek access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of.  No story is too big or small as we look at threats from espionage to security flaws in everyday devices:

1. Germany fines Vodafone $51 million for privacy, security breaches

Germany’s Federal Data Protection Authority has fined Vodafone €50.4 million ($54.4 million) for breaching GDPR regulations. The violations stemmed from unauthorized third-party access to customer data via a contracted call center, with incidents occurring between 2020 and 2021.

Investigators cited weak authentication mechanisms that enabled identity fraud, unauthorized contract changes, and privacy violations. Additionally, Vodafone failed to notify both the affected individuals and regulators in a timely manner. In response, the company has introduced enhanced security measures, including stronger access controls and multi-factor authentication, to prevent recurrence.

Source: BleepingComputer

2. Google Exposes Vishing Group UNC6040 Targeting Salesforce with Fake Data Loader App

Google’s Threat Analysis Group (TAG) has exposed a cybercrime group dubbed UNC6040, responsible for a large-scale vishing campaign targeting U.S. companies. The attackers used voice phishing and social engineering to deceive employees into granting access to internal systems.

Tactics included impersonating IT staff and leveraging stolen credentials. Once access was gained, the group deployed remote access tools and attempted lateral movement within corporate networks. Google linked the infrastructure to prior activity and has taken measures to disrupt it. Organizations are advised to strengthen employee awareness and implement robust identity verification procedures.

Source: The Hacker News

3. Crime gang steals $64 million from UK tax office in phishing scam

Britain’s tax authority, HMRC, has identified unauthorized access to a number of online taxpayer accounts, reportedly linked to identity fraud. The breach involved the use of stolen personal data to exploit the self-assessment tax system. HMRC has since disabled affected accounts and is working with impacted individuals to restore access and prevent fraud.

The agency emphasized that its core systems remain secure and no internal compromise occurred. It is also collaborating with law enforcement and other government bodies to investigate the incident and bolster defenses against similar threats in the future.

Source: Reuters

4. Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets

A sophisticated Android banking trojan known as Crocodilus has resurfaced, now actively targeting users in the U.S., U.K., and Spain. Distributed through fraudulent websites and phishing campaigns, the malware masquerades as legitimate applications to gain access.

Once installed, it exploits accessibility services to perform overlay attacks, steal credentials, intercept SMS messages, and bypass multi-factor authentication. Security researchers report that Crocodilus is being maintained by a financially motivated group that continually updates its code to evade detection. Users are urged to download apps only from official stores and remain vigilant against phishing attempts.

Source: The Hacker News

5. Hacker targets other hackers and gamers with backdoored GitHub code

A threat actor has been discovered distributing backdoored code on GitHub, targeting fellow hackers and gaming enthusiasts. The malicious repositories contain obfuscated Python scripts that download and execute a second-stage malware capable of stealing browser data, cryptocurrency wallets, and Discord tokens.

The attacker uses social engineering and SEO tactics to lure victims to the repositories, posing as legitimate tools or game cheats. Researchers warn that the campaign leverages trust in open-source platforms and advises developers to vet third-party code and monitor for suspicious behavior in development environments.

Source: BleepingComputer

At DIESEC, our experts are ready to assist with all your cybersecurity needs. We ensure your system is safe and secure and provide training for your employees to avoid falling victim to social engineering tactics.

For more information, please contact us now!