- Mycomputerspot Security Newsletter
- Posts
- Weekly One-Shot: June 1 - June 7, 2025
Weekly One-Shot: June 1 - June 7, 2025
This week's threats and trends.
Before we dive in, I would like to thank all of you for supporting us with your subscription! My goal is to bring both actionable insights and easy-to-digest information regarding cybersecurity threats to non-tech and technical professionals alike. If this sounds like something that would help someone you know, please share the newsletter!
Global payroll complexity? Here’s the playbook.
Managing global payroll shouldn’t mean juggling vendors and compliance risks. Deel, recognized in the Gartner® Market Guide for Multicountry Payroll Solutions, helps finance teams automate payments, standardize reporting, and stay compliant in 100+ countries. Get key insights from industry experts to future-proof your payroll strategy.

This week’s threat landscape felt like a zero-day buffet, with Chrome and Cisco flaws ready for the picking, state-sponsored phishing with Evilginx, and a coordinated hit on the DevOps world. You're not alone if your IR team hasn’t had rest in days.
But we’ve sorted the noise from the signal. You’ve got breaches, browser bugs, and blunders by browser plugins—plus a few fashion brands who still don’t believe in basic security. Let’s break it all down.
Caffeinate. Patch. Breathe. Then scroll on.
This week in Cybersecurity
Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hardcoded Credentials
Careless coding in major extensions like SEMRush Rank and Browsec VPN exposed sensitive user data over plain HTTP—plus hardcoded tokens ripe for abuse.
Newsletter: June 3, 2025Cisco Patches Critical Flaws in ISE and CCP Products—with Exploits Already in the Wild
Static cloud credentials and arbitrary file upload bugs (CVE-2025-20286, et al.) make Cisco customers vulnerable to cross-deployment compromise.
Newsletter: June 3, 2025Iran-Linked BladedFeline Group Targets Kurdish and Iraqi Officials with Custom Malware
BladedFeline (likely linked to OilRig) is back with backdoors like Whisper and Spearal to spy on Middle Eastern government systems.
Newsletter: June 3, 2025Russian Hackers Use Evilginx to Breach 20+ NGOs with Fake Microsoft Entra Pages
Void Blizzard's latest phishing campaign used PDF QR codes and Evilginx proxies to swipe session tokens from NGO targets.
Newsletter: June 5, 2025Cryptojacking Campaign Hits DevOps APIs Using Tools Pulled from GitHub
Attackers deployed miners on exposed Docker, Gitea, and HashiCorp Nomad servers, burning thousands in CPU credits.
Newsletter: June 5, 202578 Microsoft Vulnerabilities Found, Including Critical Flaws in Windows, Office, and Azure
June’s patch dump covers remote code execution, privilege escalation, and Azure misconfigurations—CVE-2025-29959 among the worst.
Newsletter: June 3, 2025Linux Core Dump Bugs Let Local Attackers Steal Password Hashes (CVE-2025-5054)
Apport and systemd-coredump race conditions allow /etc/shadow data theft via core dumps on Ubuntu and RHEL.
Newsletter: June 5, 2025The North Face Suffers Another Credential Stuffing Attack—Fourth Since 2020
Names, emails, phone numbers, and purchase histories were exposed—again. Still no MFA by default for customers.
Newsletter: June 5, 2025Cartier Discloses Breach in Ongoing Campaign Targeting Fashion Retailers
Minimal data stolen (names, emails, countries), but the real story is that high-end brands are being hit in a coordinated wave.
Newsletter: June 5, 2025HMRC Breach: 100,000 UK Taxpayer Accounts Compromised via Phishing
No direct theft, but over £47 million was falsely claimed using hijacked self-assessment accounts.
Newsletter: June 3, 2025
Biggest Threat This Week
New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch
Newsletter: June 5, 2025
Google dropped an emergency fix for CVE-2025-5419, an actively exploited flaw in Chrome’s V8 JavaScript engine. It’s a classic out-of-bounds read/write issue that can allow remote attackers to hijack your session or execute arbitrary code with the help of a malicious HTML file. What makes this scarier? The attackers were already using it in the wild before the patch landed.
Risk Level: Critical
Tactics: Initial Access, Execution
Action Steps:
Patch Chrome immediately—version 137.0.7151.68/.69
Force browser updates org-wide (including Edge, Brave, etc.)
Monitor for weird post-exploit behavior
Turn on browser isolation for high-risk users
Training Recommendation
“Browser Security in the Age of Evilginx and Malicious Extensions”
This week’s attacks underscore how browsers—once just gateways to the internet—are now prime real estate for adversaries. Recommend your team take a focused training session on:
Understanding modern phishing kits like Evilginx
Recognizing API abuse and extension overreach
Hardening browsers in enterprise environments (extension whitelisting, browser isolation, forced patching)
SANS offers short modules on browser hardening and phishing-resistant MFA, or you can roll your own micro-training using real IOCs from this week’s Evilginx campaign.
Wrapping Up:
From Chrome zero-days and credential leaks to cloud-targeted cryptojacking and espionage-grade phishing, this week proved that even your browser extensions can be a backdoor. If it connects to the internet, assume it’s hostile. Patch fast, monitor smarter, and keep one eye on the logs—and the other on your extensions.
(P.S. Supporting our partners helps keep this newsletter running!)
Start learning AI in 2025
Keeping up with AI is hard – we get it!
That’s why over 1M professionals read Superhuman AI to stay ahead.
Get daily AI news, tools, and tutorials
Learn new AI skills you can use at work in 3 mins a day
Become 10X more productive