- Mycomputerspot Security Newsletter
- Posts
- Weekly One-Shot: May 25 – May 31, 2025
Weekly One-Shot: May 25 – May 31, 2025
This week's threats and trends.
Before we dive in, I would like to thank all of you for supporting us with your subscription! My goal is to bring both actionable insights and easy-to-digest information regarding cybersecurity threats to non-tech and technical professionals alike. If this sounds like something that would help someone you know, please share the newsletter!
Start learning AI in 2025
Keeping up with AI is hard – we get it!
That’s why over 1M professionals read Superhuman AI to stay ahead.
Get daily AI news, tools, and tutorials
Learn new AI skills you can use at work in 3 mins a day
Become 10X more productive

Cybersecurity this week was a whirlwind of sophisticated exploits and critical vulnerabilities. From nation-state actors abusing trusted platforms to widespread supply chain attacks, the digital landscape continues to challenge defenders at every turn.
Let's delve into the most pressing threats and trends that emerged over the past week.
This week in Cybersecurity
1. Microsoft OneDrive File Picker Flaw Grants Full Cloud Access
A critical vulnerability in Microsoft's OneDrive File Picker allows third-party applications to access a user's entire cloud storage, even when only a single file is intended for upload. The issue stems from overly broad OAuth scopes and misleading consent prompts.
2. Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto
Security researchers have identified over 70 malicious packages in the npm registry and VS Code marketplace designed to steal sensitive data and cryptocurrency. These packages employ sandbox-evasive malware targeting developer environments.
3. Chrome Loader Partitioning Bug Enables Cross-Origin Data Leak
A vulnerability in Google Chrome's loader partitioning feature allows attackers to bypass same-origin policy protections, leading to potential cross-origin data leaks. The flaw, tracked as CVE-2025-4664, has been actively exploited.
4. MATLAB Maker MathWorks Recovering From Ransomware Attack
MathWorks, the company behind MATLAB and Simulink, confirmed a ransomware attack that disrupted multiple services, including licensing, downloads, and online applications. The incident began on May 18, 2025, and recovery efforts are ongoing.
5. Lumma Infostealer Malware Operation Disrupted, 2,300 Domains Seized
A coordinated operation involving Microsoft and law enforcement agencies has disrupted the Lumma infostealer malware infrastructure, seizing approximately 2,300 domains used for malicious activities.
6. Windows Recall Feature Raises Privacy Concerns
Microsoft's new Windows 11 feature, Recall, which captures screenshots at frequent intervals to aid user productivity, has sparked significant privacy concerns. Critics argue that the feature could inadvertently expose sensitive information.
7. Black Basta Ransomware Hits Synlab Europe, Forces IT Shutdown
European medical diagnostics company Synlab has been targeted by the Black Basta ransomware group, leading to significant IT disruptions. The attack has affected operations across multiple countries.
8. New Sysrv-K Botnet Variant Exploits Cloud Servers
A new variant of the Sysrv-K botnet is actively exploiting vulnerabilities in web applications and cloud storage platforms to deploy cryptominers. The malware targets both Linux and Windows environments.
9. Apache ActiveMQ Exploit Used to Deliver Python RAT
Threat actors are exploiting a known vulnerability in Apache ActiveMQ to deliver a custom Python-based remote access trojan (RAT), granting them full control over compromised systems.
10. Android Trojan 'SoumniBot' Evades Detection via App Info Abuse
A new Android trojan, dubbed 'SoumniBot', employs unconventional methods to evade detection, including abusing the ApplicationInfo.loadLabel() method. The malware primarily targets South Korean users.
Biggest Threat This Week
Chinese-Linked Group “Salt Typhoon” Targets U.S. Telecommunications
This week’s headline threat involves Salt Typhoon, a Chinese-linked group targeting U.S. telecommunications networks. Devices linked to prominent individuals, including former President Donald Trump, Eric Trump, Jared Kushner, and campaign staffers for Vice President Kamala Harris, were compromised. The breaches targeted telecom giants like Verizon and AT&T, potentially exposing highly sensitive communications. The Department of Homeland Security’s Cyber Safety Review Board is investigating the incident to gauge the impact and fortify future defenses.
Learn more on Salt Typhoon
🛠️ Training Recommendation
SANS SEC573: Automating Information Security with Python
In an era where attackers automate their exploits, defenders must do the same. This course provides hands-on experience in automating various information security tasks using Python, enhancing your ability to respond swiftly to threats.
👉 Explore SEC573
Wrapping Up:
This week underscores the evolving tactics of threat actors, from exploiting trusted platforms like Google Calendar to targeting supply chains through malicious packages. Organizations must remain vigilant, continuously updating their security protocols and educating users to recognize and respond to emerging threats.
(P.S. Supporting our partners helps keep this newsletter running!)
Learn AI in 5 minutes a day
What’s the secret to staying ahead of the curve in the world of AI? Information. Luckily, you can join 1,000,000+ early adopters reading The Rundown AI — the free newsletter that makes you smarter on AI with just a 5-minute read per day.
You’ve never experienced business news like this
Morning Brew delivers business news the way busy professionals want it — quick, clear, and written like a human.
No jargon. No endless paragraphs. Just the day’s most important stories, with a dash of personality that makes them surprisingly fun to read.
No matter your industry, Morning Brew’s daily email keeps you up to speed on the news shaping your career and life—in a way you’ll actually enjoy.
Best part? It’s 100% free. Sign up in 15 seconds, and if you end up missing the long, drawn-out articles of traditional business media, you can always go back.