Weekly Cybersecurity Recap - 2 June 2025

Introduction

This week’s cybersecurity roundup captures a surge in targeted malware activity, new zero-day exposures, and escalating incidents impacting major retailers and service providers. From destructive malware disguised as AI tools to a critical flaw threatening 100,000+ WordPress sites, the threat landscape continues to shift rapidly. Here's a breakdown of the most notable developments:

Malware and Threat Campaigns

New EDDIESTEALER Malware Bypasses Chrome's App-Bound Encryption to Steal Browser Data

Cybercriminals have launched a campaign using EDDIESTEALER, a Rust-based stealer malware capable of bypassing Chrome's app-bound encryption to extract sensitive browser data. The infection begins via a ClickFix tactic - using fake CAPTCHA verification pages loaded through compromised sites. These pages lure users into a multi-step process, allowing the attackers to implant malware with stealth and precision.

Cybercriminals Target AI Users with Malware-Loaded Installers Posing as Popular Tools

Threat actors are exploiting interest in AI by distributing malicious installers that masquerade as tools like ChatGPT and InVideo AI. Victims end up downloading threats such as CyberLock and Lucky_Gh0$t ransomware, or worse Numero, a GUI-targeting malware that renders infected Windows machines unusable by manipulating interface components.

ConnectWise Breached, ScreenConnect Customers Targeted

Remote IT management provider ConnectWise confirmed a breach linked to a sophisticated nation-state actor. The company’s ScreenConnect customers may be at risk, though few technical details have been released. This breach underscores the ongoing risk faced by IT infrastructure providers themselves.

Cybersecurity Firm SentinelOne Suffers Major Outage

SentinelOne experienced a significant disruption that interfered with endpoint monitoring and cloud app oversight across customer environments. The incident began on Thursday and affected critical functions like software updates and service visibility.

Exploits and Vulnerabilities

China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil

A Chinese threat actor previously linked to SAP NetWeaver exploits is now connected to wider cyber campaigns affecting multiple nations including Brazil, India, Indonesia, and more. These operations leverage vulnerabilities in SAP and SQL systems to infiltrate corporate environments, targeting sectors throughout Southeast Asia.

Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin

Researchers have disclosed a critical vulnerability in the TI WooCommerce Wishlist plugin, affecting over 100,000 active WordPress installations. The flaw, which remains unpatched, allows unauthenticated file uploads - posing significant risk for e-commerce operators using the plugin to enable customer wishlists and social sharing.

Industry & Market Moves

Inside the $111 Billion Cloud Security Market: Acquisition, Expansion, and Where to Aim Next

Cloud security spending is poised to reach $111 billion in 2025, representing about 3% of total IT spend. Microsoft is expected to dominate with over $37B in security revenue alone. These figures, provided by HG Insights, reflect a landscape ripe for both acquisition and strategic growth among larger players and startups alike.

Incidents and Breaches

Victoria’s Secret Website Taken Offline After Cyberattack

Victoria’s Secret suffered a cyberattack that led to its website being taken offline. While the nature of the breach is not confirmed, ransomware remains a likely cause given the scale and suddenness of the disruption. At the time of reporting, the website remains inaccessible.