Cyber Briefing: 2025.05.20

W3LL kit and Zoom phishing steal logins, Windows 10 patch fixes BitLocker bug. RVTools spreads malware, Effortel and Promises2Kids breached, GDPR changes opposed, Tor updates, CISA reshuffles.

May 20, 2025

👉 What's happening in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. W3LL Phishing Kit Steals Microsoft Logins

A phishing campaign using the W3LL Phishing Kit actively targets users' Microsoft Outlook credentials. This Phishing-as-a-Service tool features a marketplace and uses AitM techniques to bypass MFA. Researchers found its infrastructure with meticulously designed fake login pages impersonating services like Adobe. The W3LL kit employs IonCube obfuscation for its PHP code and allows deep campaign customization.

2. Windows 10 Intel BitLocker Bug Fixed

Microsoft released an emergency update (KB5061768) for Windows 10 to fix a critical system failure issue. The problem introduced by a May update caused LSASS crashes and BitLocker recovery prompts on Intel vPro systems. This fix is available via Windows Update and Microsoft Update Catalog with specific servicing stack requirements. This update comes as Windows 10 nears its October 2025 end of support urging migration to Windows 11.

3. Zoom Phishing Attack Steals Corporate Logins

A sophisticated phishing campaign is targeting corporate users with fake Zoom meeting invitations from supposed colleagues. These attacks use urgent social engineering and replica interfaces with pre-recorded videos to harvest Zoom credentials. SpiderLabs researchers identified this highly effective five-stage attack which includes fake disconnection and login prompts. The campaign uses specific domains for its operations and exfiltrates stolen login data via Telegram API.

For more alertsclick here!

Check Jobs

💥 Cyber Incidents

4. Promises2Kids Data Breach Hits Foster Youth

California nonprofit Promises2Kids reported a data breach where sensitive personal information was potentially compromised. Unauthorized network access may have occurred in September 2024 with data acquisition confirmed by May 2025. While exact data types are unstated, Promises2Kids is notifying individuals and offering credit monitoring. The charity founded in 1981 supports over 3000 San Diego County foster youths annually.

5. RVTools Site Hacked to Spread Malware

The official RVTools website was hacked to distribute malware through a trojanized installer. Security researchers linked the infected file to the Bumblebee loader, used for cyberattacks. Procolored printer software also carried malware, including a backdoor and a clipboard hijacker named SnipVex. The malware stole Bitcoin and damaged systems before its control server went offline in early 2024.

6. Effortel Data Breach Exposes 70K Belgians

A data breach at mobile virtual network enabler (MVNE) Effortel exposed personal information of 70000 Belgian mobile virtual network operators (MVNO) customers. The breach occurred when a hacker accessed customer data test files via a support portal. Compromised data includes names addresses passport numbers and SIM card details raising serious concerns. Effortel is responding to this incident which highlights data security risks during telecom system tests.

For more incidents, click here!

Check Tools

📢 Cyber News

7. Groups Oppose EU GDPR Changes To Save Rights

Over 100 groups and individuals are opposing potential EU GDPR changes aimed at small businesses. A coalition including Amnesty Mozilla and noyb fears these changes will unravel key digital rights protections. They argue simplifying recordkeeping by company size could undermine GDPR's core risk approach. Instead of weakening rules they urge better enforcement and support for smaller organizations' compliance.

8. CISA Names Gottumukkala New Deputy Director

CISA announced Madhu Gottumukkala as its new deputy director though the agency still lacks a permanent director. Sean Plankey's nomination to lead CISA is currently blocked by Senator Ron Wyden over a 2022 telecom report. This comes as China linked actors have targeted U.S. telcos for senior government officials' sensitive data. Meanwhile the White House proposed a $491 million CISA budget cut alleging it became a censorship complex.

9. Tor Browser 14.5.2 Security Privacy Update

Tor Project launched Tor Browser 14.5.2 a significant update addressing security and privacy. Based on Firefox ESR it fixes critical flaws, refines click-to-play policies and cross platform functions. The build system was modernized, disabling telemetry and upgrading the Go compiler for reliability. This release reflects community collaboration, enhances user experience and bolsters digital autonomy.

For more news, click here

Check Events

📈Cyber Stocks

On May 19, 2025, Zscaler, CrowdStrike, Palo Alto Networks, and Fortinet rose, with Fortinet up 1.98%, while SentinelOne fell 1.09%, showing mixed performance across cybersecurity stocks.

💡 Cyber Tip

Be Careful with Zoom Meeting Invites as They Could Be Fake and Steal Your Login

A new phishing scam is tricking users with fake Zoom meeting invites that look like they’re from coworkers. These emails create a sense of urgency and lead to fake login pages that steal your Zoom credentials.

✅ What you should do

Always double-check Zoom meeting invites before clicking. Look closely at the sender’s email address and meeting details.
If you receive a “Missed Zoom Call” or “Urgent Meeting Request,” take a moment to verify with the sender through another channel.
Never enter your Zoom credentials on a page unless you are sure it's the official Zoom site.
Use multi-factor authentication (MFA) on your Zoom account for added protection.

✅ Why this matters

These fake meeting pages are designed to look real, complete with fake videos and login screens. Falling for them can give attackers full access to your account and meetings.