Cyber Briefing: 2025.05.23

TikTok spreads Vidar malware, ZeroCrumb hijacks browser sessions, and a Commvault flaw risks cloud secrets. Cetus hacked for $223M, UFCW and MCP breached, DanaBot busted, FTC and SEC launch probes.

May 23, 2025

👉 What's happening in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. TikTok Videos Spread Vidar StealC Malware

Cybercriminals are using TikTok videos in ClickFix attacks to spread Vidar and StealC infostealer malware. These videos often AI generated trick users into running PowerShell commands for supposed software activation. The commands install malware like Vidar or StealC which steal credentials, crypto wallets and other data. Trend Micro reports this campaign uses TikTok's reach highlighting risks of social media based malware distribution.

2. New ZeroCrumb Malware Steals Browser Cookies

New ZeroCrumb infostealer malware distributed via GitHub targets popular browsers' cookies to steal authentication data. It bypasses User Account Control (UAC) alerts and standard security without admin rights to hijack web sessions and accounts. ZeroCrumb uses Transacted Hollowing and named pipes to decrypt keys and access encrypted cookie data. This malware mimics legitimate browser processes making detection difficult posing a significant widespread threat.

3. CISA Commvault ZeroDay Flaw Risks Secrets

CISA warned that threat actors accessed client secrets for Commvault's Metallic Microsoft 365 backup solution. This breach by a nation state actor exploited a zero-day vulnerability in Commvault's Web Server. Attackers gained unauthorized access to customers' Microsoft 365 environments though Commvault says no backup data was hit. CISA mandates federal patches and urges all users to implement its detailed mitigation guidance immediately.

For more alerts, click here!

Check Jobs

💥 Cyber Incidents

4. Cetus Crypto Exchange Hacked For $223M

Decentralized crypto exchange Cetus was hacked for $223 million on the Sui blockchain Thursday. While Cetus "paused" $162 million the attacker moved $50 million to a new wallet. The company patched the undisclosed root cause and is now attempting a whitehat settlement. This major exploit highlights DeFi risks though Cetus's response and collaboration were praised.

5. MCP Data Breach Hits 235K NC Lab Patients

North Carolina's Marlboro-Chesterfield Pathology reported a ransomware attack in January 2025 stole personal information. The breach impacted 235911 individuals exposing names, medical treatment and health insurance data. SafePay ransomware group claimed the attack though MCP is no longer on their leak site. MCP is notifying victims offering credit monitoring and has enhanced its network security measures.

6. UFCW Data Breach Risks Social Security Data

The United Food and Commercial Workers union reported a data breach after unauthorized access to its email environment in March 2025. An investigation confirmed sensitive personal information including names and Social Security numbers was potentially compromised. UFCW is now notifying affected individuals and providing them with complimentary credit monitoring services. This union representing 1.2 million workers in the US and Canada supports various industries.

For more incidents, click here!

Get Shield 360

📢 Cyber News

7. US Busts DanaBot Malware Ring Charging 16

The U.S. Department of Justice (DoJ) announced disrupting the DanaBot malware infrastructure, charging 16 for major global fraud. Controlled by a Russia based group DanaBot infected over 300,000 computers causing $50 million damages. This MaaS infostealer also delivered ransomware, used layered C2 servers and targeted sensitive entities. This takedown part of Operation Endgame included server seizures and followed other major malware busts.

8. FTC Probes Google AI For Kids Privacy Rules

Google's new Gemini AI chatbot program for children under 13 faces criticism from privacy advocates. Groups like EPIC and Fairplay told the Federal Trade Commission (FTC) it may violate child privacy rules by not requiring prior parental consent. The FTC Chair emphasized strong COPPA enforcement as an updated rule protecting children online is set to take effect. Advocates also urged Google to halt the rollout citing potential harm though Google says child data won't train AI.

9. SEC Charges Unicoin For Crypto Fraud Scheme

The U.S. Securities and Exchange Commission (SEC) charged crypto startup Unicoin Inc. and three top executives with defrauding thousands of investors. They allegedly made false claims about Unicoin tokens being asset backed by billions and SEC registered. Unicoin raised about $110 million based on these misleading statements while its CEO also sold certificates. The SEC seeks penalties, disgorgement and officer bans while Unicoin's general counsel has settled.

For more news, click here

Check Events

📈Cyber Stocks

On May 22, 2025, cybersecurity stocks advanced: Zscaler gained 1.65% to $252.82, CrowdStrike rose 2.15% to $444.07, Palo Alto Networks increased 2.69% to $186.14, Fortinet added 0.76% to $103.62, and SentinelOne climbed 2.01% to $19.79.

💡 Cyber Tip

Do not follow tech instructions from TikTok videos, especially ones asking you to run commands.

Cybercriminals are using TikTok videos to spread dangerous malware like Vidar and StealC. These videos trick users into running PowerShell commands by pretending they will activate software or unlock premium features.

✅ What you should do

Never copy or run any command in your terminal or PowerShell based on advice from social media videos.
Be skeptical of any video claiming to “activate” Windows or other software without a license.
Use official websites for software help and activation. Avoid shortcuts or hacks that seem too good to be true.
Keep antivirus and anti-malware tools active and up to date on all devices.

✅ Why this matters

One fake command from a TikTok video can secretly install malware that steals your passwords, credit card info, and crypto wallets. Always double-check tech advice before acting on it.