Cyber Briefing: 2025.05.28
DocuSign lures steal logins, fake Bitdefender spreads Venom Trojan, and Void Blizzard spies via cloud abuse. Tiffany breach triggers LVMH concerns, MathWorks hit by ransomware, and Migos account used
👉 What's the latest in the cyber world today?
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please Subscribe
🚨 Cyber Alerts
1. Fake DocuSign Alerts Target Corporate Logins
Cybercriminals are using DocuSign's trusted reputation in phishing campaigns to steal corporate credentials. These scams use fake DocuSign envelopes with urgent prompts or QR codes leading to malicious sites. Attackers also register real DocuSign accounts or exploit its APIs to send deceptive official-looking notifications. Businesses need employee education, MFA security tools and vigilance to counter these pervasive threats.
2. Fake Bitdefender Site Spreads Venom Malware
A phishing campaign uses fake Bitdefender websites to trick users into downloading Venom RAT malware. This malware distributed via GitHub targets browser cookies to steal credentials without UAC alerts. Venom RAT, part of a modular toolkit with StormKitty and SilentTrinity components, bypasses security. This campaign and others like ClickFix Google Meet RATs show attackers use sophisticated evolving tactics.
3. Microsoft Void Blizzard Cyber Threat Alert
Microsoft warned about Russia affiliated Void Blizzard conducting cyberespionage against NATO states and Ukraine. Active since April 2024 it targets critical sectors and evolved to advanced spear phishing. Void Blizzard uses fake Microsoft portals QR codes and Evilginx to steal credentials and data. Microsoft urges robust cloud security and user education to counter this persistent evolving threat.
For more alerts, click here!
💥 Cyber Incidents
4. Tiffany & Co. Faces Data Breach Incident
Tiffany & Co. confirmed a data breach impacting its South Korean customers, marking the second such security failure for parent company LVMH after a similar incident at Dior. The breach stemmed from unauthorized access to a vendor platform, exposing sensitive client information including names, contact details, and purchase histories. Tiffany Korea notified affected individuals privately but did not issue a public statement on its official website regarding the compromise. These repeated incidents at major LVMH Maisons raise significant questions about the luxury conglomerate's overall data security measures and potential vulnerabilities across its other brands.
5. MathWorks Crippled by Ransomware Attack
Renowned software developer MathWorks experienced a significant ransomware attack beginning May 18, 2025, which disrupted its customer-facing and internal IT systems. The company promptly informed federal law enforcement and mobilized cybersecurity specialists, working to restore services like MATLAB Online and user authentication features. Although many services were brought back online by May 27, key functionalities such as software downloads remained unavailable, and some account access issues persisted for users.
6. Migos IG Hack Blackmails Solana Cofounder
The Instagram account of former rap trio Migos was compromised on May 27 in an apparent attempt to blackmail Solana co-founder Raj Gokal using his personal identification documents. Hackers posted images of Gokal with his passport and driver's license, demanding 40 Bitcoin and referencing a previous failed extortion attempt before the posts were deleted. The source of these KYC-style photos showing Gokal and allegedly his wife remains unknown, although Gokal had earlier reported attempts to take over his online accounts.
For more incidents, click here!
📢 Cyber News
7. New CISA SIEM and SOAR Cyber Guide Released
On May 27 2025 Cisa and international partners including Australian Cyber Security Centre released comprehensive new guidance for implementing SIEM and SOAR platforms effectively. This guidance suite offers a three-tier framework with documents for executives and practitioners detailing strategic considerations, technical best practices and log prioritization. It highlights significant technical challenges such as accurate alerting and appropriate automated responses emphasizing the need for skilled personnel and careful configuration.
8. Iranian Pleaded Guilty in Robbinhood Case
Iranian national Sina Gholinejad recently pleaded guilty in a US federal court for his role in the extensive Robbinhood ransomware operation. From January 2019 to March 2024, Gholinejad and co-conspirators targeted US cities, healthcare providers, and organizations, encrypting data and demanding Bitcoin. These cyberattacks, including the notable disruption of Baltimore's city services, resulted in tens of millions of dollars in losses and significant public service outages. Gholinejad now faces a maximum penalty of 30 years in prison for conspiracy, computer fraud, and other charges related to this widespread extortion scheme.
9. Vietnam Cites Security For Telegram Ban
Vietnam's government has ordered local telecom providers to ban the Telegram messaging app, citing national security concerns and the platform's alleged non-compliance with local laws. Authorities accused Telegram of failing to address criminal activity like fraud and drug trafficking, with a report claiming many channels hosted illicit or anti-government content. A Telegram spokesperson expressed surprise, stating the company had responded to legal requests, while Vietnam has a history of strictly controlling online content and pressuring tech firms.
For more news, click here!
📈Cyber Stocks
On May 27, 2025, Zscaler rose 1.26%, CrowdStrike Holdings gained 3.67%, Palo Alto Networks increased 0.38%, Fortinet added 1.53%, and SentinelOne climbed 1.57%.
💡 Cyber Tip
Think twice before clicking on DocuSign emails as some may be phishing scams.
Cybercriminals are sending fake DocuSign notifications that look real but are designed to steal your login information. These emails often use urgent language, QR codes, or official-looking buttons to trick you into clicking.
✅ What you should do
Always double-check the sender’s email address and the URL before clicking any links in a DocuSign email.
Do not scan QR codes from unsolicited emails unless you’re certain they are legitimate.
If you’re unsure, log in to DocuSign directly by typing the official website into your browser—not by clicking links.
Use multi-factor authentication (MFA) on your work accounts to protect against unauthorized access.
Report suspicious messages to your IT or security team right away.
✅ Why this matters
Fake DocuSign emails can look extremely convincing and are being used to steal corporate credentials, leading to data breaches and financial fraud.
📚 Cyber Book
Senior Cyber: Best Security Practices for Your Golden Years by Scott Schober
That concludes today’s briefing . You can check the top headlines here!
Copyright © 2025 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.