TAAUS Top Ten - June 2025

There is never a dull moment in the managed information technology and cybersecurity space. Here is our TAAUS Top Ten for June 2025 – as always, be vigilant!

Russian hackers bypass Gmail MFA using stolen app passwords

- Bleeping Computer

Russian hackers bypass multi-factor authentication and access Gmail accounts by leveraging app-specific passwords in advanced social engineering attacks that impersonate U.S. Department of State officials.

Mobile banking users beware - "Godfather" malware is now hijacking official bank apps

- TechRadar

The notorious Godfather malware for Android phones is back with a vengeance, experts have warned, targeting victims with an upgraded build which makes it more dangerous than ever.

Salesforce Industry Cloud riddled with configuration risks

- CSO

AppOmni researchers found 20 insecure configurations and behaviors in Salesforce Industry Cloud’s low-code app building components that could lead to data exposure.

Chinese hackers and user lapses turn smartphones into a ‘mobile security crisis’

- Associated Press

Cybersecurity investigators noticed a highly unusual software crash — it was affecting a small number of smartphones belonging to people who worked in government, politics, tech and journalism.

FBI: Cybercriminals steal health data posing as fraud investigators

- Bleeping Computer

The Federal Bureau of Investigation (FBI) has warned Americans of cybercriminals impersonating health fraud investigators to steal their sensitive information..

Hackers Leak 86 Million AT&T Records with Decrypted SSNs

- HACKREAD

Hackers leak data of 88 million AT&T customers with decrypted SSNs; latest breach raises questions about links to earlier Snowflake-related attack.

Help Desk Hoax: How Attackers Bypass Tech Defenses

- DataBreachToday

Social engineering attacks against major British retailers including M&S, Co-op and Harrods have exposed critical vulnerabilities in corporate cybersecurity defenses, costing companies tens or hundreds of millions of pounds across the U.K.

Cloud assets have 115 vulnerabilities on average — some several years old

- CSO

The state of cloud security has reached a critical tipping point, as attackers increasingly turn attention to cloud environments that enterprises aren’t doing enough to secure.

SolarWinds Dameware Remote Control Service Vulnerability Allows Privilege Escalation

- Cyber Security News

A significant vulnerability, CVE-2025-26396, affects the SolarWinds Dameware Mini Remote Control Service could allow attackers to escalate privileges on affected systems.

Future of Passwords Biometrics and Passwordless Authentication

- Cyber Security News

Despite predictions that passwords will become obsolete, emerging evidence suggests the future lies not in their complete elimination but in a sophisticated ecosystem where traditional credentials work alongside cutting-edge biometric and cryptographic solutions.