TAAUS Top Ten - May 2025

There is never a dull moment in the managed information technology and cybersecurity space. Here is our TAAUS Top Ten for May 2025 – as always, be vigilant!

Microsoft Teams will soon block screen capture during meetings

- Bleeping Computer

Those joining from unsupported platforms will be automatically placed in audio-only mode to protect shared content. The company plans to start rolling out this new Teams feature to Android, desktop, iOS, and web users worldwide in July 2025.

Cybercriminals have found a sneaky way of stealing tax accounts and even encrypted messages

- TechRadar

Hackers use blob URIs to hide phishing pages inside the browser memory.

China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide

- The Hacker News

A recently disclosed critical security flaw impacting SAP NetWeaver is being exploited by multiple China-nexus nation-state actors to target critical infrastructure networks.

Massive data breach exposes 184 million passwords for Google, Microsoft, Facebook, and more

- ZDNET

Cybersecurity researcher Jeremiah Fowler revealed his discovery of a massive online database containing more than 184 million unique account credentials.

Data broker giant LexisNexis says breach exposed personal information of over 364,000 people

- TechCrunch

The company said in a filing with Maine’s attorney general that the breach, dating back to December 25, 2024, allowed a hacker to obtain consumers’ sensitive personal data from a third-party platform used by the company for software development.

Tech companies have a big remote worker problem: North Korean operatives

- POLITICO

Cybersecurity firms say that the intricate scam to amass funding for North Korea’s weapons program is happening “on a scale we haven’t seen before”.

Threat Actor Claims TikTok Breach, Puts 428 Million Records Up for Sale

- HACKREAD

A newly emerged threat actor, going by the alias “Often9,” has posted on a prominent cybercrime and database trading forum, claiming to possess 428 million unique TikTok user records.

Mandatory Ransomware Payment Disclosure Begins in Australia

- Infosecurity Magazine

The provisions, outlined in Australia’s Cyber Security Act 2024, also apply to private companies that operate critical infrastructure assets in the country.

Microsoft Authenticator now warns to export passwords before July cutoff

- Bleeping Computer

The Microsoft Authenticator app is now issuing notifications warning that the password autofill feature is being deprecated in July, suggesting users move to Microsoft Edge instead.

U.S. DoJ Seizes 4 Domains Supporting Cybercrime Crypting Services in Global Operation

- The Hacker News

A multinational law enforcement operation has resulted in the takedown of an online cybercrime syndicate that offered services to threat actors to ensure that their malicious software stayed undetected from security software.