San Mateo, CA, May 26, 2025 — Stories, events, and developments that impacted the cybersecurity landscape last week, including emerging threats, policy changes, and industry responses.
Signal’s “screen security” blocks Windows screenshots
Signal has added a new “screen security” feature to its Windows app that blocks screenshots to protect user privacy, particularly from Microsoft’s Recall tool. The feature renders a blank screen during screenshot attempts and is enabled by default. Recall, which resumed testing in April 2025 after backlash in 2024, continuously captures screen content for later reference. Signal argues this undermines user privacy and says apps should not need “one weird trick” to avoid surveillance. The setting can be disabled, but only with an explicit confirmation. Read more.
DragonForce clashes with rival ransomware groups
Since rebranding as a “cartel” in March 2025, DragonForce has begun sabotaging other ransomware-as-a-service (RaaS) groups, including RansomHub. It has defaced leak sites and is suspected of causing RansomHub’s infrastructure outage, contributing to a drop in ransomware activity in April. DragonForce now offers a white-label platform, RansomBay, giving affiliates 80 percent of ransom profits while it handles hosting and support. Fallout from failed collaboration talks includes accusations of betrayal and law enforcement ties. Sophos warns such rivalries could trigger unpredictable attacks. Read more.
Microsoft and DOJ shut down Lumma Stealer malware operation
Microsoft and the U.S. Department of Justice have seized over 2,300 domains tied to the Lumma Stealer malware, dismantling a global operation responsible for nearly 400,000 infections. Run from Russia, Lumma sold malware subscriptions and customer support through phishing campaigns. Between March and May 2025, Microsoft tracked over 394,000 infections; the FBI attributes more than 1.7 million stolen credentials to the group. Seized domains now redirect to sinkholes. Legal action also took control of five core servers tied to LummaC2 infrastructure. Read more.
TikTok used to distribute info-stealing malware
Trend Micro reports that cybercriminals use AI-generated TikTok videos to spread Vidar and StealC malware. The tactic, known as ClickFix, tricks users into running PowerShell commands under the guise of unlocking software like Spotify or CapCut. These commands download malicious scripts that steal credentials, crypto wallets, cookies, and two-factor authentication data. One video reportedly reached nearly 500,000 views. The approach relies on automated video production with AI voices and has been used across Windows, macOS, and Linux platforms. Read more.
Regeneron bids $256M to acquire 23andMe
Regeneron Pharmaceuticals has offered $256 million to buy 23andMe out of bankruptcy, pledging to maintain strict data privacy practices. A court-appointed privacy ombudsman will review the deal before a June 17, 2025 hearing. Although Regeneron cites its track record with anonymized data, privacy advocates warn that U.S. laws do not offer strong protections for genetic information. Critics point to 23andMe’s 2023 data breach and note that anonymization alone does not eliminate risks like targeting or discrimination. Read more.
Windows 11 adds protections against quantum threats
Microsoft’s Insider Build 27852 introduces post-quantum cryptography (PQC) algorithms to Windows 11 via SymCrypt, the platform’s core cryptographic library. The new algorithms, ML-KEM and ML-DSA (formerly CRYSTALS-Kyber and CRYSTALS-Dilithium), were selected by NIST for future-proof encryption. These updates prepare systems for quantum computing threats that could break RSA and elliptic-curve cryptography. Microsoft has also added PQC support to OpenSSL and its Cryptography API. NIST recommends a hybrid approach for now due to ongoing uncertainties.. Read more.
CISA halts website alert changes after backlash
On May 12, 2025, CISA announced it would stop posting routine cybersecurity alerts on its website, instead shifting updates to email and social media. The move drew swift criticism from the security community, particularly for sidelining tools like RSS and JSON feeds used to monitor the KEV (Known Exploited Vulnerabilities) catalog. CISA paused the change the following day, citing concerns that the shift would reduce visibility for smaller organizations and disrupt automated workflows. Read more.
Firefox zero-days patched after Pwn2Own contest
Mozilla has released emergency updates to patch two Firefox zero-days demonstrated during Pwn2Own Berlin 2025. The flaws, found in Firefox for Desktop, Android, and Extended Support Releases, involved JavaScript memory handling and array index manipulation. Researchers received $50,000 each for the discoveries. While the exploits did not escape the browser’s sandbox, Mozilla rated the bugs as critical and urged users to upgrade to Firefox 138.0.4 or the latest ESR versions. Read more.
BreachForums admin to pay $700K in civil data breach suit
Conor Fitzpatrick, known online as “Pompompurin,” will forfeit nearly $700,000 to settle a civil suit linked to the 2023 breach of Nonstop Health. The suit claims he facilitated the sale of sensitive data through BreachForums, the cybercrime marketplace he launched in 2022. The payment is part of a $1.6 million class action settlement. Fitzpatrick is also due for resentencing on June 3, 2025, after violating conditions of his previous sentence by accessing VPNs and denying guilt on Discord. Read more.
FBI warns of AI voice attacks impersonating officials
The FBI has issued a warning about cybercriminals using AI-generated voice messages to impersonate senior U.S. officials and compromise government accounts. The campaign, which began in April 2025, includes voice and text messages aimed at building trust before extracting sensitive data. The attackers’ identities remain unknown. The FBI says the campaign highlights growing risks from cheap and widely accessible AI tools capable of mimicking voices convincingly. Read more.
More cybersecurity news
- Last week’s news
- More cybersecurity news
- All articles sponsored by NetworkTigers
About NetworkTigers
NetworkTigers is the leader in the secondary market for Grade A, seller-refurbished networking equipment. Founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms, NetworkTigers provides consulting and network equipment to global governmental agencies, Fortune 2000, and healthcare companies. www.networktigers.com.
