This Month in Cybersecurity - May 2025

This Month in Cybersecurity, the May 2025 edition is here with curated highlights of the month’s key cybersecurity and data privacy stories to help you stay safe when it comes to access and credential collaboration.

Let’s dive in!

1. Warning — 19 Billion Compromised Passwords Have Been Published Online

A new report has revealed that a staggering 19 billion passwords, compromised over 12 months from various breaches, are circulating online, dramatically escalating the threat of credential-stuffing attacks. A large percentage of these passwords are reused and weak, with default passwords like “admin” and “password” frequently appearing. Compounding this, SMS phishing campaigns—especially by the Chinese-based Smishing Triad and Panda Shop—are exploiting mobile messaging to distribute massive volumes of phishing messages globally. Despite advancements in cybersecurity, mobile phishing remains under-protected, raising urgent concerns for organizations and individuals alike.

Date: May 6, 2025
Source: Forbes
Author: Davey Winder

2. Exploiting Copilot AI for SharePoint

Microsoft Copilot for SharePoint introduces powerful AI agents that can search and retrieve information from SharePoint sites. However, attackers can exploit these agents to access sensitive data like passwords and private keys, often bypassing detection and logging mechanisms. Default Agents are especially vulnerable, while Custom Agents present further risks based on their training and access scope. Organizations should maintain strong SharePoint hygiene, enforce access controls, and monitor agent activity to mitigate these threats.

Date: May 7, 2025
Source: Pentest Partners
Author: Jack Barradell-Johns

3. EU to Make GDPR Procedures Unworkable

A proposed Procedural Regulation for the EU’s GDPR enforcement, nearing final negotiation, threatens to weaken user rights and create excessive delays. While intended to harmonize and speed up GDPR procedures, the proposal introduces complex steps, long deadlines (potentially 2-3 years per case), and structurally favors big tech companies over users. noyb criticizes the plan’s discriminatory structure, arguing it violates fundamental EU rights and is considering legal action to annul the regulation. The proposal’s convoluted procedures and compliance costs risk paralyzing effective GDPR enforcement and user protections.

Date: May 20, 2025
Source: NOYB
Author: noyb

4. Researchers Cause GitLab AI Developer Assistant to Turn Safe Code Malicious

Security researchers at Legit demonstrated that GitLab’s Duo AI assistant can be manipulated through prompt injection attacks to insert malicious code, leak private data, or execute unsafe HTML tags, exploiting its integration into developer workflows. This occurs when the chatbot processes content from sources like merge requests or source code, treating them as commands. Though GitLab has mitigated the issue by blocking unsafe HTML from external domains, the incident highlights the risks of AI assistants acting on untrusted input and the need for developers to inspect AI-generated code for potential threats.

Date: May 23, 2025
Source: Ars TECHNICA
Author: Dan Goodin

5. Microsoft Authenticator Now Warns to Export Passwords Before July Cutoff

Microsoft Authenticator’s password autofill feature is being deprecated in July 2025, with notifications urging users to export their passwords or switch to Microsoft Edge. After June 2025, users can no longer save new passwords, and by August, access to saved passwords in the app will be cut off. Microsoft recommends switching to Edge for continued password autofill and offers options to export passwords for those preferring other services. Perhaps, it might be the right moment to move on to a more collaborative open source tool to manage access and credentials.

Date: May 29, 2025
Source: Bleeping Computer
Author: Lawrence Abrams

6. New EDDIESTEALER Malware Bypasses Chrome’s App-Bound Encryption to Steal Browser Data

A new Rust-based malware named EDDIESTEALER is spreading via ClickFix social engineering, which tricks users into executing a malicious PowerShell script after fake CAPTCHA verifications. Once installed, EDDIESTEALER collects sensitive data like passwords, browser cookies, and cryptocurrency wallet info by exploiting system processes and bypassing Chrome’s encryption. It uses advanced techniques such as sandbox detection, kernel32.dll API calls, and launching hidden browser sessions. This reflects a growing trend of Rust adoption in malware for enhanced stealth and resilience. The campaign also targets macOS, Android, and iOS, delivering trojans through various deceptive tactics.

Date: May 30, 2025
Source: The Hacker News
Author: Ravie Lakshmanan

7. New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora

Two Linux information disclosure flaws, CVE-2025-5054 in apport and CVE-2025-4598 in systemd-coredump, were discovered in Ubuntu, Red Hat, and Fedora, exposing sensitive data like password hashes from core dumps. These race condition bugs can be exploited locally by attackers to access privileged process memory, though Debian systems are not affected by default. Mitigations include disabling core dumps for SUID binaries, but updates and stricter access controls are recommended to prevent potential data leaks and compliance issues.

Date: May 31, 2025
Source: The Hacker News
Author: Ravie Lakshmanan

Conclusion

That’s all for this roundup. We’d love to hear your thoughts. Share additional stories we may have missed or drop any comments in the Passbolt community forum: https://hubs.li/Q02bCy160. :heart: :tada:

2 Likes