Security News Bites for June 6, 2025
Fake Social Security Emails Trick Users into Installing Remote Access SW
Cybersecurity experts have uncovered ongoing schemes where criminals are exploiting the US Social Security Administration (SSA) to trick people into installing a dangerous Remote Access Trojan (RAT). This program gives the attackers complete remote control, allowing them to steal personal information and install more harmful software. These fake emails inform people that their “Social Security Statement is now available” and urged them to download an attachment or click a link to view it. Credit: Hackread
US Commerce Secretary Defends Export Controls Crackdown
Commerce secretary Lutnick is between a rock and something else. He testified that stepping up the export controls on tech like AI chips helps America so that the Chinese and others don’t get them. Here is the problem. We tried that under the past president under the same claim and now China is homegrown making and selling chips on par with us. We are effectively telling US companies to ignore one of the largest if not the largest chip market (China) and give that business to other companies and other countries. Once China creates these chips they are selling them to the same customers American companies are trying to sell to, only China is selling them for less. Credit: Data Breach Today
Hackers Use Voice Phishing (Vishing) to Breach Salesforce Customers
In an active campaign, a financially motivated threat actor is voice phishing (Vishing) Salesforce customers to compromise their organizational data and carry out subsequent extortion. The threat actor group targets employees within English-speaking branches of multinational corporations to trick them into granting sensitive access or sharing credentials. The hackers then move laterally to other cloud systems like Microsoft, Okta and Workplace. Credit: CSO Online
Apple WebKit Zero-Day Patched This Month Has Been Used Since 2020
Every day Apple is becoming more like Microsoft – but they still have a ways to go. The WebKit zero-day that was patched this month – it has been exploited since 2020. The most recent campaign started last summer and it serves up malicious ads that have figured out a way to escape Apple’s sandbox. The patches are now available. Credit: ZDNet
President Compiling One Database of All US Citizens’ Data
The White House has contracted with Palantir, a major defense contractor, to compile a database of the personal information on US citizens. Conservatives and others who distrust the government anyway, are, to be polite, concerned. Numerous pro-administration voices expressed feelings of betrayal. One far-right supporter described as an America First white nationalist called the detail “the ultimate betrayal of his own people”, referring to the president’s supporters. Welcome to the new surveillance state. If you criticize the government you will be in the database. Credit: Newsweek