🎉 Back from vacation and fully recharged—sunburned but secure! ☀️🔐 Missed a week, but fear not: your favorite Friday Wrap Up is back and packed tighter than a phishing kit on a USB stick.

This week’s headlines are a buffet of cyber-chaos: ransomware gangs get sneakier, Chrome plays password nanny, and someone gave 40,000 iOS apps a little too much freedom. Also, Microsoft’s playing sheriff, Signal's playing defense, and a student hacker’s playing guilty.

We’re covering exploits, takedowns, zero-days, and privacy promises—all served with a side of “wait, what now?”

👀 Curious? Read on to unwrap the full spread of this week’s cybersecurity stories in the Friday Wrap Up newsletter

🔐 Cybersecurity Threats and Malware Campaigns

As digital threats grow increasingly complex, the cybersecurity community faces relentless waves of malware, data breaches, and exploitations. Here's the latest on key campaigns and threats:

• 🐍 Ransomware gangs are leveraging Skitnet malware for stealthy data theft and remote access. (Published on 5/19/2025, The Hacker News). Read More

• 🧿 Fake KeePass installs are spreading ransomware via Cobalt Strike beacons. Stay alert! (Published on 5/19/2025, BleepingComputer). Read More

• 🧬 Hazy Hawk hijacks DNS records of major orgs for malware distribution. (Published on 5/20/2025, The Hacker News). Read More

• 🛡️ Microsoft and partners dismantle Lumma malware network in major cybercrime takedown. (Published on 5/22/2025, ComputerWeekly). Read More

• 🕵️ Global authorities and tech firms disrupt the Lumma infostealer platform. (Published on 5/22/2025, Ars Technica). Read More

• ⚔️ FBI warns of Luna Moth attacks on law firms via phishing and social engineering. (Published on 5/23/2025, BleepingComputer). Read More

• 🧨 Ivanti EPMM flaw exploited by Chinese hackers to breach government systems. (Published on 5/22/2025, BleepingComputer). Read More

🔐 Software Flaws and Security Vulnerabilities

Recent findings emphasize how overlooked flaws in everyday tools can open dangerous doors. Stay updated on patches and best practices:

• ⚠️ Critical OpenPGP.js flaw could let attackers spoof signed encrypted emails. (Published on 5/21/2025, CSO Online). Read More

• 🛠️ Chrome zero-day CVE-2025-4664 exposes sensitive browser activity—update now. (Published on 5/23/2025, HackRead). Read More

🔍 Data Privacy and Corporate Responsibility

As companies handle sensitive data, public trust hinges on transparency and ethics. Here's how key players are addressing privacy concerns:

• 🧬 Regeneron vows privacy protection in $256M bid to acquire 23andMe. (Published on 5/20/2025, Dark Reading). Read More

• 🛡️ Signal enables screenshot blocking to defend against Windows Recall. (Published on 5/23/2025, SecurityWeek). Read More

📱 Mobile and App Ecosystem Security

Malicious apps and misused permissions remain persistent threats on mobile platforms. Here's the latest:

• 📱 Over 40,000 iOS apps found exploiting private entitlements—users beware. (Published on 5/19/2025, Hackread). Read More

🌐 Browser and Cloud Innovations

Progress in browser-based security and automation continues to evolve user protections:

• 🔄 Chrome now auto-changes compromised passwords via built-in Password Manager. (Published on 5/21/2025, The Hacker News). Read More

💥 Cyber Incidents and Breaches

Major incidents are disrupting lives and services. Here’s a snapshot of recent attacks:

• 📶 Cellcom confirms cyberattack behind days-long wireless outages. (Published on 5/20/2025, BleepingComputer). Read More

• 👨‍💻 U.S. student to plead guilty for PowerSchool hack and extortion scheme. (Published on 5/21/2025, SecurityWeek). Read More

Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!