You won't believe what Microsoft has confirmed... Read more below.

We have now reached MORE than 23,520 subscribers! Thanks for your support. Help us with our mission of helping 100,000 organizations become cyber-resilient by sharing this newsletter with your network.

Be sure to read the "My thoughts" section to learn strategies for navigating and combating cyber attacks. I'm here to assist you in avoiding and battling these threats should they ever affect you.

Contact me if you have any questions regarding your enterprise's cybersecurity strategy --> Luigi Tiano.

P.S. We often do giveaways on our company page -->

Assurance IT Named SentinelOne’s International Partner of the Year – 2025! 

Victoria’s Secret Website goes Down Post Attack 

Victoria’s Secret has taken its website offline following a cyberattack, which remains under investigation. The company has confirmed that the security incident prompted the temporary shutdown of the website and some in-store services as a precaution. Although the nature of the attack remains unclear, it is suspected to be related to a ransomware attack. Victoria’s Secret reassured customers that its stores remain open. The incident comes amidst a wave of attacks on major retailers, including Adidas and UK-based companies like Marks & Spencer, Harrods, and Co-op. Experts warn that cybercriminals are increasingly targeting the retail sector, a trend that appears to be growing in intensity. (securityweek.com) 

Luigi’s Thoughts: Retailers are becoming prime targets for cybercriminals, and this Victoria’s Secret breach highlights just how vulnerable these companies are, especially as they rely on massive online operations. While the specifics of the attack aren’t clear yet, the suspicion of ransomware is telling. It’s no longer a question of if retailers will get hit, but when.  

The sector’s exposure is becoming a serious issue, with companies like Adidas and Marks & Spencer already feeling the effects of similar incidents. This is a growing pattern, and retailers need to take this more seriously by implementing stronger security measures across the board. We’re talking about protecting sensitive customer data, yes, but also about keeping their businesses running smoothly when the worst happens. The fact that attacks are escalating and even crossing borders into the US shows that cybercriminals are treating the retail industry as low-hanging fruit. It’s time to step up the defenses. 

Book time with me here 

Microsoft has confirmed that some Windows 11 systems might fail to start after installing the KB5058405 cumulative update... 

Microsoft has acknowledged that a recent Windows 11 update, KB5058405, released during May 2025 Patch Tuesday, has caused some systems to fail to start. Users are experiencing the 0xc0000098 recovery error, specifically related to the ACPI.sys driver, which is essential for power management and device configuration. The issue mostly affects Windows 11 22H2 and 23H2 systems in enterprise environments, particularly virtual machines running on Azure, Citrix, or Hyper-V. Microsoft has assured that home users are less likely to face this problem, as it primarily impacts IT and virtual environments. The company is investigating the issue and promises to provide more details soon. (bleepingcomputer.com) 

Luigi’s Thoughts: This is another reminder that even routine updates can cause major headaches for IT environments. The fact that this issue mainly impacts virtual machines in enterprise settings adds to the frustration, as businesses rely heavily on these setups for their day-to-day operations. The ACPI.sys error is critical, and with virtual machines being hit hard, this is a potential disaster for companies using Azure, Citrix, or Hyper-V.  

It’s a good example of why testing updates before full deployment is a must, especially in complex environments. Microsoft’s response is necessary, but companies shouldn’t wait too long for a fix; they need to have backup plans in place when such issues arise. It’s not just about fixing bugs; it’s about minimizing downtime and keeping business systems running smoothly.  

Billions of Stolen Cookies for Sale, Leaving User Data Vulnerable to Cybercriminals 

A massive 93.7 billion stolen cookies are currently being sold on dark web marketplaces, with around 7-9% still active. These cookies, which hold unique identifiers and user data, can be exploited by cybercriminals to access sensitive information without requiring login credentials. Session cookies, which allow hackers to impersonate users, are especially valuable, and they can even bypass multi-factor authentication (MFA). The primary method of stealing cookies is through infostealer malware, with Redline being the most common. To mitigate the risk, users are advised to avoid accepting unnecessary cookies, regularly clear browser histories, and keep devices up to date with the latest security patches. (theregister.com) 

Luigi’s Thoughts: This massive availability of stolen cookies highlights a critical blind spot many organizations overlook—security in the digital identity and session management space. With cybercriminals easily obtaining session cookies, they bypass traditional credentials and even MFA, making them a prime target for accessing sensitive accounts and data. For us as a next-gen MSSP, this isn’t just a technical challenge, it’s a security and trust issue. We’re here to give our clients peace of mind by proactively managing and securing their digital footprint.  

 Our goal is to ensure that whether you’re using cookies to simplify user experiences or managing sensitive company data, you don’t have to worry about these attacks slipping through the cracks. The increasing reliance on session cookies for authentication makes it critical to stay ahead with robust security measures, and we are committed to being that forward-thinking partner who prevents these risks before they become a real threat. 

We only partner with industry leaders! We have a variety of options, tailored to your needs and organization size. 

Phishing Attackers Abuse Google Apps Script to Create Evasive Login Pages 

Threat actors are leveraging Google Apps Script to host phishing pages designed to steal login credentials. This development was observed by security researchers at Cofense, who explained that attackers use email campaigns masquerading as invoices to lure victims into clicking on a link that leads to a fraudulent login page hosted within Google’s trusted environment. By using Google Apps Script, the phishing page benefits from the credibility of the “script.google.com” domain, which is usually whitelisted by security products, making it harder for traditional phishing detection methods to flag the attack. The stolen credentials are exfiltrated to the attacker’s server via hidden requests. This technique also allows the attackers to easily modify the phishing scripts without needing to resend new links. The attackers are leveraging this method for operational efficiency and evasion. (bleepingcomputer.com) 

Luigi’s Thoughts: This phishing campaign is a classic example of how cybercriminals are constantly evolving their methods to evade detection. By using Google’s trusted platform, attackers are essentially hiding in plain sight, exploiting the trust most people place in Google’s environment. For us as a next-gen MSSP, it’s a reminder of how important it is to stay ahead of the game. Just as we deliver peace of mind by actively monitoring our clients’ security, it’s crucial for everyone; both businesses and consumers—to adopt a more proactive approach.  

We need to continue educating users about the risks, reinforce the need for multi-layered defenses, and make sure that every link and script is scrutinized before it gets the chance to do damage. With cyber threats evolving, staying vigilant and being one step ahead is the only way to truly protect sensitive data.