4. Alleged Steam Breach Exposes 89M Records

A massive data breach allegedly exposed 89 million Steam user records, now for sale on the dark web. The breach may have stemmed from vulnerabilities within Steam’s vendor systems, impacting users globally. Leaked data includes two-factor authentication (2FA) logs and personal details, which can be exploited for phishing and account takeovers. Valve is investigating, and users are urged to enable 2FA and change passwords to secure their accounts.

5. Ulhasnagar Municipal Corporation Hacked

The official website of the Ulhasnagar Municipal Corporation in India was compromised on Saturday afternoon. A message with religious overtones and a hacking declaration appeared prominently on the homepage, triggering immediate action from the IT department. The website was quickly taken offline for investigation, with no confirmed data breach or system damage reported yet. Municipal officials, including IT head Shraddha Baviskar and Municipal Commissioner Manisha Awhale, have assured the public that the situation is being handled.

6. Madison County Iowa Systems Disrupted

Ransomware was detected in Madison County, Iowa, after suspicious activity was reported by the Iowa County Emergency Management on April 28. In response, Madison County officials took their systems offline as a precautionary measure. Cybersecurity experts have since been working with the county to investigate the breach and determine its scope and impact. Officials confirmed that the restoration of the computer network environment will take time, causing potential delays in fulfilling requests and providing information.

7. Hackers Trade Nearly $2 Billion in Japan

Japan’s Financial Services Agency reported a massive surge in unauthorized online trading activity in April 2025. Hackers breached nearly 5,000 financial accounts and conducted 2,746 fraudulent transactions through nine securities firms, totaling close to $2 billion in trades. Attackers typically used stolen login credentials to sell securities and reinvest the proceeds into domestic and foreign small-cap stocks, inflating prices for personal gain. The agency noted that many of these campaigns were linked to phishing attacks, with cybercriminals using tools like CoGUI and AI-generated emails to bypass security and steal user credentials.

8. New UK Law for Enterprise IoT Security

The UK government is addressing significant security vulnerabilities discovered in enterprise IoT devices through recent research. Their proposed interventions include a code of practice outlining security principles for manufacturers. They are also considering legislative measures to mandate stronger security standards across the industry. This proactive approach aims to enhance the overall security posture of connected devices used within business environments.

9.DoppelPaymer Ransomware Suspect Apprehended

Moldovan authorities have arrested a 45-year-old foreign man suspected of orchestrating ransomware attacks against Dutch companies in 2021. The individual is wanted internationally for a string of cybercrimes, encompassing ransomware deployment, blackmail attempts, and subsequent money laundering activities. During the arrest, law enforcement officials seized a substantial amount of cash, along with various electronic devices potentially used in the commission of these crimes. The suspect is believed to be connected to the significant DoppelPaymer ransomware attack that targeted the Netherlands Organization for Scientific Research, causing substantial financial and data-related damage.

Update Apple Devices to Patch Critical iOS and macOS Vulnerabilities. Apple has released urgent security updates addressing critical flaws in iOS, macOS, and related platforms. Vulnerabilities in components like AppleJPEG, CoreMedia, ImageIO, and WebKit could allow attackers to execute code, crash apps, or leak data simply by opening a crafted image, video, or website.

Actions You Should Take:

• Update all Apple devices immediately — Install the latest security patches for iOS, macOS, Safari, and other Apple software.
• Avoid opening untrusted media or links — Especially from unknown sources, until devices are updated.
• Enable automatic updates — Ensure future patches are applied promptly.

Why it matters: These vulnerabilities — including CVE-2025–31217 — can be exploited without user interaction, allowing attackers to compromise systems via common content like images or web pages.