4. State Actors Hit ConnectWise ScreenConnect

ConnectWise, developer of ScreenConnect software, disclosed on May 28th that it suffered a cyber attack likely perpetrated by a sophisticated nation-state actor, affecting a few customers. The company has engaged Google Mandiant for a forensic investigation and has notified all impacted customers, though specific details about the attack or attacker remain unconfirmed. While ConnectWise recently patched a high-severity ScreenConnect vulnerability (CVE-2025–3935), it is currently unknown if this flaw is connected to the recent cyber attack.

5. Ivanti Flaw Hits NHS Staff and Patient Data

Several UK NHS trusts, including University College London Hospitals, had information stolen in a recent cyberattack exploiting a vulnerability in Ivanti Endpoint Manager Mobile software. Hackers reportedly accessed staff phone numbers, IMEI numbers, and authentication tokens, raising concerns this could lead to unauthorized access to sensitive patient records via remote code execution. Analysts at EclecticIQ, who uncovered the incident’s extent, identified the attackers using a China-based IP address and operating similarly to previous China-linked actors.

6. Amalgamated Sugar Data Breach Exposes SSNs

Amalgamated Sugar recently reported a data breach to Vermont’s Attorney General after its computer network was compromised around February 5th, 2025. An investigation confirmed an unauthorized individual may have accessed sensitive personal information, which could include names and Social Security numbers, varying by individual. The Idaho-based sugar company began sending data breach notifications to affected individuals on May 28th, offering them complimentary credit monitoring services. These notices will provide a list of the specific types of sensitive information impacted for each person, though the full consequences are still being determined.

7. Cybersecurity Adds $36M Value Per Project

Cybersecurity teams contribute a median value of $36 million to each enterprise initiative they support, yet their budgets have halved as a percentage of annual revenue over two years, an Ernst & Young survey revealed. This discrepancy suggests many organizations still don’t view cybersecurity investment as a value creator, with only 13% of CISOs consulted early in strategic decisions and over half struggling to articulate their value beyond risk mitigation. The study found that CISOs deeply involved in business initiatives significantly boost growth by securely implementing AI, enhancing brand trust, improving customer experience, and assessing new market risks early.

8. Funnull Sanctioned In $200M Crypto Scams

The U.S. Treasury Department has sanctioned Funnull Technology Inc., a Philippines-based company, and its Chinese administrator, Liu Lizhi, for providing critical infrastructure that enabled “pig butchering” cryptocurrency scams. These scams, facilitated by Funnull, have reportedly led to over $200 million in losses for American victims, with the company linked to the majority of virtual currency investment scam websites reported to the FBI. Funnull allegedly acquired IP addresses from major cloud providers and sold them to cybercriminals, also offering domain generation and web design templates to create deceptive platforms. The company was also implicated in the Polyfill.io supply chain attack, redirecting legitimate web traffic to scam and gambling sites, some connected to Chinese money laundering operations.

9. Cerby Announced a $40M Series B Funding

Identity security automation startup Cerby announced a $40 million Series B funding round on May 28, 2025, led by DTCP Capital, bringing its total raised to $72.5 million. The company’s platform helps organizations manage and automate access to disconnected applications that traditional security tools cannot reach, covering the full identity lifecycle across various systems. Cerby plans to use the new capital to invest in agentic AI capabilities, make its platform extensible, and scale its go-to-market operations in North America and EMEA. With significant growth in recurring revenue and customers like L’Oréal and Fox, Cerby aims to eliminate the risks associated with manual identity workflows for all applications.

Be very cautious when downloading AI tools

Cybercriminals are creating fake websites that pretend to offer popular AI tools like ChatGPT or InVideo AI. Instead, they trick users into downloading ransomware and destructive malware that can encrypt, wipe, or crash your system.

✅ What you should do

• Only download AI tools from official websites or trusted sources like OpenAI, Microsoft, or verified app stores.
• Avoid clicking on ads for “premium” or “free” AI tools that appear in search results or on social media.
• Do not run files from unknown ZIP archives or installers promising free access to AI tools.
• Keep your antivirus software and operating system updated to detect and block malicious files.
• Report suspicious websites or ads impersonating legitimate AI platforms.

✅ Why this matters

Fake AI installers can silently infect your system with ransomware, steal your information, or make your computer completely unusable. One wrong click can cost you your data and a lot more.