This week in cybersecurity, Microsoft addressed 67 vulnerabilities, including a critical WebDAV zero-day currently being exploited in the wild. Meanwhile, Windows users face a new threat with the emergence of Myth, a Rust-based stealer malware capable of extracting sensitive information. In the enterprise space, over 20 configuration risks were uncovered across Salesforce Industry Cloud deployments, raising concerns about potential data exposure.

On the global stage, INTERPOL has made significant progress by dismantling 20,000 malicious IP addresses tied to 69 different malware strains, in one of the largest cybercrime operations to date. To top it off, a disturbing discovery has revealed that more than 40,000 internet-connected security cameras are vulnerable to remote hacking, exposing physical and digital infrastructures alike.

Adding to this turbulent week, a Google Cloud outage caused widespread disruptions, affecting major platforms like Spotify, Discord, and Gmail, underscoring the growing dependency on cloud infrastructure and the broad impact of even short-term service interruptions.

Google Cloud Outage Disrupts Spotify, Discord, Gmail and More Across Multiple Platforms

On June 12, 2025, a significant outage in Google Cloud services triggered widespread disruptions across numerous online platforms, including Spotify, Discord, Snapchat, Google Meet, Gmail, and more.

The incident began around 1:51 PM ET and by 2 PM, Downdetector was logging thousands of outage reports from users worldwide. The outage impacted essential cloud-based infrastructure and even affected Cloudflare, which relied on Google Cloud for certain services.

Most systems were restored by approximately 6 PM ET, though some had lingering issues status.

No information as been disclosed on the causes of the issue, only that it had “identified the root cause” and had “applied appropriate mitigations”.

Microsoft Patches 67 Vulnerabilities, Including WebDAV Zero‑Day Actively Exploited in the Wild

Microsoft has released security updates addressing 67 vulnerabilities, including one critical zero‑day flaw noted as CVE‑2025‑33053, in the Web Distributed Authoring and Versioning (WebDAV) protocol, which is already being exploited by the Stealth Falcon threat actor. This vulnerability, with a CVSS score of 8.8, can lead to remote code execution if a user clicks a maliciously crafted URL.

Of the total patches, 11 issues are rated Critical and 56 Important, covering remote code execution, privilege escalation and information disclosure across Microsoft products.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the WebDAV zero‑day to its Known Exploited Vulnerabilities catalog, urging immediate remediation.

Administrators should prioritise applying the update and review related server configurations to reduce exposure.

Rust-Based Myth Stealer Malware Targets Windows Users

A new info-stealing malware dubbed “Myth” is being distributed via malicious game cracks and cheat tools, primarily targeting Windows users.

Written in Rust for efficiency and stealth, Myth exfiltrates browser credentials, cryptocurrency wallet data, and system information. Threat actors are spreading it through YouTube videos and file-sharing platforms, often disguised as popular game hacks.

Users are urged to avoid unofficial downloads and keep antivirus tools updated.

20+ Configuration Risks Discovered in Salesforce Industry Cloud

Cybersecurity researchers at AppOmni have identified over 20 security misconfigurations within Salesforce Industry Cloud (also known as Salesforce Industries), impacting core components like FlexCards, Data Mappers, Integration Procedures, Data Packs, OmniOut, and OmniScript saved sessions. The flaws allow unauthorised internal and external access to encrypted data, session information, and even corporate credentials if left unaddressed.

Among these, five have been assigned Common Vulnerabilities and Exposures (CVEs), some of which permit direct exposure of sensitive customer and employee records.

AppOmni stresses that while low-code platforms offer deployment speed, they carry significant configuration risks when security isn’t prioritised.

Organisations are strongly advised to audit their Salesforce deployments and implement corresponding fixes to safeguard against these elevated risks

INTERPOL Dismantles 20,000 Malicious IPs Linked to 69 Malware Strains in Major Operation

Between January and April 2025, INTERPOL, alongside 26 countries, executed Operation Secure, taking down over 20,000 malicious IP addresses and domains linked to 69 distinct information stealing malware families.

They seized 41 servers and more than 100 GB of data, resulting in 32 arrests, with 18 suspects detained in Vietnam and others in Sri Lanka and Nauru.

The operation disrupted critical command-and-control infrastructure designed to enable phishing, fraud, and malware campaigns.

Cybersecurity firm Group-IB highlighted that compromised credentials harvested via infostealers often serve as gateways to follow-on threats like ransomware and business email compromise.

40,000+ Security Cameras Exposed to Remote Hacking

Bitsight reports that more than 40,000 internet connected security cameras are accessible via unsecured HTTP or RTSP protocols, making them vulnerable to unauthorised access, ranging from live video spying to botnet recruitment and network infiltration. Of these, over 14,000 are in the U.S., with significant numbers in Japan, Europe, and South Korea.

Many devices use weak or default credentials or expose administrative interfaces, enabling attackers to manipulate feeds or systems remotely. Cameras are found not just in residential settings but also in businesses, factories, hotels and schools, often connected directly to ISP networks.

It is recommended to secure these devices by updating credentials, disabling unnecessary remote access, and keeping firmware current.

Have questions about your cybersecurity posture? We’re here to help! Contact us using the form below to get started 👇.