This Week in Cybersecurity - June 6, 2025

As cyber threats grow more complex and coordinated, small and mid-sized businesses continue to face rising risks—from insider manipulation to insecure third-party tools. This week’s top cybersecurity stories spotlight how young Western hackers are teaming up with seasoned ransomware groups, how popular Chrome extensions are leaking sensitive data, and how industry leaders are finally aligning on how threat actors are named. Each of these developments carries important lessons for SMBs looking to stay protected in an increasingly hostile digital environment.

Top News This Week

Scattered Spider & BlackCat: The Evolving Face of Ransomware

A recent 60 Minutes investigation reveals a disturbing trend in cybercrime: young, English-speaking hackers from the U.S., U.K., and Canada—part of a group called Scattered Spider—are now collaborating with veteran Russian ransomware gangs like BlackCat. Together, they're forming a potent new front in ransomware attacks targeting Western businesses.

The infamous 2023 MGM Resorts ransomware attack, which caused over $100 million in damages, was one such collaboration. Hackers gained access using social engineering—impersonating an MGM employee to bypass security protocols via a help desk. MGM refused to pay a $30 million ransom, while rival Caesars quietly paid $15 million after suffering a similar breach.

What makes this threat especially alarming is that Scattered Spider’s fluency in Western culture makes them highly effective at manipulating targets. Combined with BlackCat’s malware infrastructure and operational experience, this new ransomware-as-a-service model is now easier to scale, harder to detect, and more destructive.

Takeaway: Even the biggest companies can be brought to their knees by a convincing phone call. Social engineering is often the easiest point of entry. Train your staff to verify identity before sharing information, implement strict multi-factor authentication, and assume every help desk request could be a trap. Cyber defense is no longer just about technology—it's about people, too.

(CBS News)

Popular Chrome Extensions Found Leaking Sensitive Data

Security researchers at Symantec have uncovered troubling vulnerabilities in several widely-used Chrome extensions. These extensions—ranging from VPNs and password managers to productivity and e-commerce tools—were found transmitting user data via unencrypted HTTP and containing hard-coded API keys within their code.

The risks? Personal data like browser activity, machine IDs, and operating system info could be intercepted by attackers on public networks. Worse still, hard-coded credentials (such as Google Analytics secrets and AWS keys) could be exploited to tamper with analytics, abuse cloud services, or mimic crypto transactions.

Notable extensions affected include:

• Browsec VPN

• DualSafe Password Manager

• Microsoft Editor

• Trust Wallet

• TravelArrow

• AVG Online Security

• And over 90 others using vulnerable third-party libraries

While no passwords were exposed, the use of plain HTTP and embedded secrets demonstrates poor security hygiene, especially alarming for tools claiming to enhance privacy or security.

Takeaway: Don’t assume browser extensions—no matter how popular—are safe by default. Audit your organization’s approved extensions regularly, disable unnecessary add-ons, and enforce strict usage policies. Educate employees on the risks of installing unknown or overly-permissive browser tools, especially on devices handling sensitive business data.

(The Hacker News)

Microsoft, CrowdStrike, and Others Unite to Standardize Hacker Group Names

In a landmark collaboration, Microsoft, CrowdStrike, Palo Alto Networks, Google, and Mandiant have announced a joint effort to standardize how cybersecurity firms name and track threat actor groups. This move aims to eliminate confusion caused by inconsistent naming—an issue that has plagued the industry for years and hindered timely incident response.

Currently, different companies often assign different names to the same hacking group. For example, the group behind the MGM ransomware attack is known as Scattered Spider to most, Octo Tempest to Microsoft, and Muddled Libra to Palo Alto Networks. These inconsistencies can delay threat attribution and response during active attacks.

To address this, Microsoft and CrowdStrike have published an initial matrix mapping aliases across vendors, and will form a working group to maintain this shared taxonomy going forward. While each company will still use its own telemetry and naming methods, the goal is better alignment, faster responses, and fewer blind spots.

Takeaway: Clear, consistent threat intelligence is crucial for fast incident response. While this naming overhaul happens behind the scenes, SMBs benefit when their security providers speak the same language. If your cybersecurity tools or MSP partners use intelligence feeds, ensure they’re updated regularly and capable of translating across vendor naming conventions for accurate threat detection.

(Cybersecurity Dive)

Cyber Tip of the Week

Review and restrict browser extensions in your organization.

Even popular extensions can leak sensitive data or contain hardcoded credentials. Set clear extension policies, audit installed plugins regularly, and disable unnecessary ones—especially on devices used for business operations.

Stat of the Week

$100 million — The estimated revenue loss MGM Resorts suffered after the 2023 ransomware attack by Scattered Spider, demonstrating how a single social engineering breach can lead to massive financial fallout.

Final Thoughts

This week’s headlines underscore the shifting landscape of cyber threats—where human manipulation, sloppy software practices, and fragmented intelligence systems can each open the door to serious compromise. For SMBs, staying secure doesn’t require enterprise-scale budgets, but it does demand vigilance, basic cyber hygiene, and informed partnerships. Keep training your teams, vetting your tools, and aligning with providers who prioritize proactive defense.

Until next week—stay sharp and stay secure.

Have questions about your cybersecurity posture? Let’s talk.