Monthly Security Bulletin – May 2025

This month’s security bulletin hot topics:

1. New Windows 11 trick lets you bypass Microsoft Account requirement

2. Cisco warns of CSLU backdoor admin account used in attacks

3. Verizon Call Filter API flaw exposed customers’ incoming call history

4. Windows 11 24H2 blocked on PCs with code-obfuscation driver BSODs

5. Microsoft delays WSUS driver sync deprecation indefinitely

6. EncryptHub’s dual life: Cybercriminal vs Windows bug-bounty researcher

7. Arguing Against CALEA

8. Phishing kits now vet victims in real-time before stealing credentials

9. Microsoft investigates global Exchange Admin Center outage

10. Meta to resume AI training on content shared by Europeans

11. Funding Expires for Key Cyber Vulnerability Database

12. CVE Program Almost Unfunded

13. Over 16,000 Fortinet devices compromised with symlink backdoor

14. New Windows Server emergency updates fix container launch issue

15. Age Verification Using Facial Scans

16. Critical Erlang/OTP SSH RCE bug now has public exploits, patch now

17. Lumma Stealer – Tracking distribution channels

18. DOGE Worker’s Code Supports NLRB Whistleblower