Cyber Risks: Google’s Warning, Chrome’s Update, Ivanti's Flaws & Steam’s Leak

April marked a dark month for U.K. retailers as globally operating brand Marks & Spencer revealed it faced the brunt of a cyberattack—one that didn’t seem to find an end to the problems.

Initially, M&S said only some of its online services and a few stores were impacted by the attack and customers were safe. However, over multiple updates provided by the company, more functions were hit.

On May 13, 2025, Marks & Spencer said in a statement that the attackers also gained access to some personal customer data, which could include dates of birth, home addresses, telephone numbers, and more. However, it did clarify that usable payment, card details, and account passwords were not stolen. Furthermore, it mentioned that it didn’t believe any of this data was shared.

It wasn’t just M&S that was targeted in the U.K., with retailers Harrods and Co-op were also in the crosshairs of bad actors, believed to be Scattered Spider—which is a nickname for an interconnected group of hackers possessing different levels of sophistication.

Now, Google has warned that retailers in the United States were also at risk of being hit as the cyberattackers turn their attention to the country.

“US retailers should take note. These actors are aggressive, creative, and particularly effective at circumventing mature security programs,” said John Hultquist, an analyst at Google's cybersecurity arm, in a statement. Hultquist also named a Scattered Spider connection, a group that’s known for targeting a specific sector at a time.

In an unrelated move, Google looked to improve security in Windows by releasing a change to Chromium that “de-elevates” Google Chrome doesn’t allow it to run as Administrator. Chrome used to sometimes run with Administrator powers on Windows if you or another program launched it that way.

Microsoft realized this was risky—any file you download and open could then also get full system control—so back in 2019, they taught Edge to spot when it was running as admin and quietly relaunch itself without those extra rights.

Now, thanks to a patch just merged into Chromium’s code, Chrome will do exactly the same: if you or something else tries to start it with elevated (admin) privileges, it’ll automatically restart itself with normal user permissions to keep you safer. A command-line switch, “-do-not-de-elevate,” was added to prevent infinite relaunch loops, though the feature does not apply to automated processes requiring elevated rights.


Ahead of this, Ivanti revealed two zero-day vulnerabilities—CVE-2025-4427 and CVE-2025-4428—in its Endpoint Manager Mobile product, which have been exploited by bad actors before.

CVE-2025-4427 is an authentication bypass that allows attackers to access protected resources without proper credentials and comes with a CVSS severity score of 5.3 (Medium). CVE-2025-4428 is a remote code execution vulnerability that allows attackers to execute arbitrary code on the target system and comes with a CVSS severity score of 7.2 (High).

The affected versions of Ivanti Endpoint Manager Mobile include 11.12.0.4 and prior, 12.3.0.1 and prior, 12.4.0.1 and prior, and 12.5.0.0 and prior.

“When chained together, successful exploitation could lead to unauthenticated remote code execution,” reads the company’s security advisory. We are aware of a very limited number of customers whose solution has been exploited at the time of disclosure.”

Aside from this, gaming firm Steam confirmed that its users were affected by a major leak where a person going by the name of "Machine1337" sold data collected from around 89 million users.

This data included phone numbers, text metadata, and old Steam two-factor-authentication codes, which were essentially information from the past that was beyond its use-by date.

Early reports threw around cloud communications company Twilio’s name, which was quickly scratched off the list as Steam said it doesn’t use Twilio’s services, and Twilio confirmed it didn’t face a breach.

However, Steam also denied facing a breach or being at fault for the leak, and even said, “From a Steam perspective, customers do not need to change their passwords or phone numbers as a result of this event.”

All this comes as Steam’s developer, Valve, pushes to propel its proprietary Linux-based SteamOS operating system to handheld PCs beyond its Steam Deck. This came with the release of a new "SteamOS Compatible" label that is intended to specify if a game is supported on SteamOS.

According to Valve, more than 18,000 titles on Steam are expected to be marked “SteamOS compatible” when launched.

To make matters worse, a researcher has discovered a way to implant ransomware directly into a CPU.

Leveraging a critical flaw in AMD's Zen processors, Rapid7 analyst Christiaan Beek designed a way to exploit microcode updates meant to improve CPU reliability and performance, essentially allowing bad actors to beat any form of software-based defense.

Do you think the increasing rate of cybercrime is a cause for concern that cybersecurity companies need to pay more attention to?

Let us know in the comments below!