Napoleon Dynamite earned $46 million on a $400,000 budget—a 115x return on amateur filmmaking in rural Idaho. Cellcom's week-long service blackout left customers without texts or calls while executives spent days crafting the perfect lie, upgrading from "technical issue" to "cyber incident."

A quirky indie film delivered pure entertainment with pocket change and honesty. A major telecom couldn't deliver basic SMS service or basic truth with millions in infrastructure and PR consultants.

Apparently, good comedy and corporate transparency both require better scripts.

🔝 Top Stories

Microsoft's May Massacre: Five Zero-Days Already Exploited

Redmond dropped its May security updates, "fixing" 72 flaws, but not before five zero-days were caught running wild, mostly elevation of privilege bugs letting attackers snatch SYSTEM access. CISA's already screaming at Feds to patch these actively exploited holes by June 3rd, because apparently, waiting is for chumps.
📰 BleepingComputer / CrowdStrike

Chrome Zero-Day Actively Leaking Cross-Origin Data

Google rushed out an emergency patch for Chrome after zero-day CVE-2025-4664 was found actively leaking sensitive cross-origin data thanks to sloppy policy enforcement in its loader. Attackers are already abusing this to potentially swipe your precious OAuth tokens, proving once again that "secure browser" is an optimistic marketing term.
📰 Chrome Releases

Commvault Zero-Day: Nation-States Eye M365 Backups

CISA's sounding the alarm over a suspected nation-state campaign hitting SaaS platforms, with Commvault's Azure-hosted Metallic M365 backup solution potentially compromised via a nasty RCE zero-day (CVE-2025-3928). Attackers were apparently aiming to swipe app credentials to waltz right into customer M365 environments, making "cloud backup" sound a lot like "conveniently aggregated target."
📰 CISA / The Register

Steel Giant Nucor Hammered, Production Halted

America's biggest steel producer, Nucor Corp, got smacked by hackers, forcing them to "proactively halt" production at various plants after spotting unauthorized IT system access. They dutifully filed an 8-K with the SEC but kept mum on who was twisting their digital girders, though federal law enforcement is now poking around the slag heap.
📰 Nucor SEC Filing / Industrial Cyber

Week-Long Outage Gets Corporate Rebranding at Cellcom

After days of customers in Wisconsin and Michigan enjoying the sound of silence (and no texts), Cellcom's CEO finally admitted their massive service outage was a "cyber incident," not just a "technical issue." While voice and SMS got hammered, they assure everyone there's "no evidence" personal data was touched – a classic "trust us, bro" from the telco playbook.
📰 Cellcom / SecurityWeek

⚡ Other Headlines

• UK Legal Aid Agency Admits Massive PII Leak GOV.UK

• Arla Foods' Dairy Production Curdled by Attack BleepingComputer

• Interlock Ransomware Cripples Kettering Health Fierce Healthcare

• SKT's 3-Year Malware Party Exposed 27M Records BleepingComputer

• FBI Warns: LummaC2 Stealer Targets U.S. Critical Infra CISA

• FBI: AI Deepfakes Now Impersonating Officials FBI IC3

• Silent Ransom Group Phishing Law Firms, FBI Warns FBI PIN

• ASUS DriverHub Offered Easy RCE via Fake Updates ASUS Advisory

• WordPress "Motors" Theme Bug Hijacked 22K Sites Wordfence

• BitLocker "Bitpixie" PoC Bypasses Encryption Sans PIN Zendata

• SideWinder APT Slings StealerBot at South Asian Govts Acronis

• China’s "UnsolicitedBooker" Deploys MarsSnake Backdoor ESET

• 3AM Ransomware Adds Vishing, Email Bombs, QEMU Stealth Sophos

• Procolored Printers Shipped Malware for Months G Data

• Fileless Remcos RAT Sneaks Via LNK Files CyberStash

• KrebsOnSecurity Soaked by 6.3 Tbps DDoS Wave KrebsOnSecurity

• Unit 42: AI Attacks & Insider Threats 3x in 2024 Unit 42

SK Telecom: Three-Year Sieve

• Nearly three years. That's how long SK Telecom let hackers squat in their network, utterly unnoticed.

• For South Korea's largest telco, server logging was apparently an optional extra - for a crucial two-and-a-half-year stretch.

• Just 27 million USIM records, complete with authentication keys, slipped out. Pocket change, really.

• While competitors were fortifying their defenses, SKT was reportedly slashing its cybersecurity budget. Bold strategy.

SK Telecom didn't just suffer a data breach; they hosted a nearly three-year slumber party for sophisticated attackers.

While the telecom giant was presumably dreaming of 6G utopia and AI wizardry, intruders were methodically vacuuming up the digital identities of a significant chunk of a nation. Personal data, USIM authentication keys, the works.

For an estimated 27 million subscribers, their SIM cards became ticking time bombs.

This wasn't a sophisticated, blink-and-you-miss-it intrusion. This was a massive failure of basic security bordering on corporate narcolepsy.

The Unseen Occupation

The unwelcome guests checked in on June 15, 2022, planting a web shell on an SK Telecom server. This marked day one of an almost three-year heist.

Their weapon of choice included BPFdoor, a backdoor so stealthy it's a known favorite of state-linked operatives. Not just one, but 24 variants were found lounging on SKT's compromised servers. Clearly, the attackers valued variety.

From this beachhead, they didn't just poke around. They burrowed deep into the core, compromising SK Telecom's Home Subscriber Server (HSS).

The HSS isn't just another server; it's the vault where subscriber profiles and critical authentication data live. Accessing it is like getting the master key to the entire mobile network.

And they got it.

The Great Logging Vanishing Act

Here's where incompetence transcends into art. For nearly two and a half years - from the initial infection in June 2022 until December 2024 - SK Telecom effectively operated with its eyes wide shut.

There were no server logs for this vast period on the affected systems.

An eternity of digital darkness, where attackers could roam, pillage, and exfiltrate gigabytes of sensitive data without leaving a trace in the server records.

This wasn't misplacing a file; this was torching the entire filing cabinet and then forgetting what cabinets were for.

Investigators attempting to reconstruct the full scope of the initial compromise faced a forensic black hole, a testament to an epic failure in basic security hygiene.

The "Our Bad, But Here's a New SIM" Charade

Fast forward to April 2025. SK Telecom's systems finally detected "abnormal activities." Translation: the house alarm went off after the burglars had already redecorated and moved out.

The damage? Oh, just around 9.82 gigabytes of USIM-related data, covering those 27 million IMSI records. This haul included the all-important USIM authentication keys, plus a treasure trove of PII: names, birthdates, phone numbers, and email addresses.

SK Telecom's grand response involved a nationwide free SIM replacement program (which initially suffered from card shortages, naturally). They also rolled out an "upgraded" Fraud Detection System - FDS 2.0 - because version 1.0 had evidently been on an extended coffee break.

To cap it off, SK Group's Chairman publicly framed the catastrophe as a "matter of national defence." Indeed. Defending the nation, presumably, from SK Telecom's own terrible security practices.

The Steep Price of Digital Napping

The fallout was as predictable as it was brutal.

SK Telecom's stock value nose-dived. Hundreds of thousands of subscribers, not particularly thrilled that their digital lives had been laid bare, stampeded to competitors.

The projected long-term financial hemorrhage? A cool 7 trillion won (around $5 billion USD). That's an eye-watering sum for what amounts to sleeping on the job.

And the kicker? During the years this intrusion festered, SK Telecom had reportedly slashed its cybersecurity spending, while its rivals, having learned from their own past stumbles, were investing more.

Complacency, it turns out, carries a hefty price tag.

SK Telecom didn't just drop the ball. They deflated it, buried it, and forgot the map.

This wasn't just a breach.

It was a nearly three-year failure, plain and simple.

Did You Know?

Look, you made it this far down the email. You're clearly committed... or just procrastinating exceptionally well. Either way, since you're here, might as well loop in some friends or coworkers…

Refer 3 new victims - err, friends & coworkers - using your unique link below. 

If they subscribe, we'll send you an exclusive Dumpster Fire sticker. It’s the perfect visual metaphor for gestures broadly at everything.... well, you know.

Want one?

(You currently have 0 referrals.)

Copy and paste this link:

https://www.cybersizzler.com/subscribe?ref=PLACEHOLDER

Or click the Share Button (we won't tell anyone it wasn't manual. Maybe.):

It’s arguably more valuable than most security awareness training.
Regardless, you get a sticker.

More Clicking Required

You read the whole thing?

Actually?

Huh. Well... that's commitment.

Or avoidance. Either way, we're impressed and slightly concerned.

Time to make this someone else's problem. Forward it to whoever keeps insisting your "minor incident" was just a configuration hiccup. Or drop it in that Slack channel where people share security theater memes. Your IT director needs to see SK Telecom's three-year nap story, and we both know they won't find it themselves.

Enough stalling. There's a poll below.

Engage with it. 

We're not asking for your life story, just a simple click.

- Dave
Sizzler Out. //