Last week in cybersecurity (May 25 - 31): Alarms on Microsoft, Palo Alto vulnerabilities and ChatGPT risks

Looking back at last week in cybersecurity at the end of May 2026, the global and domestic digital landscapes recorded dangerous fluctuations. In Vietnam, enterprise networks suffered over 11.4 million RDP attacks and 322,821 spyware infections. Globally, zero-day vulnerabilities from Palo Alto and Microsoft were continuously exploited, alongside the exposure of sensitive data via ChatGPT, DeepSeek, and the illicit sale of 340 million OnlyFans accounts.

Last week in cybersecurity in Vietnam: What risks do domestic organizations face?

Enterprises and organizations in Vietnam are prime targets for spyware and remote attacks in Southeast Asia, demanding an urgent shift towards a proactive defense mindset and compliance with new security regulations.

• Data breach at two Ministerial agencies: VNCERT is currently handling an incident where millions of data records were stolen from the systems of two ministerial-level agencies. Notably, the Security Operations Centers (SOC) failed to detect the intrusion effectively due to a severe shortage of operational personnel.

See detail: https://www.ipsip.vn/en/post/hackers-steal-sensitive-data-in-serious-attacks-on-two-ministerial-level-agencies

• Peak RDP and spyware attacks: A Kaspersky report indicates that Vietnam leads Southeast Asia with 11,420,252 attacks targeting the Remote Desktop Protocol (RDP). Simultaneously, domestic organizations suffered 322,821 spyware attacks targeting internal networks, an 8% increase compared to the previous year.

See detail: https://www.ipsip.vn/en/post/over-11-million-cyberattacks-vietnam-enterprise-ranking

• The Perils of "cracked" software: The habit of using cracked software (typically pirated WinRAR) in small businesses inadvertently disables the operating system's antivirus barriers, leaving the door wide open for Infostealers to infiltrate and seize control.

• VSS 2026 & The quantum threat: At the Vietnam Security Summit 2026, national security experts warned that the rapid advancement of quantum computing will soon weaken traditional encryption systems, compelling Vietnam to build a proactive defense ecosystem.

See detail: https://www.ipsip.vn/en/post/ipsip-vietnam-attends-vietnam-securit-ysummit-2026

• The 2025 cybersecurity law: The Law on Cybersecurity 2025 (effective July 1, 2026) places personal data protection at its core. The legislation establishes a mechanism requiring cross-border platforms to remove violating content within a maximum of 24 hours.

See detail: https://www.ipsip.vn/en/post/vietnam-cybersecurity-law-2025-enterprise-data-protection

Global updates from last week in cybersecurity: Crises at Palo Alto, Microsoft, and AI Platforms

Global organizations are facing a record drop in confidence from Chief Information Security Officers (CISOs) due to an explosion of vulnerability exploits and risks stemming from artificial intelligence tools.

Vulnerability Exploits and Cyberattacks

• Palo Alto VPN exploitation: The CVE-2026-0257 vulnerability on Palo Alto Networks' GlobalProtect VPN platform is being actively exploited in the wild to forge cookies and infiltrate corporate internal networks. This incident prompted CISA to add the flaw to its KEV catalog.

• Microsoft's rrgent SharePoint patch & Zero-day controversy: Microsoft recently had to patch a highly critical remote code execution (RCE) vulnerability tracked as CVE-2026-45659 on the SharePoint platform. Concurrently, the tech giant was embroiled in a fierce controversy when a researcher publicly disclosed several dangerous zero-day flaws (affecting Defender and BitLocker) on GitHub without prior notice.

• AI-Powered DDoS attacks: Cybercriminals are automating vulnerability scanning with AI to launch high-speed distributed denial-of-service (DDoS) attacks, capable of taking down enterprise websites in mere minutes.

Alarms on AI Risks and Non-Human identities

Sensitive data leaked via ChatGPT & DeepSeek: LayerX's report emphasizes that AI risk is heavily concentrated among 5% of "power users". DeepSeek (12.63%) and ChatGPT (8.38%) are the two platforms with the highest rates of enterprise sensitive data exposure.

• The "LLMShare" campaign: Threat actors are abusing ChatGPT's link-sharing feature to host fake system outage pages, tricking users into downloading malware disguised as a ChatGPT desktop application.

• KPMG & NASCIO CISO reports: The confidence of state CISOs in the U.S. has plummeted from 48% to just 22%. Furthermore, the KPMG 2026 report warns that managing non-human identities (AI agents, service accounts) is now a top risk, as their numbers have far surpassed human users.

Data leaks & Online scams

• 340 million OnlyFans records for sale: A hacker group claims to possess a massive database from the 18+ platform OnlyFans, including emails, social media profiles, and payment data, creating a severe extortion risk directly targeting content creators.

• FIFA World Cup 2026 scams: The FBI warns of numerous websites impersonating the FIFA soccer portal (using misspelled domains like fiffa.com) to sell fake tickets and steal fans' credit card information.

• New protection feature from Google Chrome: To combat session hijacking, Google has officially rolled out the Device Bound Session Credentials (DBSC) feature, which cryptographically links cookies directly to a device's hardware security chip.

Why should businesses choose protective solutions from IPSIP Vietnam?

Facing the evolving threats highlighted in last week in cybersecurity, businesses require proactive monitoring capabilities with high precision and international standards to comprehensively protect their digital infrastructure.

The ecosystem from IPSIP Vietnam delivers a robust defense platform with superior protection capabilities:

• Early prediction 18 days in advance: Integrating the PreCrime platform from strategic partner BforeAI, the system utilizes behavioral AI technology to predict malicious spoofing campaigns up to 18 days in advance.

• Eradication before outbreak: The automated takedown process thoroughly resolves 93% of impersonation cases before scam content can appear on the internet.

• International standard operational capacity: With over 15 years of experience inherited from France and a team of more than 80 experts, IPSIP provides 24/7 NOC/SOC infrastructure monitoring services. The system meets rigorous certifications such as ISO 27001:2022 and SOC 2 Type II, committing to maximum security for enterprise data.

Continuously updating the events from last week in cybersecurity is a vital step for any organization. Instead of responding passively, investing in intelligent monitoring and prediction systems from cybersecurity experts is the iron shield that helps businesses eliminate risks in their infancy and maintain a sustainable competitive advantage.