What’s the cost of a Counter-Strike skin? Apparently $1.2 million.
This episode is packed with cyber stories, from fake AI tools and North Korean fraud to deepfake investment scams and dodgy booking messages. We also look at the UK government’s Windows 3.1 problem, Steam's not-so-scary leak, and why your Windows 10 machine just got a few more years of life.

Let’s break it all down...

🎮 Steam Panic That Wasn't
Reports claimed 89 million Steam accounts were leaked, but Valve confirmed no breach. Just some expired SMS codes with no link to passwords or account info. Nothing to do here—but maybe time to stop relying on text messages for your 2FA.

🪟 Microsoft Extends Windows 10 Support
Microsoft’s changed its mind. Office apps and Defender on Windows 10 will now be supported until 2028. That gives users more time to upgrade and hopefully means fewer devices heading straight to landfill.

🧥 Dior Breach: Names, Numbers, and Purchase Histories
No credit cards stolen, but Dior confirmed customer data was exposed in South Korea and China. Just another reminder that even luxury brands are vulnerable. Support your users if they’re affected, especially when it comes to phishing risks.

💣 North Korean Freelancers Infiltrate Tech Firms
Using fake LinkedIn and Upwork profiles, North Korean operatives posed as US tech workers and raked in $88 million—straight into missile funding. This wasn’t hacking. It was hiring fraud. And it worked.

🧠 AI Malware Masquerades as AI Video Tools
Fake ads for video generators like "Dream Machine" are tricking people into downloading a new info-stealer called Noodlophile. Spoiler: it steals everything. Don’t download tools from Facebook ads. Ever.

🏛️ Government Still Using Windows 3.1
A new report found that 28% of public sector IT systems are outdated, with some still running Windows 3.1. That’s software from the 90s, unsupported since 2001. Apparently we’re aiming to fix that... by 2030.

📱 Google Pushes Passkeys and Scam Protection
Android 16 brings scam detection right to your device and warns users if they open a banking app while on a dodgy call. Google is also testing a feature to convert saved passwords into passkeys automatically. Passwords, your days are numbered.

🧠 The Awareness Angle – This Week's Takeaways

• Trust Is the Attack Vector – From North Korea’s job scams to fake Booking.com chats, social engineering is the real risk. Tech is just the delivery method.

• Old Systems, Big Risks – If your infrastructure is still running legacy systems, it’s not just inefficient. It’s vulnerable.

• Training That Doesn’t Stick – Abnormal Security’s latest report says SAT is effort-heavy and impact-light. Maybe it’s time to rethink how we engage people.

🎙️ Quick Plugs

• We’ve been nominated for the European Cybersecurity Blogger Awards! Voting’s open until 27th May. Vote for us at riskycreative.com

• Our interview with Amy Stokes-Waters from The Cyber Escape Room Co. drops this Thursday. It’s full of fun, reality checks, and a bit of colourful language. Headphones advised!

Microsoft's Windows 10 U-Turn – Support extended to 2028
Watch the discussion - https://youtu.be/1gP3YwQD1ew?t=290
Read - https://www.extremetech.com/computing/microsoft-extends-windows-10-support-for-office-apps-until-2028

Google Starts Auto-Upgrading Your Passwords to Passkeys
Watch - https://youtu.be/1gP3YwQD1ew?t=1728
Read - https://www.androidpolice.com/google-may-auto-convert-passwords-to-passkeys-on-android/

North Korean Hackers Infiltrate US Tech Companies
Watch the discussion - https://youtu.be/1gP3YwQD1ew?t=1100
Read more - https://hackread.com/north-korean-hackers-stole-88m-posing-us-tech-workers/

Steam “Leak” of Expired SMS Codes
Watch – https://youtu.be/1gP3YwQD1ew?t=460
Read – https://www.bleepingcomputer.com/news/security/steam-user-data-leak-just-expired-verification-codes/

Dior Cyberattack – Customer Data Exposed
Watch – https://youtu.be/1gP3YwQD1ew?t=646
Read – https://www.bleepingcomputer.com/news/security/dior-discloses-data-breach-customer-purchase-data-exposed/

Co-op and M&S Cyber Incidents
Watch – https://youtu.be/1gP3YwQD1ew?t=729
Read – https://www.bbc.co.uk/news/articles/cwy382w9eglo

Fake AI Tools Spreading Noodlophile Malware
Watch - https://youtu.be/1gP3YwQD1ew?t=1292
Read - https://www.bleepingcomputer.com/news/security/fake-ai-tools-spread-noodlophile-malware-stealing-data/

UK Government Still Running Windows 3.1
Watch – https://youtu.be/1gP3YwQD1ew?t=1536
Read - https://www.theregister.com/2025/05/10/uk_cybersecurity_legacy_systems_report/

Android 16 Adds Scam Detection and USB Lockdown
Watch – https://youtu.be/1gP3YwQD1ew?t=1859
Read – https://www.cyberscoop.com/google-android-16-security-anti-scam/

Booking.com Chat Scam Targeting Travellers
Watch – https://youtu.be/1gP3YwQD1ew?t=3090
Read – https://vm.tiktok.com/ZNd6sahwo/

GoDaddy’s Fake Bonus Phishing Test (2020 Throwback)
Watch – https://youtu.be/1gP3YwQD1ew?t=3490
Read – https://www.cbsnews.com/news/godaddy-apologizes-insensitive-phishing-email-offering-bonuses/

Phishing Passkeys Using Device Code Flow
Watch – https://youtu.be/1gP3YwQD1ew?t=1957
Read – https://denniskniep.github.io/posts/09-device-code-phishing/

Abnormal Security Awareness Report
Watch – https://youtu.be/1gP3YwQD1ew?t=2055
Read – https://abnormal.ai/resources/state-of-security-awareness-training