Cyber Briefing: 2025.05.02

New scams, sandbox bypasses, and supply chain threats reveal evolving malware, privacy risks, and data breaches across macOS, PyPI, education, retail, and global surveillance systems.

May 02, 2025

Listen to our podcast here!

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this?

👉 What are the latest cybersecurity alerts, incidents, and news?

Get Help

🚨 Cyber Alerts

1. Scammers Are Targeting Self Service Sites

The FBI has issued a warning about a growing scam targeting users of employee self-service websites. Cyber criminals are using search engine ads to direct individuals to fake sites designed to capture sensitive information such as login credentials and financial details. The fraudsters have shifted their focus from small businesses to targeting payroll, unemployment programs, and health savings accounts, directly impacting individuals' finances. Once the criminals gain access, they can carry out fraudulent activities, including wire transfers, redirecting paychecks, and using stolen identities for further crimes.

2. macOS Flaw Lets Hackers Bypass Sandbox

A critical vulnerability in macOS allows attackers to bypass the App Sandbox protection by exploiting security-scoped bookmarks. This flaw enables malicious actors to delete and replace keychain entries, which are essential for maintaining the system’s security boundaries. By crafting malicious bookmarks and injecting them into the system, attackers can bypass sandbox restrictions and access sensitive files without user consent. Apple has addressed the issue with security updates for affected systems and urges users to apply them promptly to mitigate potential risks.

3. PyPI Attack Uses Gmail to Exfiltrate Data

A sophisticated software supply chain attack exploited PyPI repositories to distribute seven malicious packages, amassing over 55,000 downloads. These packages used Google’s SMTP infrastructure to create a stealthy bidirectional tunnel for command-and-control, bypassing traditional security measures. Once deployed, the malware allowed attackers to remotely access internal APIs, dashboards, and admin panels, execute commands, and exfiltrate sensitive data.

For more alerts click here!

Check Jobs

💥 Cyber Incidents

4. Harrods Cyberattack Limits Internet Access

Harrods, a luxury department store in London, recently faced a cyberattack attempt, leading to restricted internet access. Despite this, the store's flagship location and online sales remained operational, and customers were advised to continue as normal. This attack comes shortly after similar incidents targeted Marks & Spencer and the Co-op in the UK, with M&S facing a significant ransomware attack. Experts warn that the frequency of these attacks highlights the growing vulnerability of retailers to cyber threats.

5. Stuttgart Website Down Due to Cyberattack

A cyberattack temporarily disrupted the Stuttgart city administration website in Germany, causing limited accessibility. The city took the site offline as a precaution on Tuesday evening, and it was restored by the afternoon. The attack, identified as a Distributed Denial of Service (DDoS) attack, flooded the site with excessive traffic, overwhelming its servers. Despite this, other city systems remained unaffected and continued to operate normally. The city administration is working diligently to secure the website and prevent similar attacks from impacting services in the future.

6. Bartlesville Schools Hit by Cyberattack

A cyberattack targeted Bartlesville Public Schools in Oklahoma, disabling much of the district's computer network. As a result, the district had to cancel state testing and postpone it until the issue is resolved. While essential services like phones, life safety systems, and Chromebooks with hotspots continued to function, many systems were rendered inoperable. The district launched an investigation with external cybersecurity professionals, but no updates on sensitive data compromise or the length of the outage have been provided yet.

For more incidents click here!

Report Incident

📢 Cyber News

7. Apple Alerts Users Worldwide of Spyware

Apple notified users in 100 countries this week, warning them that their phones were targeted by advanced commercial spyware. Among those who received notifications were Italian journalist Cyrus Pellegrino and Dutch activist Eva Vlaardingerbroek, both of whom acknowledged the attack. The spyware’s origins are unclear, but Pellegrino suspects it is linked to a previous wave of Paragon attacks reported in January. Apple’s notifications highlight the severity of mercenary spyware, which can give attackers full access to victims' devices without their knowledge or consent.

8. UK and Canada Demand Data Protection

As 23andMe undergoes bankruptcy proceedings, UK and Canadian regulators have raised alarms over customer data. On May 1, 2025, the UK's Information Commissioner’s Office and Office of the Privacy Commissioner of Canada jointly called for the protection of sensitive personal information during and after the sale process. They warned potential buyers that failure to comply with data protection laws such as GDPR and PIPEDA could result in enforcement actions. The joint letter comes after the company faced significant scrutiny following a 2023 data breach that impacted millions.

9. Ukrainian Extradited to US Over Cyberattacks

A Ukrainian national, Artem Stryzhak, was extradited from Spain to the United States on April 30, 2025, to face charges related to his involvement in Nefilim ransomware attacks. The U.S. Department of Justice states that Stryzhak, 35, became an affiliate of the Nefilim group in 2021 and participated in attacks targeting high-revenue companies in countries including the U.S., Norway, France, and Germany. These attacks involved breaching corporate networks, stealing sensitive data, and demanding ransom payment

For more news click here!

📈Cyber Stocks

💡 Cyber Tip

Beware of Fake Self-Service Portals in Search Ads

Scammers are using malicious ads to mimic employee self-service portals, stealing login credentials and financial data.

✅ Actions You Should Take:

Use official links – Always access payroll and benefits portals via bookmarked URLs or official company intranets.
Check the domain – Verify the URL before entering any personal information.
Educate employees – Train staff to spot fake portals and avoid clicking on sponsored links in search results.

Why it matters: These lookalike sites are highly convincing and bypass traditional security filters, leading to paycheck theft, wire fraud, and identity misuse.