Cyber Briefing: 2025.05.05

Critical exploits, supply chain attacks, and ransomware operations expose destructive tools, data leaks, and global threats across Linux, e-commerce, education, and government infrastructure.

May 05, 2025

Listen to our podcast here!

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this?

👉 What's happening in cybersecurity today?

Get Help

🚨 Cyber Alerts

1. Malicious Go Modules Target Linux Systems

Cybersecurity researchers discovered three malicious Go modules that target Linux systems with destructive payloads. These modules, named prototransform, go-mcp, and tlsproxy, fetch remote scripts to overwrite primary disks, making systems unbootable. The payloads are designed to erase all data irreversibly, posing significant risks to affected environments. Researchers also uncovered malicious npm and PyPI packages targeting cryptocurrency wallets and leveraging Gmail for covert communications.

2. Magento Backdoor Affects E-Commerce Stores

A supply chain attack involving 21 backdoored Magento extensions has compromised 500 to 1,000 e-commerce stores, including one for a $40 billion multinational company. Sansec found that the malicious code, implanted as early as 2019, was activated only in April 2025. The backdoor allows attackers to remotely upload and execute arbitrary PHP code, leading to serious consequences like data theft and skimming. Users are advised to scan for indicators of compromise and restore from clean backups to mitigate risks.

3. SonicBoom Attack Exposes Critical Systems

SonicBoom is a critical attack chain that targets enterprise appliances like SonicWall SMA and Commvault backup systems. The attack leverages pre-authentication vulnerabilities and server-side request forgery (SSRF) to bypass authentication and gain unauthorized access. Attackers can then use arbitrary file writes to deploy malicious files, ultimately achieving remote code execution with administrative privileges. This exploit allows attackers to install programs, steal sensitive data, and further compromise the network, making immediate remediation, including patching and auditing, essential for preventing catastrophic breaches.

For more alerts click here!

Check Jobs

💥 Cyber Incidents

4. Raw Dating App Exposes User Data Through Bug

A major security flaw in the Raw dating app exposed sensitive user data, including personal preferences, birthdates, and precise location details. TechCrunch discovered that an insecure direct object reference vulnerability allowed easy access to this data, with no authentication checks in place. Despite claiming to use end-to-end encryption, the app failed to secure user information, putting users at risk of data exposure. Raw addressed the issue shortly after being notified, securing the vulnerable endpoints and promising to enhance safeguards.

5. Romanian Government Websites Hit by DDoS Attack

On May 4, 2025, the official websites of Romania's Ministry of Interior and Ministry of Justice were attacked by the pro-Russian hacker group NoName 0 5 7. The group claimed responsibility for the DDoS attack that caused disruptions to several key websites, including those of government institutions and political candidates. The attack was confirmed by the National Directorate for Cyber Security, which later restored the affected websites. NoName057, a hacker group known for its pro-Kremlin activities, has been involved in similar attacks targeting various countries worldwide.

6. Fowler School District Hit by Cyberattack

The Fowler Elementary School District in Phoenix, Arizona, was targeted by the Interlock ransomware group. The attack allegedly compromised 400 gigabytes of sensitive data, including personal information of students and staff. The group posted images and a directory structure of the leaked files, though their authenticity remains unverified. With no official response from the district, concerns about the potential public release of the data continue to grow.

For more incidents click here!

Discover Tools

📢 Cyber News

7. TikTok Fined $600M Over EU Data Violations

TikTok was fined €530 million ($600 million) by Ireland’s Data Protection Commission for breaching GDPR rules. The company failed to demonstrate that its Chinese staff adhered to strict EU data protection laws when accessing European user data. TikTok had also misrepresented to the DPC that it didn’t store European users' data on Chinese servers, later admitting that some data was indeed stored there. Despite updating its privacy policy in 2022, the company failed to disclose that staff in China had remote access to personal data stored in Singapore and the United States, violating GDPR transparency requirements.

8. US Targets Huione Group for Cybercrime Links

The U.S. Treasury Department has proposed severing Huione Group’s access to the U.S. financial system due to its involvement in laundering illicit funds. The group, based in Cambodia, has been implicated in laundering over $4 billion, including money linked to North Korean state-backed cybercrime activities and Southeast Asian investment scams. The Financial Crimes Enforcement Network (FinCEN) found that Huione facilitated fraud by handling transactions through platforms such as Huione Guarantee and Huione Pay, both of which played significant roles in the expanding cybercrime industry.

9. US Charges Yemeni Man Over Ransomware Attack

In May 2025, the U.S. Department of Justice charged Rami Khaled Ahmed for deploying Black Kingdom ransomware. The ransomware targeted businesses, schools, and medical services from March 2021 to June 2023. Ahmed exploited vulnerabilities in Microsoft Exchange Server to execute the attack, infecting around 1,500 systems. If convicted, Ahmed faces up to five years in federal prison for each charge, with the FBI leading the investigation.

For more news click here!

📈Cyber Stocks

💡 Cyber Tip

Audit Magento Extensions for Long-Dormant Backdoors

A supply chain attack injected malicious code into 21 Magento extensions, lying dormant for years before activation, compromising hundreds of e-commerce stores.

✅ Actions You Should Take:

Scan all Magento extensions – Check for unauthorized code or unexpected file changes, especially in long-standing modules.
Use integrity monitoring tools – Track changes to extension files and compare them to trusted baselines.
Restore from clean backups – If compromise is suspected, revert to known-safe backups and revalidate extensions before reinstallation.

Why it matters: Even trusted extensions can silently harbor backdoors for years, posing risks to customer data, payment systems, and brand trust.