Cyber Briefing: 2025.05.07

Exploited IoT flaws, CMS vulnerabilities, and ransomware risks highlight rising threats across WordPress, Kibana, legal services, education networks, and global critical infrastructure.

May 07, 2025

Listen to our podcast here!

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this?

👉 What's trending in cybersecurity today?

Get Help

🚨 Cyber Alerts

1. Mirai Botnet Exploits Vulnerabilities in IoT

The resurgence of the Mirai botnet has exploited critical vulnerabilities in outdated GeoVision IoT devices. These flaws, disclosed in 2024, allow attackers to inject commands remotely and spread malware. Despite being known for months, many devices remain unpatched, creating significant risks. To mitigate these threats, organizations are urged to replace vulnerable devices and implement network segmentation and intrusion detection systems.

2. Critical Kibana Flaw Allows Code Execution

Elastic disclosed a critical vulnerability in Kibana, CVE-2025-25014, affecting multiple versions. The flaw, identified as prototype pollution, allows attackers to execute arbitrary code via crafted HTTP requests. The vulnerability impacts both self-hosted Kibana instances and Elastic Cloud deployments with Machine Learning and Reporting features enabled. Elastic recommends upgrading to the patched versions or disabling affected features to mitigate the risk.

3. New OttoKit Flaw Targets WordPress Sites

A new critical vulnerability in the OttoKit WordPress plugin has been actively exploited by attackers. This flaw allows attackers to gain administrative privileges on affected websites by bypassing authentication. The vulnerability, CVE-2025-27007, has a CVSS score of 9.8 and affects OttoKit installations that haven’t used an application password. Administrators are urged to update to OttoKit version 1.0.83 to patch both this vulnerability and a previous issue.

For more alerts, click here!

Check Jobs

💥 Cyber Incidents

4. UK Legal Aid Agency Faces Cyber Incident

The Legal Aid Agency (LAA) in the UK is investigating a security incident that may have compromised financial data. The breach could affect nearly 2,000 legal aid providers, including law firms and nonprofit organizations. While the LAA cannot confirm which data was accessed, they warned that payment information may be at risk. The National Crime Agency and National Cyber Security Centre are investigating the incident to assess the damage and implement necessary security measures.

5. South African Airways Hit by Cyberattack

South African Airways (SAA) faced a significant cyberattack on 3 May, which led to disruptions in access to its website, mobile app, and several internal systems. Upon detecting the breach, SAA swiftly activated its disaster management and business continuity protocols, successfully minimizing disruption to its core flight operations. Despite the cyber incident, essential customer service channels, including the airline's call centers and sales offices, continued to operate normally.

6. Coweta County School System Cyberattack

The Coweta County School System in Georgia faced a significant cyberattack that impacted its network, affecting services for around 23,000 students. The attack was detected on Friday evening, and as a result, many internal systems were temporarily shut down. While school operations like WiFi, Chromebooks, and phone systems remained unaffected, employees were instructed to avoid using desktop devices during the investigation. The district is collaborating with cybersecurity experts and law enforcement to assess the situation and ensure no personal data, including student and employee information, was compromised.

For more incidents, click here!

Check Tools

📢 Cyber News

7. NATO Hosts Locked Shields 2025 Cyber Defense

NATO’s Cooperative Cyber Defence Centre of Excellence in Tallinn is hosting the Locked Shields 2025 exercise. Nearly 4,000 experts from 41 nations are participating in one of the world’s most complex cybersecurity drills. The exercise tests teams on defending critical infrastructure and national systems against sophisticated cyberattacks. With challenges involving quantum computing, AI, disinformation, and legal matters, the event prepares nations for evolving cyber threats.

8. NSO Group to Pay $167 Million to WhatsApp

A Northern California jury has ordered NSO Group to pay $167 million in punitive damages to WhatsApp. This follows a Meta lawsuit filed in 2019, accusing the spyware manufacturer of repeatedly hacking users with its Pegasus spyware. The jury also awarded WhatsApp $445,000 in compensatory damages for the company's efforts to block the attacks. The ruling is a major victory for digital freedom advocates, though some experts warn the spyware threat will continue despite NSO's potential bankruptcy.

9. Nomad Thief Arrested for Role in Crypto Hack

Alexander Gurevich, a 47-year-old dual Russian-Israeli citizen, was arrested at Ben-Gurion Airport after attempting to flee Israel under a new identity. Gurevich is accused of involvement in a significant 2022 cryptocurrency hack that targeted Nomad, a US-based blockchain company, resulting in losses of nearly $190 million. He allegedly exploited a vulnerability in the company’s system, stealing $2.89 million in digital tokens before others took advantage of the flaw. After contacting Nomad’s CTO and demanding a $500,000 reward for identifying the vulnerability, Gurevich is now facing extradition to the US, where charges of computer crimes, money laundering, and stolen property await him.

For more news, click here

📈Cyber Stocks

💡 Cyber Tip

Patch WordPress Plugins Immediately to Prevent Privilege Escalation

Attackers are actively exploiting a critical flaw in the OttoKit plugin to gain admin access and bypass authentication on vulnerable websites.

✅ Actions You Should Take:

Update to OttoKit v1.0.83 or higher – This version patches the vulnerability (CVE-2025-27007).
Review admin accounts – Check for unauthorized user creation or privilege changes.
Monitor access logs – Look for unusual login activity or failed login attempts.

Why it matters: Delayed patching of widely used CMS plugins can give attackers full control over your website, endangering both your users and your data.