Cyber Briefing: 2025.05.08

Targeted phishing, critical vulnerabilities, and malware operations expose data theft risks and system disruptions across telecom, defense, finance, and education sectors.

May 08, 2025

Listen to our podcast here!

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this?

👉 What's going on in the cyber world today?

Get Help

🚨 Cyber Alerts

1. COLDRIVER Hackers Target Sensitive Data

A Russian threat actor, COLDRIVER, has launched a malware campaign targeting diplomats and defense contractors. The malware, known as LOSTKEYS, is designed for data exfiltration, focusing on sensitive documents and communications. It spreads through spear-phishing emails containing weaponized attachments that exploit vulnerabilities in office software. The malware uses sophisticated obfuscation techniques to avoid detection and maintain persistence on infected systems.

2. Cisco Fixes Flaw in IOS Wireless Controller

Cisco has released software updates to address a critical vulnerability in its IOS XE Wireless Controller, tracked as CVE-2025-20188, which has been rated 10.0 on the CVSS scale. The vulnerability arises from a hard-coded JSON Web Token (JWT) on affected systems, allowing an unauthenticated remote attacker to exploit it by sending specially crafted HTTPS requests to the AP image download interface. If successfully exploited, the attacker could upload arbitrary files, perform path traversal, and execute commands with root privileges.

3. CoGUI Targets Consumer and Finance Brands

The CoGUI phishing framework has been actively targeting organizations in Japan since October 2024, sending millions of phishing messages. The kit impersonates popular brands like Amazon, PayPay, and Rakuten, tricking users into disclosing sensitive information such as login credentials and payment details. Its sophisticated evasion techniques, including browser profiling and geofencing, help it evade automated detection systems, making it highly effective.

For more alerts, click here!

Check Jobs

💥 Cyber Incidents

4. Masimo Cyberattack Disrupts Manufacturing

Masimo, a leading medical device manufacturer, reported a cyberattack that began on April 27, impacting its ability to process and ship customer orders. The company stated that several of its manufacturing facilities were operating below normal capacity, causing delays in order fulfillment. Since the attack, Masimo has isolated affected systems, enlisted cybersecurity experts, and notified law enforcement while investigating the full scope of the breach.

5. West Lothian Schools Hit by Ransomware

Schools in West Lothian, Scotland, have fallen victim to a suspected ransomware cyberattack affecting the education network. The attack has led to disruptions, but the council has quickly enacted contingency plans to ensure that all schools remain open without affecting SQA exams. At present, there is no evidence of personal or sensitive data being compromised, but the criminal investigation is ongoing. West Lothian Council is collaborating with Police Scotland and the Scottish government to address the situation and restore normal operations across its 13 secondary schools, 69 primary schools, and 61 nurseries.

6. Cyberattack Targets Tepotzotlán Facebook

The official Facebook page of Tepotzotlán City Hall in the State of Mexico was targeted by a cyberattack early on Monday. Hackers gained unauthorized access to the page, altering the profile and cover photos, replacing them with an image of the Guy Fawkes mask. This symbol is often associated with the Anonymous hacker group. In addition to the photo changes, a story was posted featuring the mask and the name of Tepotzotlán. The city’s authorities promptly reported the incident to the Cyber Police and contacted Meta Platforms for assistance in recovering the page.

For more incidents, click here!

Get Shield 360

📢 Cyber News

7. Kirsten Davies Nominated as Pentagon CIO

President Donald Trump has nominated Kirsten Davies for the role of Pentagon chief information officer (CIO). Davies brings a wealth of experience, having previously held top cybersecurity positions at Unilever, Estée Lauder, and Barclays Africa. With a strong background in the private sector, including leadership roles at Hewlett Packard, Siemens, Booz Allen Hamilton, and Deloitte Australia, Davies is well-suited to modernize the Department of Defense’s (DoD) tech operations.

8. China’s Cyber Power Raises UK Concerns

British officials recently warned that China is rapidly becoming a cyber superpower, with growing national security risks. Pat McFadden, a senior government minister, emphasized China’s capability and scale in cyber activities, noting it as an exceptional challenge. Richard Horne, head of the National Cyber Security Centre, also expressed concern over China’s ongoing cyber operations, which have been linked to espionage. Despite these threats, the UK aims to protect its cyberspace while engaging strategically with China in global supply chains.

9. Europol Takes Down Global DDoS Services

Europol recently announced the successful takedown of several DDoS-for-hire services used in thousands of cyberattacks worldwide. Four individuals, aged between 19 and 22, were arrested by Polish authorities in connection with the operation, while the United States seized nine domains linked to the platforms. These services, including cfxapi and quickdown, allowed users to launch DDoS attacks for as little as EUR 10, targeting various sectors like schools, government services, and gaming platforms.

For more news, click here

📈Cyber Stocks

💡 Cyber Tip

Update Cisco IOS XE Systems Immediately to Patch Critical JWT Flaw

A hardcoded token vulnerability (CVE-2025-20188) in Cisco’s IOS XE Wireless Controller allows unauthenticated attackers to execute commands with root privileges.

✅ Actions You Should Take:

Apply Cisco’s latest security patches – Update affected systems to eliminate the vulnerability.
Restrict management interfaces – Limit access to trusted IPs or internal networks only.
Monitor for unusual HTTPS traffic – Look for suspicious access patterns to the AP image download interface.

Why it matters: Unpatched infrastructure devices can become high-value targets for attackers, enabling full system compromise without user credentials.