Cyber Briefing: 2025.05.09

Phishing scams, router exploits, and developer token leaks expose credential theft, crypto fraud, and infrastructure risks across education, finance, consumer services, and global digital platforms.

May 09, 2025

Listen to our podcast here!

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this?

👉 What are the latest cybersecurity alerts, incidents, and news?

Get Help

🚨 Cyber Alerts

1. FBI Warns Cybercriminals Exploit Routers

The FBI has issued a warning about cybercriminals exploiting outdated routers to build illicit proxy networks. These routers, lacking security updates, are infected with TheMoon malware that allows attackers to conceal their activities. The FBI identified several vulnerable Linksys and Cisco models and urges users to replace them. The malware enables criminals to commit cybercrimes, such as fraud and cryptocurrency theft, while masking their identities.

2. X Scam Targets Crypto Users with Fake Ads

A financial scam exploiting X/Twitter’s advertising system has emerged, targeting cryptocurrency investors. Cybercriminals are using trusted domain names like CNN.com in ad URLs while redirecting users to fake cryptocurrency websites. These ads create a false sense of legitimacy, even featuring fabricated endorsements from Apple’s CEO. The attack leverages a URL loophole to bypass X/Twitter’s verification system and successfully lure victims to phishing sites.

3. FreeDrain Phishing Steals Crypto Funds

A sophisticated phishing operation named FreeDrain has been stealing cryptocurrency from users for several years. It uses SEO manipulation and free-tier web services like GitHub and Webflow to lure victims to fake wallet pages. Over 38,000 distinct sub-domains have been identified, hosting pages designed to mimic legitimate wallet interfaces and steal seed phrases. Researchers found that the attackers employ generative AI tools, spamdexing, and cloud platforms to bypass detection, creating a resilient ecosystem that's difficult to disrupt or shut down.

For more alerts, click here!

Check Jobs

💥 Cyber Incidents

4. LockBit Ransomware Data Leaked After Hack

On May 7, a domain tied to the LockBit ransomware operation was hacked and defaced, revealing a significant data breach. The leaked information includes internal messages between LockBit affiliates and their victims, as well as Bitcoin wallet addresses and details about attacks. Experts like Christiaan Beek and Luke Donovan noted that this data could be critical for law enforcement and cybersecurity research, helping to trace the group’s activities and interactions. Although LockBit downplayed the breach's impact, it has raised concerns over the operation’s resilience despite efforts to disrupt it.

5. Education Giant Pearson Hit by Data Breach

Pearson, the UK-based education giant, was hit by a cyberattack after a developer token was exposed. The breach occurred due to a publicly accessible GitLab Personal Access Token, which allowed attackers to infiltrate internal systems. Sensitive data, including customer information and financial records, was stolen through compromised cloud platforms. Despite Pearson’s claim that only "legacy data" was affected, cybersecurity experts remain concerned about the scope and potential risks.

6. Spanish Consumer Group Faces Cyberattack

The Spanish Consumer Organization (Organización de Consumidores y Usuarios) suffered a breach exposing over 500 email credentials and confidential documents. The leak, shared on BreachedForum, revealed sensitive internal data from the organization’s systems. Despite the organization’s claim that the exposed data was outdated, it continues to circulate in hacking forums and the Dark Web. This incident underscores the rising cybersecurity risks in Spain, as reported breaches surged significantly in 2024.

For more incidents, click here!

Report Incident

📢 Cyber News

7. UK Government Shifts to Passkey Security

The UK government is set to implement passkey technology across its digital services later this year. This initiative will replace traditional password-based and SMS verification systems, aiming to boost security and improve the user experience. Passkeys will store authentication credentials on user devices, making them resistant to phishing and credential theft. In addition to enhancing digital security, the shift is expected to save millions of pounds annually while enabling faster, more efficient logins for users accessing government services.

8. Google Deploys AI to Combat Scams on Chrome

Google has introduced new AI-based countermeasures to fight scams on Chrome, Android, and Search. By using Gemini Nano, an on-device large language model, it enhances Safe Browsing in Chrome and detects new scam tactics. The technology analyzes websites for scam indicators, improving security against fraudulent schemes. With expanded features, Google aims to block more scams, including deceptive notifications, while boosting fraud prevention across its platforms.

9. The Nmap Project released Nmap 7.96

Nmap 7.96 brings major improvements, including parallel DNS lookups for faster scans and reduced processing time. The new approach enables faster resolution of large hostname lists, offering better efficiency for network security tasks. Updates to key libraries such as OpenSSL, Lua, and libssh2 enhance compatibility and performance. Additionally, the new NSE scripts, dark mode for Zenmap, and improved Ncat functionality streamline the user experience, making Nmap an even more powerful tool for network administrators and security professionals.

For more news, click here

📈Cyber Stocks

💡 Cyber Tip

Avoid Phishing Ads on X/Twitter Disguised as Trusted Crypto Sites

Scammers are abusing X/Twitter ads by spoofing domains like CNN.com to promote fake crypto investments and phishing pages with fabricated celebrity endorsements.
✅ Actions You Should Take:

Never trust crypto offers from ads – Especially those claiming endorsements or “urgent” opportunities.
Inspect URLs carefully – Look beyond the display name for hidden redirects.
Use browser extensions – Enable anti-phishing tools that flag suspicious links.

Why it matters: Even legitimate-looking ads can lead to phishing traps that drain your crypto wallet instantly.