Cyber Briefing: 2025.05.22

Function confusion hits cloud platforms, 3AM ransomware uses vishing, GitLab fixes critical flaws, Santa Fe loses $324K, EU sanctions Russia, and Lumma info-stealer faces global takedown.

May 22, 2025

👉 What's happening in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. Function Confusion Hits Serverless Clouds

A new vulnerability dubbed "function confusion" lets attackers exploit serverless cloud services like Google Cloud. By manipulating package installation scripts they execute malicious commands to gather sensitive system data. Cisco Talos found this affects major providers including AWS and Azure proving a widespread weakness. Firms must enhance package monitoring and scrutinize dependencies to counter this serverless threat.

2. 3AM Ransomware Email Bomb and Vishing Threat

A 3AM ransomware affiliate targets firms using email bombing and spoofed IT support voice phishing. Attackers trick employees into granting remote access via Quick Assist to deploy backdoors like QDoor. They used QEMU for evasion and exfiltrated 868GB of data though Sophos blocked the ransomware encryptor. This group linked to Conti and Royal highlights needs for better defenses and employee awareness.

3. GitLab Patch Stops Service Disruption Risks

GitLab issued critical security patches for eleven vulnerabilities across its platforms including denial of service flaws. The most severe flaw CVE-2025-0993 allows server resource exhaustion while others target Kubernetes. This update also addresses authentication bypass like a SAML weakness and CI/CD variable exposure. GitLab mandates immediate upgrades and security reviews emphasizing continuous vulnerability management.

For more alerts, click here!

Check Jobs

💥 Cyber Incidents

4. Santa Fe City Loses $324K In Hacker Scam

The City of Santa Fe New Mexico lost $324,000 after a hacker diverted a vendor payment. City officials were notified by Wells Fargo and the FBI is investigating this major theft. Recovery of the funds meant for contractor GM Emulsion is uncertain due to a time lag. While the city will pay its vendor it may not recoup the stolen money for many months.

5. Belgium Housing Hit by Ransomware Attack

Belgian social housing firm La Maison Liégeoise suffered a cyberattack disrupting services for 10000 people. Hackers used ransomware to encrypt data demanding two bitcoins but the Liège company refused to pay. An IT company is working on system restoration with an unknown timeline while Cyber Unity investigates. La Maison Liégeoise offers interim face to face service and an emergency phone line for tenants.

6. Cyberattack Paralyzes French Hauts de Seine

The Hauts-de-Seine in France near Paris suffered a cyberattack on Tuesday paralyzing its administration. All telecommunications were cut as a precaution with IT managers in nearby municipalities alerted. While the attack's nature is unknown, IS teams are mobilized to protect data and restore services. This French department which includes La Défense district has faced cyber incidents in previous years.

For more incidents, click here!

Check Tools

📢 Cyber News

7. Global Takedown Hits Lumma InfoStealer

A global operation involving law enforcement and private firms has disrupted the Lumma info-stealer malware. They seized 2300 domains from this service which Europol called the world's top info-stealer threat. Lumma, active since 2022, was sold as malware-as-a-service by a Russian developer using various distribution methods. It employed advanced obfuscation and resilient infrastructure though its developer intended to quit soon.

8.India e-Zero FIR Speeds Cybercrime Justice

India launched the e-Zero FIR system to automatically convert high value financial cybercrime complaints into FIRs. Announced by Amit Shah, this Delhi pilot under I4C aims for faster justice leveraging new criminal laws. The system removes jurisdictional issues for quick investigation of complaints from the national portal or helpline. This initiative part of Cyber Secure Bharat will expand nationwide with accountability for officials.

9. EU Sanctions Russia For Its Hybrid Threats

The EU imposed new sanctions on 21 individuals and 6 entities for Russia's destabilizing actions. It broadened its scope to target assets, financial transactions and Russian controlled media broadcasting. Sanctioned parties include propagandists like Medvedchuk GRU operatives fishing firms and web host Stark Industries. Those designated face asset freezes and travel bans as the EU counters Russia's hybrid threats.

For more news, click here

Check Events

📈Cyber Stocks

On May 21, 2025, Zscaler fell 1.28%, CrowdStrike Holdings dropped 1.70%, while Palo Alto Networks, Fortinet, and SentinelOne declined 6.80%, 1.86%, and 3.43% respectively.

💡 Cyber Tip

Be cautious of sudden floods of emails or unexpected IT support calls.

A ransomware group using the 3AM strain is tricking employees into giving up remote access by spoofing IT support calls and overwhelming inboxes with fake emails. These attacks are designed to feel urgent and convincing.

✅ What you should do

If you receive a large number of unexpected emails, pause and do not take immediate action. This may be part of an email bombing attack.
Never grant remote access to anyone unless you have verified their identity directly through official channels.
Be skeptical of IT support calls, especially those that seem rushed or request you to open tools like Microsoft Quick Assist.
If something feels suspicious, contact your real IT department through a known and trusted number.
Always report strange calls or messages to your security team.

✅ Why this matters

These attacks use social engineering to create panic and trick people into giving away access. One mistake could allow attackers to steal large amounts of data or deploy ransomware.