🛡️ Weekly Cyber Update – April 28th - May 4th 2025

Community Center
,
1

:shield: Weekly Cyber Update – April 28th - May 4th 2025

Our April 28 – May 4, 2025 update brings 20 critical cybersecurity stories. For everyone, we cover major breaches, scams, and privacy risks with easy tips. For pros, dive into zero-days, malware, and supply chain threats with technical insights. Get actionable advice, tools, and discussion prompts to stay secure!

Cybersecurity for Everyone

Quick, relatable updates to keep you safe online.

:police_car_light: Top Stories

1. Kelly Benefits Data Breach Hits Over 400,000 People :scream:

  • Summary: A payroll and benefits firm, Kelly Benefits, suffered a data breach exposing sensitive info like Social Security numbers for over 400,000 customers.
  • Why it matters: Check your accounts for odd activity and consider freezing your credit to protect your identity.
  • :link: Read more

2. Darcula Phishing Scam Steals 884,000 Credit Cards :credit_card:

  • Summary: The Darcula scam used fake text messages to trick people into sharing credit card details, impacting millions globally.
  • Why it matters: Avoid clicking links in unsolicited texts; verify messages directly with your bank’s official site.
  • :link: Read more

3. UK Retailers Co-op, Harrods, and M&S Face Cyberattacks :department_store:

  • Summary: Major UK stores were hit by cyberattacks, with hackers stealing customer and employee data, disrupting services.
  • Why it matters: Monitor bank statements for unusual charges and update passwords if you shop at these stores.
  • :link: Read more

4. TikTok Fined $600M for Sending User Data to China :mobile_phone:

  • Summary: The EU fined TikTok for transferring European user data to China, risking privacy violations.
  • Why it matters: Adjust TikTok’s privacy settings to limit shared personal info and protect your data.
  • :link: Read more

5. Fake Social Security Emails Install Spyware :e_mail:

  • Summary: Scammers posing as the Social Security Administration sent emails tricking users into installing remote access tools, stealing personal info.
  • Why it matters: Don’t download software from email links; verify claims on the official SSA website.
  • :link: Read more

6. Disney Hack Leaks 1.1TB of Data :movie_camera:

  • Summary: A hacker has pleaded guilty to stealing over 1.1TB of data from Disney’s internal Slack channels, including sensitive employee and customer information.
  • Why it matters: If you use Disney services, watch for suspicious account activity and update your passwords.
  • :link: Read more

7. Nova Scotia Power Cyberattack Steals Customer Info :high_voltage:

  • Summary: Hackers hit Nova Scotia Power, stealing customer data and disrupting IT systems at the Canadian utility.
  • Why it matters: Check for unexpected utility bills or account changes; contact the company if you’re a customer.
  • :link: Read more

8. Ascension Health Reports Second Data Breach :hospital:

  • Summary: Ascension Health disclosed another cyberattack, compromising patient medical data through a third-party software vulnerability.
  • Why it matters: If you’re a patient, review medical statements for errors and enable two-factor authentication on health portals.
  • :link: Read more

9. 94% of Leaked Passwords Are Reused :key:

  • Summary: A study found 94% of stolen passwords are not unique, making it easy for hackers to access multiple accounts.
  • Why it matters: Use a password manager to create unique passwords for every account to stay secure.
  • :link: Read more

10. Co-op Confirms Major Data Theft in Cyberattack :shopping_cart:

  • Summary: The Co-op attack, claimed by DragonForce hackers, stole significant customer and employee data, worse than initially reported.
  • Why it matters: Update your Co-op account password and watch for phishing emails targeting affected users.
  • :link: Read more

:hammer_and_wrench: Tool of the Week

Have I Been Pwned — Check if your email or phone number was exposed in breaches like Kelly Benefits or Disney, ideal for staying safe this week.

:speech_balloon: Question For You!

Hey, have you run into any sneaky scams lately, like fake Zoom calls or weird emails? Share your story and tell us what tips or signs helped you spot them!

Pro Insights: Advanced Cyber Threats (Advanced)

Deep dives for pros and learners.

:police_car_light: Top Technical Updates

1. Commvault Flaw Actively Exploited (CVE-2025-34028) :hammer_and_wrench:

  • Summary: A critical path traversal bug (CVE-2025-34028) in Commvault Command Center allows system access; it’s now in CISA’s Known Exploited Vulnerabilities catalog.
  • Why it matters: Patch urgently to prevent system compromise; follow CISA’s mitigation guidance.
  • :link: Read more

2. AirPlay Vulnerabilities Enable Zero-Click Attacks :red_apple:

  • Summary: Apple’s AirPlay protocol flaws (AirBorne) allow attackers to take over devices on public Wi-Fi without user interaction, now patched.
  • Why it matters: Ensure Apple devices are updated to block these zero-day exploits (new flaws hackers exploit).
  • :link: Read more

3. Magento Supply Chain Attack Compromises E-Stores :shopping_cart:

  • Summary: A supply chain attack via 21 backdoored Magento extensions hit 500–1,000 e-commerce sites, including a $40B firm, with hidden malicious code.
  • Why it matters: Audit Magento extensions and scan for backdoors to prevent data theft or system compromise.
  • :link: Read more

4. MintsLoader Delivers GhostWeaver RAT :microbe:

  • Summary: MintsLoader malware uses obfuscated scripts to deploy GhostWeaver, a remote access trojan, evading detection with sandbox checks.
  • Why it matters: Use endpoint detection and monitor network traffic to catch this stealthy threat.
  • :link: Read more

5. Malicious Go Modules Wipe Linux Systems :floppy_disk:

  • Summary: Three malicious Go modules contain code to download payloads that erase Linux system disks, making them unbootable.
  • Why it matters: Vet open-source dependencies with scanning tools to avoid destructive supply chain attacks.
  • :link: Read more

6. SonicWall Vulnerabilities Exploited in Wild :locked:

  • Summary: Two SonicWall SMA100 and Apache HTTP Server flaws were added to CISA’s KEV catalog after proof-of-concept exploits were published.
  • Why it matters: Apply patches immediately and monitor for unauthorized access to prevent exploitation.
  • :link: Read more

7. Black Kingdom Ransomware Admin Indicted :detective:

  • Summary: A Yemeni national was indicted for deploying Black Kingdom ransomware, targeting 1,500 Microsoft Exchange servers globally.
  • Why it matters: Strengthen email security and patch Exchange servers to block ransomware attacks.
  • :link: Read more

8. Fake WordPress Security Plugin Grants Remote Access :electric_plug:

  • Summary: A malicious WordPress plugin, WP-antymalwary-bot.php, hides as a security tool but allows attackers remote admin access.
  • Why it matters: Verify plugins from trusted sources and scan sites for unauthorized admin accounts.
  • :link: Read more

9. NVIDIA Riva Vulnerabilities Expose AI Services :studio_microphone:

  • Summary: Two NVIDIA Riva flaws (CVE-2025-23242, CVE-2025-23243) risk unauthorized access to AI-powered speech and translation services.
  • Why it matters: Secure Riva deployments and apply patches to prevent resource abuse or data theft.
  • :link: Read more

10. StealC Malware V2 Enhances Stealth :spider_web:

  • Summary: StealC V2, an info-stealer, adds stealth and data theft features, targeting credentials and sensitive data with improved evasion.
  • Why it matters: Deploy advanced threat detection and educate users to avoid phishing lures.
  • :link: Read more

:hammer_and_wrench: Tool of the Week

Tenable Vulnerability Watch — Prioritizes patching critical flaws like CVE-2025-34028 and SonicWall issues.

:speech_balloon: Tech Talk Challenge!

Hey pros, with recent zero-day risks like SAP NetWeaver and Craft CMS exploits, how are you tackling zero-day and supply chain threats in your systems? Share your strategies!

:brain: Key Takeaways

Scams and breaches target all, but unique passwords and swift patches are your shield.

  • :locked: Use a password manager for unique credentials.
  • :mobile_phone_with_arrow: Keep devices and software updated.
  • :man_detective: Stay cautious of unsolicited messages.

:globe_with_meridians: Stay Connected and Secure

Ready to level up your safety game? :bell: Stay in the Loop with the Crushing Security newsletter for the latest news and expert tips delivered to your inbox.

Keep the chat alive—drop your thoughts, news, or stories in the comments below!

:repeat_button: Suggestions:

:light_bulb: Have thoughts or want to help improve future updates? Drop a comment below, share feedback here, or message Steve directly.