4. Mobius Token Exploit Drains $2.15 Million

A critical exploit targeting Mobius Token’s smart contracts on the BNB Chain resulted in the theft of $2.15 million. The attack occurred on May 11, 2025, when the hacker deployed a malicious contract that drained 28.5 million MBU tokens from the victim’s wallet. These tokens were then converted into USDT, causing significant financial loss. The exploit was detected just minutes after the malicious contract was deployed, with Cyvers Alerts confirming the use of suspicious code and unusual transaction patterns.

5. Cyberattack Hits Università Roma Tre Website

On May 8, 2025, Università Roma Tre in Italy experienced a major cyberattack affecting its IT infrastructure. The attack led to the complete inaccessibility of university websites and services, prompting a swift response from national cybersecurity authorities. The university worked to restore vital administrative systems, including student services, research management, and accounting systems. While the full scope of the attack remains unclear, the university aims to fully restore operations by May 12, 2025.

6. Cyberattack Hits Public Agencies in Paraguay

A significant cyberattack targeted multiple government institutions in Paraguay on May 8, 2025, affecting 11 entities. Among those impacted, the Ministry of Health was notably hit, with concerns regarding the exposure of sensitive vaccination data. The attack has resulted in the leakage of personal information, including phone numbers and potentially other confidential details. MITIC, the Ministry of Information and Communications Technology, has initiated investigations and is working to enhance the country’s cybersecurity measures to prevent further breaches and mitigate the damage.

7. UN New Cyberattack Assessment Framework

The United Nations has introduced the UNIDR Intrusion Path framework to enhance cyber defense. It aims to help stakeholders better understand malicious ICT activities and improve cyber diplomacy. The framework outlines three key layers: outside, on, and inside the network perimeter, focusing on activities by both attackers and defenders. It complements existing models like MITRE ATT&CK and the Cyber Kill Chain, contributing to a more secure digital environment.

8. Botnet Selling Hacked Routers Dismantled

Authorities recently dismantled a botnet that had infected thousands of routers worldwide over the past 20 years, forming two illegal proxy networks, Anyproxy and 5socks. These networks, operated by Russian and Kazakhstani nationals, allowed cybercriminals to conduct illicit activities by offering residential proxy services. The U.S. Justice Department, along with Dutch and Thai police forces, coordinated with analysts from Lumen Technologies’ Black Lotus Labs to dismantle the operation.

9. Google Settles Privacy Lawsuits for $1.375B

Google has agreed to a $1.375 billion settlement with the state of Texas over two lawsuits accusing the company of unlawful tracking and data collection. The lawsuits, filed in 2022, focused on the unauthorized collection of user location data, including when Location History settings were disabled, and biometric data like facial recognition without user consent. This settlement dwarfs previous payments Google made to settle similar lawsuits with other U.S. states, including a $391 million payout in 2022 and smaller settlements with Indiana and California.

Protect Against PupkinStealer Malware Using Strong Credential Hygiene
PupkinStealer is a stealthy infostealer that exfiltrates credentials and data via Telegram bots.
✅ Actions You Should Take:

• Use a password manager — Avoid storing passwords in browsers where malware can extract them.
• Enable multi-factor authentication (MFA) — Make stolen credentials less useful.
• Block Telegram API at the firewall — Prevent outbound data exfiltration via Telegram bots.

Why it matters: Malware like PupkinStealer enables attackers to silently harvest sensitive data in real time.