May 5, 2025 – Cyber Briefing

👉 What’s happening in cybersecurity today?

Malicious Go Modules, Linux Systems, E-commerce, Magento Extensions, Supply Chain Attack, SonicBoom Attack Chain, Chimera Malware, AI, Bypass Security, Golden Chickens, TerraStealerV2, TerraLogger, Raw Dating App, User Data, Location, Pro-Russian Hackers, Romanian Government, DDoS Attack, Arizona, Fowler Elementary School District, Cyberattack, Canada, Jim Pattison Children’s Hospital, Patient Records, Singapore, Kingsmen Creatives, Ransomware Attack, TikTok, GDPR Violations, China Data Transfers, Cambodia’s Huione Group, North Korean Cybercrime, US, Yemen, Black Kingdom Ransomware, Weak Passwords, Acadian Ambulance, Lawsuit, Data Breach.

Listen to the full podcast

🚨 Cyber Alerts

1. Malicious Go Modules Target Linux Systems

Cybersecurity researchers discovered three malicious Go modules that target Linux systems with destructive payloads. These modules, named prototransform, go-mcp, and tlsproxy, fetch remote scripts to overwrite primary disks, making systems unbootable. The payloads are designed to erase all data irreversibly, posing significant risks to affected environments. Researchers also uncovered malicious npm and PyPI packages targeting cryptocurrency wallets and leveraging Gmail for covert communications.

2. Magento Backdoor Affects E-Commerce Stores

A supply chain attack involving 21 backdoored Magento extensions has compromised 500 to 1,000 e-commerce stores, including one for a $40 billion multinational company. Sansec found that the malicious code, implanted as early as 2019, was activated only in April 2025. The backdoor allows attackers to remotely upload and execute arbitrary PHP code, leading to serious consequences like data theft and skimming. Users are advised to scan for indicators of compromise and restore from clean backups to mitigate risks.

3. SonicBoom Attack Exposes Critical Systems

SonicBoom is a critical attack chain that targets enterprise appliances like SonicWall SMA and Commvault backup systems. The attack leverages pre-authentication vulnerabilities and server-side request forgery (SSRF) to bypass authentication and gain unauthorized access. Attackers can then use arbitrary file writes to deploy malicious files, ultimately achieving remote code execution with administrative privileges. This exploit allows attackers to install programs, steal sensitive data, and further compromise the network, making immediate remediation, including patching and auditing, essential for preventing catastrophic breaches.

4. Chimera Malware Outsmarts Firewalls

Chimera is a highly sophisticated malware that infiltrates systems through software updates or phishing attempts. Once inside, it rapidly establishes persistence and moves laterally across both Windows and macOS environments. The malware’s self-learning AI enables it to adapt, evade detection, and mimic legitimate user behavior, making it difficult to identify. Chimera also exploits zero-day vulnerabilities, such as those in the Windows Print Spooler service, to execute arbitrary code remotely and bypass security measures.

5. Golden Chickens Unleashes New Malware

Golden Chickens has released two new malware families, TerraStealerV2 and TerraLogger. TerraStealerV2 targets browser credentials, cryptocurrency wallet data, and browser extensions, while TerraLogger is a keylogger that records keystrokes. Both malware variants are distributed in various formats, including EXEs, DLLs, and MSIs, with exfiltrated data sent via Telegram and a remote domain. These tools reflect Golden Chickens’ ongoing efforts to enhance their malware offerings and expand their cybercrime operations.

💥 Cyber Incidents

6. Raw Dating App Exposes User Data Through Bug

A major security flaw in the Raw dating app exposed sensitive user data, including personal preferences, birthdates, and precise location details. TechCrunch discovered that an insecure direct object reference vulnerability allowed easy access to this data, with no authentication checks in place. Despite claiming to use end-to-end encryption, the app failed to secure user information, putting users at risk of data exposure. Raw addressed the issue shortly after being notified, securing the vulnerable endpoints and promising to enhance safeguards.

7. Romanian Government Websites Hit by DDoS Attack

On May 4, 2025, the official websites of Romania’s Ministry of Interior and Ministry of Justice were attacked by the pro-Russian hacker group NoName 0 5 7. The group claimed responsibility for the DDoS attack that caused disruptions to several key websites, including those of government institutions and political candidates. The attack was confirmed by the National Directorate for Cyber Security, which later restored the affected websites. NoName057, a hacker group known for its pro-Kremlin activities, has been involved in similar attacks targeting various countries worldwide.

8. Fowler School District Hit by Cyberattack

The Fowler Elementary School District in Phoenix, Arizona, was targeted by the Interlock ransomware group. The attack allegedly compromised 400 gigabytes of sensitive data, including personal information of students and staff. The group posted images and a directory structure of the leaked files, though their authenticity remains unverified. With no official response from the district, concerns about the potential public release of the data continue to grow.

9. Saskatoon Nurse Accessed 314 Patient Records

A nurse at Jim Pattison Children’s Hospital in Saskatoon unlawfully accessed 314 patient records. The nurse’s actions, which occurred from August to December 2021, were revealed in a report by Saskatchewan’s Privacy Commissioner. Sensitive information, including personal and medical details, was accessed without a legitimate reason. The Saskatchewan Health Authority responded by terminating the nurse and reporting the incident, though the nurse’s license remains intact.

10. Kingsmen Creatives Hit by Ransomware Attack

In May 2025, Kingsmen Creatives Ltd., a Singapore-based creative services firm, revealed a ransomware attack. The company stated that no data exfiltration was detected, thus avoiding the worst-case scenario. However, the attack raised concerns about the firm’s cybersecurity readiness and potential vulnerabilities in its systems. Although no immediate financial damage occurred, the incident underscored the rising risks creative services firms face as cybercriminals target a broader range of industries.

📢 Cyber News

11. TikTok Fined $600M Over EU Data Violations

TikTok was fined €530 million ($600 million) by Ireland’s Data Protection Commission for breaching GDPR rules. The company failed to demonstrate that its Chinese staff adhered to strict EU data protection laws when accessing European user data. TikTok had also misrepresented to the DPC that it didn’t store European users’ data on Chinese servers, later admitting that some data was indeed stored there. Despite updating its privacy policy in 2022, the company failed to disclose that staff in China had remote access to personal data stored in Singapore and the United States, violating GDPR transparency requirements.

12. US Targets Huione Group for Cybercrime Links

The U.S. Treasury Department has proposed severing Huione Group’s access to the U.S. financial system due to its involvement in laundering illicit funds. The group, based in Cambodia, has been implicated in laundering over $4 billion, including money linked to North Korean state-backed cybercrime activities and Southeast Asian investment scams. The Financial Crimes Enforcement Network (FinCEN) found that Huione facilitated fraud by handling transactions through platforms such as Huione Guarantee and Huione Pay, both of which played significant roles in the expanding cybercrime industry.

13. US Charges Yemeni Man Over Ransomware Attack

In May 2025, the U.S. Department of Justice charged Rami Khaled Ahmed for deploying Black Kingdom ransomware. The ransomware targeted businesses, schools, and medical services from March 2021 to June 2023. Ahmed exploited vulnerabilities in Microsoft Exchange Server to execute the attack, infecting around 1,500 systems. If convicted, Ahmed faces up to five years in federal prison for each charge, with the FBI leading the investigation.

14. Weak Passwords Affect 36% of Online Users

The FIDO Alliance’s recent survey found that 36% of people had an online account compromised due to weak or stolen passwords. Passkeys are emerging as a secure alternative, with 75% of people now aware of them and 69% enabling them on at least one account. Passkeys provide more robust security, using biometrics and cryptography to resist phishing. FIDO aims to promote widespread adoption through its World Passkey Day initiative and Passkey Pledge.

15. Acadian Ambulance Seeks Dismissal of Lawsuit

Acadian Ambulance is seeking to dismiss a class action lawsuit regarding a 2024 data breach that affected 2.9 million people. The breach, caused by a ransomware attack, exposed sensitive data, including Social Security numbers, which were allegedly leaked onto the dark web. The company argues that the plaintiffs have not demonstrated any actual harm from the breach and that the claims are insufficient to warrant a lawsuit. Plaintiffs maintain that the breach has left victims at risk of identity theft and fraud, with many spending time and money to mitigate the damage.