1. COLDRIVER Hackers Target Sensitive Data

A Russian threat actor, COLDRIVER, has launched a malware campaign targeting diplomats and defense contractors. The malware, known as LOSTKEYS, is designed for data exfiltration, focusing on sensitive documents and communications. It spreads through spear-phishing emails containing weaponized attachments that exploit vulnerabilities in office software. The malware uses sophisticated obfuscation techniques to avoid detection and maintain persistence on infected systems.

2. Cisco Fixes Flaw in IOS Wireless Controller

Cisco has released software updates to address a critical vulnerability in its IOS XE Wireless Controller, tracked as CVE-2025–20188, which has been rated 10.0 on the CVSS scale. The vulnerability arises from a hard-coded JSON Web Token (JWT) on affected systems, allowing an unauthenticated remote attacker to exploit it by sending specially crafted HTTPS requests to the AP image download interface. If successfully exploited, the attacker could upload arbitrary files, perform path traversal, and execute commands with root privileges.

3. CoGUI Targets Consumer and Finance Brands

The CoGUI phishing framework has been actively targeting organizations in Japan since October 2024, sending millions of phishing messages. The kit impersonates popular brands like Amazon, PayPay, and Rakuten, tricking users into disclosing sensitive information such as login credentials and payment details. Its sophisticated evasion techniques, including browser profiling and geofencing, help it evade automated detection systems, making it highly effective.

For more alerts, click here!

Masimo, a leading medical device manufacturer, reported a cyberattack that began on April 27, impacting its ability to process and ship customer orders. The company stated that several of its manufacturing facilities were operating below normal capacity, causing delays in order fulfillment. Since the attack, Masimo has isolated affected systems, enlisted cybersecurity experts, and notified law enforcement while investigating the full scope of the breach.

5. West Lothian Schools Hit by Ransomware

Schools in West Lothian, Scotland, have fallen victim to a suspected ransomware cyberattack affecting the education network. The attack has led to disruptions, but the council has quickly enacted contingency plans to ensure that all schools remain open without affecting SQA exams. At present, there is no evidence of personal or sensitive data being compromised, but the criminal investigation is ongoing. West Lothian Council is collaborating with Police Scotland and the Scottish government to address the situation and restore normal operations across its 13 secondary schools, 69 primary schools, and 61 nurseries.

6. Cyberattack Targets Tepotzotlán Facebook

The official Facebook page of Tepotzotlán City Hall in the State of Mexico was targeted by a cyberattack early on Monday. Hackers gained unauthorized access to the page, altering the profile and cover photos, replacing them with an image of the Guy Fawkes mask. This symbol is often associated with the Anonymous hacker group. In addition to the photo changes, a story was posted featuring the mask and the name of Tepotzotlán. The city’s authorities promptly reported the incident to the Cyber Police and contacted Meta Platforms for assistance in recovering the page.