Go to listing page

Daily Cybersecurity Roundup, May 05, 2025

It’s not just about strong passwords. VPN flaws are giving Iranian state-sponsored hackers the perfect entry point to exploit and deploy malware on critical national infrastructure in the Middle East. Meanwhile, the Luna Moth hacking group is phishing its way into legal, finance, and healthcare sectors by spinning up convincing fake helpdesk portals designed to mimic internal IT systems. In the U.K, the NCSC has raised alarms over a rise in ransomware and data extortion attacks hammering the retail sector. What’s hot in cybersecurity? Find out now.





01

Iranian hackers have been targeting Middle Eastern critical national infrastructure (CNI) by exploiting VPN vulnerabilities in Fortinet, Pulse Secure, and Palo Alto Networks to deploy Havoc, HanifNet, HXLibrary, and NeoExpressRAT.

02

Luna Moth hacking group has been conducting a phishing campaign by creating fake helpdesk-themed domains that mimic legitimate internal IT portals, targeting legal, finance, and healthcare sectors.

03

Hundreds of e-stores were compromised in a supply chain attack involving 21 backdoored Magento extensions from vendors like Tigren, Magesolution, and Meetanshi, with attackers using fake license checks to gain control.

04

Three malicious Go modulesprototransform, go-mcp, and tlsproxy—were found containing obfuscated code that fetched and executed remote disk-wiping malware targeting Linux systems.

05

Researchers identified a malicious npm campaign targeting multi-language developers by mimicking libraries from Python, Java, .NET, and Node.js through cross-ecosystem typosquatting to trick users into installing harmful packages.

06

Hackers are exploiting poorly validated email input fields in web forms to launch XSS and SSRF attacks, stealing data, hijacking sessions, and accessing internal systems.

07

Cybercriminals are leveraging adversary-in-the-middle (AiTM) attacks through reverse proxies and PhaaS kits like Tycoon 2FA and EvilProxy to bypass MFA.

08

The NCSC has issued warnings and guidance amid a surge in ransomware and data extortion attacks targeting the retail sector.

09

Researchers have identified eleven critical vulnerabilities in the Tenda RX2 Pro Wi-Fi 6 router, all of which enable remote attackers to gain full device control. Tenda has not issued any patches yet.

10

A critical security vulnerability, tracked as CVE-2025-46762, in Apache Parquet Java has been disclosed that allows attackers to execute arbitrary code via malicious Parquet files.

Get the Daily Cybersecurity Roundup delivered to your email!