Go to listing page

Daily Cybersecurity Roundup, May 07, 2025

Discord has become a prime target for cyberattacks, with multiple campaigns targeting its user base. A recent phishing scheme redirects crypto users from legitimate sites to Inferno Drainer-linked pages. In another attack, a malicious PyPI package named discordpydebug masquerades as a debugging tool but operates as a RAT, targeting Discord bot developers. Additionally, the Reckless Rabbit and Ruthless Rabbit groups are conducting sophisticated investment scams, using Facebook ads, fake celebrity endorsements, and cloaked traffic techniques to deceive users. Catch up on the top news from the last 24 hours.

01

A new phishing campaign has been leveraging Discord to redirect crypto users from legitimate sites to phishing pages connected to Inferno Drainer, a drainer-as-a-service that provides malicious scripts and infrastructure to cybercriminals.

02

Researchers discovered a malicious PyPI package, discordpydebug, masquerading as a debugging tool while acting as a RAT to target Discord bot developers through trusted community channels.

03

Iranian cyber actors have been identified impersonating a German model agency in a cyberespionage campaign. The operation involves an obfuscated JavaScript to collect detailed visitor data for selective targeting.

04

The Agenda ransomware group is using a new, highly obfuscated .NET-based loader called NETXLOADER to deploy SmokeLoader and Agenda ransomware via advanced techniques like JIT hooking and AES decryption.

05

A targeted campaign has been using Lampion malware against Portuguese organizations in the government, finance, and transportation sectors, employing the ClickFix social engineering technique.

06

Two threat actors, Reckless Rabbit and Ruthless Rabbit, are conducting investment scams using Facebook ads, spoofed celebrity endorsements, and traffic distribution systems to lure victims, primarily in Eastern Europe.

07

IBM disclosed two high-severity flaws in Cognos AnalyticsCVE-2024-40695 and CVE-2024-51466—with CVE-2024-40695 enabling unauthorized file uploads via improper validation in versions 12.0.0–12.0.4 and 11.2.0–11.2.4 FP4.

08

A critical vulnerability in the OttoKit WordPress plugin (CVE-2025-27007) is being exploited by attackers to gain administrative privileges on WordPress sites.

09

Threat actors are exploiting CVE-2024-6047 and CVE-2024-11120 in outdated GeoVision IoT devices to spread LZRD, a Mirai-based botnet variant.

10

AppSignal, an application performance monitoring provider, secured $22 million in a Series A funding round led by Elsewhere Partners.

Get the Daily Cybersecurity Roundup delivered to your email!