Go to listing page

Daily Cybersecurity Roundup, May 08, 2025

It’s not every day that hackers get hacked, but LockBit just found out what that feels like. The LockBit ransomware gang has been breached, with its dark web affiliate panels defaced and a trove of sensitive data leaked. Meanwhile, Russian-linked COLDRIVER hackers have escalated their operations by deploying new malware aimed at stealing files and system data from Ukraine-connected advisors, journalists, and NGOs. In parallel, a Flashpoint report highlights that some financially motivated threat groups have aggressively targeted the financial sector. Stay tuned for the latest cybersecurity updates from the past 24 hours.

01

The LockBit ransomware gang has been hacked, resulting in the defacement of its dark web affiliate panels and the exposure of a MySQL database dump containing nearly 60,000 Bitcoin addresses, ransomware build configurations, and over 4,400 victim negotiation messages.

02

Russia-linked  COLDRIVER hackers are using a new LOSTKEYS malware to steal files and system data from Ukraine-linked advisors, journalists, and NGOs.

03

Malicious npm packages disguised as developer tools are targeting macOS Cursor IDE users, stealing credentials, and altering files to establish persistent backdoor access.

04

The Play ransomware gang exploited a Windows Common Log File System zero-day vulnerability (CVE-2025-29824) to gain system privileges and deploy malware in targeted attacks.

05

Cisco has addressed 35 vulnerabilities, including 17 critical and high-severity bugs in IOS and IOS XE software. The critical flaw (CVE-2025-20188) allows arbitrary file uploads and RCE on Wireless LAN Controllers with a specific feature enabled.

06

SysAid has patched multiple vulnerabilities in its ITSM software, including XXE flaws (CVE-2025-2775, CVE-2025-2776, CVE-2025-2777) and an OS command injection bug (CVE-2025-2778), that could be chained to enable unauthenticated RCE.

07

Researchers have disclosed vulnerabilities in Microsoft Bookings due to insufficient input validation. These flaws allowed HTML injection in emails, calendar manipulations, and unauthorized modifications.

08

Cisco Talos uncovered a spam campaign in Brazil where attackers use the NF-e system as bait and exploit RMM tool free trials (like N-able and PDQ Connect) to gain full control of victims' machines.

09

As per a Flashpoint report, threat actors like RansomHub, Akira, LockBit, FIN7, Scattered Spider, and Lazarus Group heavily targeted the financial sector, which saw 406 ransomware victims—7% of all cases between April 2024 and April 2025.

10

OX Security, an AppSec startup, raised $60 million in a Series B funding round led by DTCP, with support from IBM Ventures, Microsoft, Swisscom Ventures, Evolution Equity Partners, and Team8.

Get the Daily Cybersecurity Roundup delivered to your email!