Infosec bits for 2025 week 19

Kgwadi Matenche | May 9, 2025, 4:28 p.m.

Cybersecurity News:

LockBit’s Dark Web Domains Hacked, Internal Data and Wallets Leaked [Waqas, HackRead]

Meta Wins Lawsuit Against Spyware Vendor NSO Group [Kristina Beek, Dark Reading]

PowerSchool Paid Ransom, Now Hackers Target Teachers for More [Waqas, HackRead]

Privacy regulator fines TikTok $600 million over EU data transfers to China [Suzanne Smalley, Recorded Future News]

Vulnerabilities & Patches:

Cisco fixes max severity IOS XE flaw letting attackers hijack devices [Bill Toulas, Bleeping Computer]

Possible Zero-Day Patched in SonicWall SMA Appliances [Ionut Arghire, SecurityWeek]

OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws [Ravie Lakshmanan, The Hacker News]

Breaches & Leaks:

Hackers launch ‘serious’ attacks against Georgia school district, New Mexico university [Jonathan Greig, Recorded Future News]

Education giant Pearson hit by cyberattack exposing customer data [Lawrence Abrams, Bleeping Computer]

South African Airways says cyberattack disrupted operational systems [Jonathan Greig, Recorded Future News]

Others:

Supply chain attack hits npm package with 45,000 weekly downloads [Bill Toulas, Bleeping Computer]

Cyber criminals impersonate payroll, HR and benefits platforms to steal information and funds [Jérôme Segura, Malwarebytes Labs]