🎙️ Introduction
Good morning, Security Gang!
After a packed Cinco de Mayo, James Azar is back with a huge rundown of today's most critical cybersecurity news. From ransomware paralyzing school systems to fresh zero-day exploits targeting Android and AirPlay, today’s episode breaks down the evolving landscape in cybercrime, supply chain risks, and the rising weaponization of AI platforms.
Plus, we look ahead to CyberWeek in Israel, where CyberHub Podcast will bring exclusive content. If you are interested in partnering with us please email us info@cyberhubpodcast.com
Espresso in hand (foam perfectly frothed, of course)—let's dive in!
Coweta County Schools and Western New Mexico University Hit by Cyberattacks
The Coweta County School System in Georgia, serving 23,000 students, suffered a major cyberattack that disrupted internal networks during the crucial final exam period. Employees were advised not to use desktop systems as authorities investigate, though the district mistakenly reported the attack to Homeland Security instead of the FBI, highlighting local government cyber-response gaps. Similarly, Western New Mexico University has been offline for nearly a month after a cyberattack crippled its website and internal services. Analysts suggest poor segmentation and backup practices likely delayed recovery.
Peru Denies Major Ransomware Breach Despite Rhysida Gang Claims
The Peruvian government denied claims that ransomware group Rhysida seized control of its federal digital platform. Officials clarified that only a small tax administration subdomain was impacted, not critical national infrastructure. Skepticism about Rhysida’s low ransom demand (five Bitcoin) suggests the attack was exaggerated by both the criminals and certain media outlets, illustrating the gap between actual cyberattacks and sensationalist reporting.
Luna Moth (Silent Ransom Group) Ramps Up Phishing Extortion Attacks
Luna Moth, also known as the Silent Ransom Group, has escalated phishing-based extortion attacks targeting U.S. law firms and financial institutions. Researchers at EclecticIQ uncovered that Luna Moth uses callback phishing by impersonating IT help desks through email, fake websites, and phone calls. Attackers exfiltrate sensitive files using RMM tools like AnyDesk and WinSCP before demanding ransoms to prevent leaks. Regulators could drastically cut down these scams by requiring VoIP numbers to be tied to verified U.S. IDs—a simple fix that remains ignored.
Microsoft Officially Shuts Down Skype
An era officially ends as Microsoft announces the shutdown of Skype, which once dominated online video communication. First sold to eBay in 2005, then acquired by Microsoft for $8.5 billion in 2011, Skype slowly faded into irrelevance under Microsoft's stewardship. The once-revolutionary platform joins a long list of acquired companies that were gradually sidelined instead of innovated.
Linux Servers Targeted by Supply Chain Attack with Disk Wiper Malware
A new supply chain attack aimed at Linux servers surfaced via three malicious Golang modules on GitHub. These modules retrieved destructive payloads designed to wipe disk data—an increasingly common tactic first seen in Russian wiper malware during the Ukraine war. All identified modules have been removed, but the campaign highlights the growing spread of destructive military malware into civilian enterprise systems.
LangFlow AI Framework Vulnerability Under Active Exploitation
CISA has issued a warning about active exploitation of a critical vulnerability (CVE-2025-3248) in LangFlow, a Python-based AI builder. With a CVSS score of 9.8, the vulnerability allows unauthenticated remote code execution. Attackers are exploiting a flaw in the framework's code validation endpoint, and technical proof-of-concept exploits have fueled a spike in attacks. Organizations using LangFlow must update to version 1.3.0 immediately.
Apple AirPlay Exploit Could Allow Zero-Click Device Takeover
Researchers from Oligo Security disclosed Airborne vulnerabilities in Apple's AirPlay that could enable zero-click device takeovers if exploited. Although Apple has patched the issues, users must configure AirPlay access settings (limit to Contacts Only) to effectively eliminate exposure. The findings again highlight the dangers of exposed wireless protocols without proper user-side restrictions.
Samsung MagicInfo CMS Exploited Following Public Disclosure
Exploitation of a critical path traversal vulnerability (CVE-2024-7399) in Samsung’s MagicInfo content management system is now underway. The flaw allows unauthenticated attackers to upload malicious files and execute code with system-level privileges. Despite being patched in August 2024, many systems remain vulnerable due to poor patch management practices across digital signage and display networks.
Google Android Updates Fix 50 Vulnerabilities, Including Active Exploit
Google's May 2025 Android update fixes over 50 vulnerabilities, including a major one (CVE-2025-XXXX) that was already exploited in the wild. Meta had earlier warned of a zero-day targeting Android devices, prompting faster patch cycles. Users are urged to update immediately to avoid active exploitation campaigns.
Kubernetes Deployments Risk Data Exposure via Helm Charts
Microsoft researchers identified security risks stemming from default configurations in popular Kubernetes Helm charts, specifically Apache Pinot, Meshery, and Selenium Grid. Many instances lack authentication, exposing sensitive environments to potential attacks. Organizations should immediately audit their Kubernetes deployments and enforce stricter access controls.
Ukrainian Woman Recruited via TikTok Caught Spying for Russia
Ukrainian authorities arrested a 43-year-old woman recruited by Russia's FSB via TikTok to spy on Ukrainian military positions in the Donetsk region. She faces charges of high treason and possible life imprisonment. The case underscores the ease with which foreign intelligence services exploit social media platforms to recruit assets inside conflict zones.
📌 Action Items for Practitioners
Audit School and University Systems: Ensure proper network segmentation and reliable backups to prevent long recovery times after attacks.
Validate Third-Party Claims: Scrutinize ransomware group statements and avoid overreacting to exaggerated media reporting.
Strengthen VoIP Protections: Advocate for VoIP number verification to cut down callback phishing and extortion scams.
Patch Critical Vulnerabilities Immediately: Prioritize LangFlow, Android, Apple AirPlay, and MagicInfo CMS updates.
Review Kubernetes Deployments: Harden Helm chart configurations and enforce strict authentication across environments.
Limit Wireless Exposure: Adjust AirPlay settings to restrict access only to trusted devices.
Expand Threat Monitoring for Wipers: Update detection capabilities for disk-wiping malware across Linux environments.
Stay Cyber Safe, Security Gang!
Catch you tomorrow at 9 AM Eastern for another live update.
✅ Story Links:
https://therecord.media/hackers-serious-georgia-new-mexico
https://therecord.media/peru-rhysida-ransomware-claims-denied
https://www.securityweek.com/critical-vulnerability-in-ai-builder-langflow-under-attack/
https://thehackernews.com/2025/05/wormable-airplay-flaws-enable-zero.html
https://www.securityweek.com/samsung-magicinfo-vulnerability-exploited-days-after-poc-publication/
https://www.securityweek.com/android-update-patches-freetype-vulnerability-exploited-as-zero-day/
https://therecord.media/ukraine-arrests-fsb-agent-spying-recruited-tiktok
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post