Top 5 Cybersecurity News Stories May 2, 2025

By Editorial Team | May 2, 2025

Cybersecurity threats are constantly evolving as threat actors seek access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of. No story is too big or small as we look at threats from espionage to security flaws in everyday devices:

1. Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers

A stealthy malware disguised as a WordPress plugin—WP-antymalwary-bot.php—has been spotted granting attackers admin access, injecting malicious JavaScript, and reactivating itself via a rogue wp-cron.php

It also abuses the REST API and hides from dashboards. Other variants include wpconsole.php and scr.php. Russian-language clues hint at the perpetrators.

2. Harrods luxury department store targeted in third UK retailer cyberattack

Luxury retailer Harrods has confirmed an attempted cyber intrusion, the third major attack on UK retailers this month after Co-op and Marks & Spencer. While Harrods restricted internet access as a precaution, operations continue normally.

M&S faces widespread disruptions linked to the Scattered Spider ransomware gang. Co-op also reported back-office infiltration.

3. Co-op forced to close IT system over attempted hack days after M&S cyberattack

Following the Marks & Spencer breach, Co-op has shut down parts of its IT systems after hackers attempted to infiltrate its network. The 7,000-store chain reported only minor disruptions to call centres and back-office operations.

Scotland Yard and cyber agencies are probing related incidents, including potential links to teen-led hacker group Scattered Spider.

4. Hackers abuse IPv6 networking feature to hijack software updates

APT group “TheWizards” is exploiting IPv6’s SLAAC feature in a stealthy man-in-the-middle attack via a tool called Spellbinder, ESET reports. The malware reroutes traffic through spoofed gateways, targeting software updates from major Chinese companies to install a backdoor named WizardNet.

Victims span Asia and the Middle East. Turning off unused IPv6 may reduce risk.

5. Hackers ramp up scans for leaked Git tokens and secrets

GreyNoise warns of a dramatic spike in scans for exposed .git/config files, with nearly 4,800 unique IPs probing the web on April 20–21, 2025.

Such files can leak API keys, credentials, and access tokens, enabling cloud breaches like the 2024 Internet Archive hack. Singapore, the U.S., and Germany are top targets.