Top 5 Cybersecurity News Stories May 9, 2025

By Editorial Team | May 9, 2025

Cybersecurity threats are constantly evolving as threat actors seek access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of. No story is too big or small as we look at threats from espionage to security flaws in everyday devices:

1. Wormable AirPlay Flaws Enable Zero-Click RCE on Apple Devices via Public Wi-Fi

Israeli firm Oligo has uncovered serious vulnerabilities in Apple’s AirPlay protocol—codenamed AirBorne—that could let attackers remotely hijack devices.

Chaining flaws like CVE-2025-24252 and CVE-2025-24132 enables zero-click RCE attacks, posing risks of ransomware and data breaches, especially on public networks. Apple has patched the flaws across iOS, macOS, and SDKs.

2. Europol Shuts Down Six DDoS-for-Hire Services Used in Global Attacks

Europol has dismantled six DDoS-for-hire platforms, arresting four suspects in Poland and seizing nine U.S.-hosted domains.

Services like cfxsecurity and quickdown enabled cyberattacks for as little as €10. The takedown is part of Operation PowerOFF, targeting illegal stress-testing sites that industrialize DDoS attacks.

3. FBI: End-of-life routers hacked for cybercrime proxy networks

The FBI has warned that obsolete routers are being hijacked by malware, notably TheMoon, and turned into proxies for 5Socks and Anyproxy networks.

These compromised devices, including old Linksys and Cisco models, are used to conceal cybercriminals’ activities. Users are urged to upgrade hardware or disable remote admin features and change credentials.

4. Education giant Pearson hit by cyberattack exposing customer data

Education giant Pearson has confirmed a cyberattack involving the theft of “legacy data” after hackers accessed internal systems via an exposed GitLab token.

The breach allegedly led to the theft of terabytes of sensitive data from cloud platforms and databases, affecting millions. Pearson has enhanced security measures but remains tight-lipped on specifics.

5. US school districts facing extortion attempt after hack, software provider says

PowerSchool has admitted paying a ransom after hackers stole sensitive student data—including Social Security numbers—in a 2024 breach. Now, threat actors are using that data to extort multiple U.S. school districts.

The education tech giant, serving 60 million students, said it acted in students’ best interests. The company, acquired by Bain Capital for $5.6 billion, remains under scrutiny as the impact of the breach continues to unfold.