75 Zero-Day Exploits Identified in 2024, Apple Warns 100 Countries on Spyware Attacks & More

Plus Meta to exit Nigeria over data violation fines, and Egypt’s National Social Insurance Authority breached.

May 05, 2025

Dear subscriber, welcome to this week’s edition of the Top Tech Security Brief:

In this week's Industry News, we cover Apple’s warning to users in 100 countries about targeted spyware attacks, small businesses emerging as the top targets for ransomware, and an Indian court’s order to block Proton Mail. We also report on a rise in zero-day exploits as reported by Google, a data breach at Co-op UK linked to DragonForce ransomware, and an Iranian espionage operation targeting Middle East infrastructure. Additionally, Microsoft unveils a new EU strategy focusing on cybersecurity and digital sovereignty.

Our African Stories highlight a breach of over 107,000 records from Egypt’s Social Insurance Authority, a confirmed cybersecurity breach at MTN Ghana affecting 5,700 customers, and KICTANet’s call for improvements to Kenya’s cybersecurity strategy. We also cover Meta’s threat to exit Nigeria over escalating fines and data rules, and Nigeria’s growing regulatory pressure on international tech companies.

In the Threats and Vulnerabilities section, we discuss critical vulnerabilities in React Router, Broadcom, Commvault, WordPress plugins, Apache Tomcat, and a surge in APT attacks across Asia. These vulnerabilities expose organizations to severe risks, and we advise immediate patching and preventive measures.

Let’s dive in!

Industry News

Apple Warns Users in 100 Countries of Targeted Spyware Attacks: Apple has alerted users, including an Italian journalist and Dutch activist, of government-linked spyware attacks. The warnings, issued in 100 countries, follow past incidents involving Israeli firm Paragon Solutions. Read more
Small Businesses Now Top Targets for Ransomware Attacks: The 2025 Verizon Data Breach Investigations Report reveals that ransomware is the primary malware threat for SMBs, accounting for 88% of breaches. In contrast, only 39% of such breaches in large enterprises involved ransomware. Smaller firms face increased risk due to limited defences, poor backups, and the targeting tactics of financially motivated actors. Read more
Indian Court Orders Blocking of Proton Mail: The Karnataka High Court has ordered the Indian government to block Proton Mail after M Moser Design Associates reported receiving obscene emails through the platform. The encrypted email provider allegedly refused to disclose the sender’s identity, citing privacy laws. This is the second time Indian authorities have sought to restrict Proton Mail over misuse concerns, despite past Swiss government intervention. Read more
Google Reports 75 Zero-Day Exploits in 2024, With Rise in Enterprise-Targeted Attacks: Google’s Threat Intelligence Group identified 75 zero-day vulnerabilities exploited in 2024—lower than 2023’s 98 but higher than 2022’s 68. Of these, 44% (33) targeted enterprise technologies such as security and network infrastructure, while 56% affected end-user platforms. Exploitation of Microsoft Windows and enterprise software rose sharply, with remote code execution and privilege escalation being the most exploited techniques. Read more
Co-op Disclosed Major Data Breach Following DragonForce Ransomware Attack: UK retailer Co-op confirmed that a cyberattack led to the theft of personal data from millions of past and current members. The breach, linked to DragonForce ransomware affiliates using Scattered Spider tactics, reportedly began on April 22 with a successful social engineering attack. Read more
Iranian Group Conducted Two-Year Espionage Operation on Middle East Infrastructure: An Iranian state-sponsored group, Lemon Sandstorm, executed a prolonged cyberespionage campaign targeting critical infrastructure in the Middle East from May 2023 to February 2025. Fortinet revealed the attack involved credential theft, web shells, and multiple custom backdoors, including Havoc, HanifNet, HXLibrary, and SystemBC. The attackers aimed to preposition within the network for strategic purposes. Read more
Microsoft Unveiled New EU Strategy with Focus on Cybersecurity and Digital Sovereignty: Microsoft announced five digital pledges to enhance cybersecurity, legal resilience, and AI innovation across Europe. The strategy includes a 40% increase in European data centre capacity within two years and localised partnerships to ensure EU data control. Read more

African Stories

Over 107,000 Records Breached from Egypt’s Social Insurance Authority: Over 107,000 records from Egypt’s National Social Insurance Authority have reportedly been leaked on the dark web, exposing sensitive personal data, including national IDs and plaintext passwords. Read more
MTN Ghana Confirms Cybersecurity Breach Impacting 5,700 Customers: MTN Ghana confirmed the data breach targeted at their parent company, MTN Group, potentially affected 5,700 customers. Systems remain operational as investigations continue, with affected users to be contacted directly. Read more
KICTANet Pushes for Changes to Kenya’s Draft Cybersecurity Strategy: KICTANet submitted a comprehensive memorandum urging Kenya to adopt a balanced, inclusive cybersecurity strategy focusing on prevention, resilience, capacity building, and rights protection. Read more
Meta Threatens to Exit Nigeria Over $290M Fines and Data Rules: Meta warns of halting Facebook and Instagram in Nigeria amid escalating fines and strict data transfer rules. Nigerian regulators demand compliance with local data protection laws, which Meta calls excessive and impractical. Read more

Threats and vulnerabilities

React Router Vulnerabilities Let Attackers Spoof Contents & Modify Values: Two high-severity vulnerabilities (CVE-2025-43864 and CVE-2025-43865) in React Router versions 7.0 to 7.5.1 allow attackers to corrupt content and poison server-side caches. These flaws exploit malicious headers to force SPA mode or spoof pre-rendered data. No privileges or user interaction are required. Version 7.5.2 patches both issues. Read more
CISA Adds Broadcom and Commvault Flaws to Exploited Vulnerabilities List: CISA included CVE-2025-1976 and CVE-2025-3928 in its KEV catalog due to confirmed exploitation. CVE-2025-1976 allows code execution via IP validation flaws in Broadcom Brocade Fabric OS (v9.1.0 to 9.1.1d6). CVE-2025-3928 enables remote code execution in Commvault Web Server with valid credentials. Affected software versions have been patched. Read more
Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers: Researchers uncovered a fake WordPress security plugin, WP-antymalwary-bot.php, that enables admin access, spreads malware, and injects malicious ads. The plugin hides in themes and reactivates via a malicious wp-cron.php. Additional campaigns involve a fake font domain skimmer and a reverse proxy PHP disguised as a GIF file to steal data from Magento sites. Read more
Apache Tomcat Vulnerability (CVE-2025-31650) Triggers DoS via Malformed HTTP Headers: A high-severity vulnerability in Apache Tomcat affects versions 9.0.76–9.0.102, 10.1.10–10.1.39, and 11.0.0-M2–11.0.5. Attackers can exploit improper handling of HTTP Priority headers to cause memory leaks, resulting in denial-of-service conditions. No authentication is needed to trigger the flaw. Read more
Surge in APT Attacks Across Asia Targets Government Agencies and Financial Institutions: In March 2025, NSFOCUS Fuying Laboratory identified 19 distinct APT campaigns targeting South and East Asia, with government agencies comprising 47% of victims. Spear phishing emails were the primary attack method, followed by direct server exploitation. APT37 and Lazarus groups were notably active, using weaponized documents and exploiting server vulnerabilities. Read more
North Korean IT Workers Infiltrating Fortune 500 Companies Raise Alarm at RSA Conference: At the 2025 RSA Conference, cybersecurity experts revealed that North Korean IT workers are infiltrating global organizations, including U.S. political campaigns and Fortune 500 companies. These workers, often hired through front companies, exploit vulnerabilities for cyber espionage or extortion. Evidence suggests that North Korea's operations extend beyond the crypto industry, with concerns about stolen data and ransomware demands. Read more

Upcoming Events in Africa

BFSI Security Summit 2025 - 7th May, 2025 (South Africa)
IDC South Africa CIO Summit 2025 - May 13th, 2025 (South Africa)
Africa CyberFest 2025 - 31st May, 2025 (Nigeria)
Cyber Africa Forum 2025 - June 24-25, 2025 (Benin)

Check out the full list here.

Found this newsletter valuable?

Share this newsletter with your leadership teams, security professionals, and strategic partners.

Sharing enhances awareness, fosters collaboration, and strengthens the cybersecurity posture across the digital ecosystem.

Together, we can shape a safer, smarter cyber environment.

Follow us on:

Thank you for being a part of this community. Stay safe, stay informed!

Top Tech Security Brief