Anti-Piracy Crackdown in Malawi, AI Scams in South Africa, Mediclinic Breach, and AfIGF 2025 Highlights
Plus Australia mandates ransomware reporting, Adidas discloses breach and NIST launches new LEV metric.
Hello and warm greetings.
In this week's Industry News, we highlight Australia’s new mandatory ransomware payment reporting law, Adidas' third-party data breach disclosure, ConnectWise’s probe into a nation-state attack, the White House’s investigation into a cyber breach involving Trump’s chief of staff, and NIST’s introduction of a new LEV metric for vulnerability assessment.
Our African Stories feature major developments including MultiChoice and COSOMA’s first anti-piracy crackdown in Malawi, the Everest ransomware group’s claim of breaching South Africa’s Mediclinic Group, the WHO-led expansion of a continental disease surveillance initiative, Binance’s warning on AI-powered scams targeting South Africans, and highlights from the 2025 African Internet Governance Forum held in Tanzania.
In Threats and Vulnerabilities, we cover critical security concerns such as an unpatched vulnerability in the TI WooCommerce Wishlist plugin, a fake Bitdefender site spreading VenomRAT malware, a stealth hacking campaign compromising 9,000 ASUS routers, a critical XSS flaw in Argo CD, and a nation-state-linked Commvault SaaS attack exposing Microsoft 365 credentials.
Let’s dive in!
Industry News
Australia Enforces Mandatory Ransomware Payment Reporting: Australia now requires private organizations earning over AUS $3 million to report ransomware payments within 72 hours. Public agencies are exempt. The rule aims to boost ransomware visibility and deterrence. Read more
Adidas Disclosed Data Breach Through Third-Party Provider: Adidas confirmed a data breach exposing customer contact details via a third-party provider. Data belonging to customers who contacted the help desk in the past were compromised. However, no payment data was compromised. Read more
ConnectWise Probes Nation-State Cyberattack Targeting ScreenConnect Users: ConnectWise is investigating a suspected nation-state attack affecting some ScreenConnect customers. China and Russia previously exploited related flaws. Mandiant and law enforcement are involved in the ongoing response. Read more
White House Investigates Cyber Breach Targeting Trump’s Chief of Staff: The White House is reportedly investigating one or more people who accessed the contacts from the personal phone of White House chief of staff Susie Wiles, and used the information to contact other top officials and impersonate her. Read more
NIST Introduces ‘Likely Exploited Vulnerabilities’ Metric to Refine Patch Prioritization: NIST introduced the Likely Exploited Vulnerabilities (LEV) metric to assess if vulnerabilities have been exploited. LEV builds on the Exploit Prediction Scoring System (EPSS) to enhance vulnerability prioritization. It complements KEV lists but has limitations, including an unknown margin of error and reliance on EPSS data. Read more
African Stories
MultiChoice and COSOMA Launch Malawi’s First Anti-Piracy Crackdown: MultiChoice, COSOMA, and Malawi Police conducted anti-piracy training and a successful enforcement raid in Lilongwe on 21 May 2025. Two suspects were arrested and illegal streaming equipment seized. The initiative aims to strengthen content protection and curb digital piracy risks in Malawi. Read more
Everest Hackers Claim Breach of South Africa’s Mediclinic Group: Everest ransomware group claims to have exfiltrated 4GB of internal data and personal records of 1,000 employees from Mediclinic Group. The hackers gave a five-day ultimatum before a potential data leak. Read more
W.H.O Expands Disease Surveillance Program Across 7 African Nations: The World Health Organization (WHO), Africa Centres for Disease Control and Prevention (Africa CDC), and the Robert Koch Institute (RKI) expand the Health Security Partnership to 7 African countries. The initiative will run from 2025 to 2028, enhancing epidemic intelligence, biorisk management, and genomic surveillance to improve health threat detection and response. Read more
Binance Warns of AI-Powered Crypto Scams Targeting South Africans: Binance reports a surge in AI-driven scams in South Africa, including deepfakes and facial recognition attacks. Over 60% of local firms face AI-linked fraud. Binance is boosting biometric security, law enforcement collaboration, and user education to counter threats. Read more
The 14th Edition of Africa’s Internet Governance Forum 2025 Took Place in Tanzania: The 2025 African Internet Governance Forum (AfIGF) was held from May 29–31 in Dar es Salaam, Tanzania. Stakeholders gathered to discuss key digital priorities, including cybersecurity, AI, data governance, connectivity, and digital cooperation. The forum highlighted Africa’s commitment to inclusive and secure digital transformation across the continent.
Threats and vulnerabilities
Critical Unpatched Vulnerability Found in TI WooCommerce Wishlist Plugin: A critical flaw (CVE-2025-47577) in the TI WooCommerce Wishlist plugin affects over 100,000 WordPress sites. The vulnerability, rated CVSS 10.0, allows unauthenticated file uploads leading to remote code execution. Exploitation is only possible when the WC Fields Factory plugin is also active. No official patch exists as of now. Read more
Fake Bitdefender Website Used to Spread Infostealer Malware: Cybercriminals are distributing VenomRAT malware via a fake Bitdefender download page to steal financial and crypto credentials. Victims download a malicious archive disguised as antivirus software. The payload includes VenomRAT, SilentTrinity, and StormKitty for access, data theft, and persistence. Bitdefender is working with partners to remove the rogue site. Read more
9,000 ASUS Routers Compromised in Persistent Stealth Hacking Campaign: Hackers have covertly compromised over 9,000 ASUS routers using advanced persistence techniques without deploying malware. GreyNoise researchers uncovered the campaign, which abuses legitimate router features to establish backdoors that survive firmware updates. Attackers exploit CVE-2023-39780 and unpatched zero-days to gain access, disable logs, and create SSH access via custom ports. Read more
Critical XSS Vulnerability in Argo CD Threatens Kubernetes Resource Integrity: CVE-2025-47933, a critical XSS flaw in Argo CD, allows attackers to inject malicious JavaScript into repository links. Exploitation enables creation, modification, and deletion of Kubernetes resources. The vulnerability affects versions 1.2.0-rc1 to recent unpatched builds, with a CVSS score of 9.1. Patch deployment is urgently recommended. Read more
Commvault SaaS Attack Exposes Microsoft 365 Credentials in Nation-State-Linked Campaign: A threat actor exploited CVE-2025-3928 in Commvault’s Metallic platform to access stored Microsoft 365 credentials. CISA linked this to a broader campaign targeting SaaS misconfigurations. Commvault patched the flaw and confirmed no backup data compromise. Enhanced monitoring and security measures were deployed to mitigate further risk. Read more
Found this newsletter valuable?
Share it with your network—colleagues, peers, and professionals who care about cybersecurity in Africa and globally.
Together, we can raise awareness, drive collaboration, and build a more secure digital ecosystem.
Follow us on:
Thank you for being a part of this community. Stay safe, stay informed!