Europol Dark Web Arrest, Devman Strikes on Africa, Meta Gets OK to Use EU Data, Cetus Hack & More
Plus, hackers spread malware via TikTok, and the FBI warns Commvault zero-day vulnerability.
Dear subscriber, welcome to this week’s edition of the Top Tech Security Brief:
In this week’s Industry News, Meta gained approval from the Irish Data Protection Commission to use EU adult data to train its large language model, following privacy-related adjustments. Also, Europol’s Operation RapTor resulted in the arrest of 270 dark web vendors and buyers across ten countries. Attackers are using AI-generated TikTok videos to spread Latrodectus malware, which executes stealthy PowerShell commands to evade detection.
In our African Stories, Kenya’s National Social Security Fund (NSSF) was targeted by the Devman ransomware group, demanding $4.5 million; officials confirmed only attempted access with no data breach. South Africa’s Netstar allegedly faced a ransomware attack by the same group (Devman ransomware group), with claims of data exfiltration.
In the Threats and Vulnerabilities section, CISA warned of active exploitation of a Commvault zero-day (CVE-2025-3928) affecting M365 backups. Cybersecurity researchers flagged AWS default IAM roles as a privilege escalation risk. The FBI warned of Luna Moth extortion attacks using social engineering against law firms and many more.
Let’s dive in!
Industry News
Meta Gains Permission to Use EU Data for LLM Training: Meta received approval from the Irish Data Protection Commission (DPC) to use data from EU adults to train its large language model. The company submitted the proposal in March 2024. Although the DPC initially raised concerns, Meta addressed them through specific adjustments. Following these changes, the regulator granted formal permission for the data processing to proceed. Read more
Europol Arrests 270 Dark Web Vendors and Buyers in Operation RapTor: A global law enforcement operation coordinated by Europol has struck a major blow to the criminal underground, with 270 arrests of dark web vendors and buyers across ten countries. Known as Operation RapTor, this international sweep has dismantled networks trafficking in drugs, weapons, and counterfeit goods, sending a clear signal to criminals hiding behind the illusion of anonymity. Read more
Attackers Are Leveraging TikTok to Spread Malware: Latrodectus malware now spreads via ClickFix, executing malicious PowerShell commands in memory to evade detection. Attackers use TikTok videos—likely AI-generated—to trick users into installing info-stealing malware like Vidar and StealC. Read more
Hackers Stole $223 million from Cetus Protocol: The decentralized exchange and concentrated liquidity protocol, Cetus Protocol, confirmed last week that an attacker has stolen approximately $223M from their system. The company claims to have paused $162M of the compromised funds and is actively working to restore the remaining. Read more
Apple Pushes Back on Texas Age-Verification Bill: Apple CEO Tim Cook urged Texas to veto a bill requiring age verification for device users. Apple argues it threatens user privacy. The bill ties minors' app accounts to parents. Similar laws are under review in nine states. Read more
Qakbot Leader Indicted by U.S. Authorities: Rustam Gallyamov, leader of the Qakbot malware operation, was indicted for enabling global ransomware attacks. Active since 2008, Qakbot infected 700,000+ systems and caused over $58 million in damages. Read more
African Stories
Devman Ransomware Group Attacked Kenya’s NSSF: Kenya’s National Social Security Fund (NSSF) reportedly suffered a ransomware breach, where attackers demanded $4.5 million to prevent the exposure of stolen data on the dark web. However, authorities confirmed the detection of traces of an attempted attack but no data was stolen.
South Africa’s Netstar Allegedly Suffered a Ransomware Attack, Devman Ransomware Group Behind: South African vehicle-tracking firm Netstar allegedly suffered a ransomware attack. Hackers claim to have encrypted files and exfiltrated employee and third-party data, exposing sensitive information. The threat group "devman" claims responsibility and demands a $1.2 million ransom payment. Read more
The West African Internet Governance Forum (WAIGF) 2025 took place in Nigeria: The 17th West Africa Internet Governance Forum (WAIGF) convened from May 19 to 23, 2025, in Abuja, Nigeria. The event, themed "Building a Resilient, Inclusive, and Safe Digital Future for West Africa," brought together diverse stakeholders to deliberate on digital policy and governance in the region. Read more
Tanzania Police X Account Got Hacked: The X(formerly Twitter) account of the Tanzania Police was compromised and used as an avenue to spread false news concerning the death of the country’s current president. Read more
Threats and vulnerabilities
Companies Warned of Commvault Zero-Day Vulnerability Exploitation: CISA warned of nation-state threat actors exploiting a Commvault zero-day (CVE-2025-3928) in its Azure-hosted Microsoft 365 (M365) backup SaaS, enabling unauthorized access to stored app secrets. The breach is part of a wider campaign targeting SaaS with default settings and elevated permissions. No backup data was compromised. Read more
AWS Default IAM Roles Pose Privilege Escalation and Lateral Movement Risks: Cybersecurity researchers have discovered risky default identity and access management (IAM) roles impacting Amazon Web Services that could open the door for attackers to escalate privileges, manipulate other AWS services, and, in some cases, even fully compromise AWS accounts. Read more
FBI Warns Of Luna Moth Extortion Attacks Targeting Law Firms: The FBI warns the Silent Ransom Group (SRG) targets U.S. law firms with callback phishing and social engineering. Active since 2022, SRG impersonates IT support to gain remote access, exfiltrates data using tools like WinSCP and Rclone, and demands ransoms to prevent data leaks. Read more
Attackers Create Malware in Minutes with Venice.ai: A new artificial intelligence platform called Venice.ai is raising serious cybersecurity concerns after researchers discovered it can generate functional malware, phishing emails, and sophisticated cyberattack tools with minimal user expertise. Read more
Critical ModSecurity Zero-Day Puts Apache Servers at DoS Risk: CVE-2025-47947 affects ModSecurity’s Apache module (mod_security2), enabling attackers to trigger denial-of-service with a single JSON request. The flaw impacts all versions up to 2.9.8 and has been patched in version 2.9.9. Immediate updates are urged due to high exploitation risk. Read more
Help Us Improve: Share Your Thoughts on Our Newsletter
We kindly ask that you fill out this survey to help us improve our content.
It’s a four-question survey — won’t take much of your time.
Upcoming Events in Africa
Africa CyberFest 2025 - 31st May, 2025 (Nigeria)
Cyber Africa Forum 2025 - June 24-25, 2025 (Benin)
Check out the full list here.
Found this newsletter valuable?
Share this newsletter with your leadership teams, security professionals, and strategic partners.
Sharing enhances awareness, fosters collaboration, and strengthens the cybersecurity posture across the digital ecosystem.
Together, we can shape a safer, smarter cyber environment.
Follow us on:
Thank you for being a part of this community. Stay safe, stay informed!