SAA Cyberattack, NightSpire Hits Egypt, Kenya Orders Worldcoin Data Deletion & More
Plus FBI warns of obsolete routers, LockBit ransomware gang hacked, and Google to pay over $1 billion for tracking Incognito searches.
Dear subscriber, welcome to this week’s edition of the Top Tech Security Brief:
In this week's Industry News, NSO Group has been ordered to pay $167 million to WhatsApp over a 2019 spyware attack. CrowdStrike is laying off 500 workers while pursuing a $10 billion ARR goal. Google is rolling out on-device AI protections and has agreed to a $1.375 billion settlement over location and biometric tracking violations. Meanwhile, LockBit’s leak site was hacked, exposing internal data, and Cisco’s new index reveals only 4% of firms meet mature cybersecurity standards.
Our African Stories report a confirmed cyberattack on South African Airways disrupting digital systems, and a ransomware attack on Egypt’s Future Microfinance Association. Kenya’s High Court has ordered Worldcoin to delete biometric data from over 300,000 citizens. African data regulators also met in Abuja to strengthen privacy frameworks and address AI-related data concerns.
In the Threats and Vulnerabilities section, the FBI warns of obsolete router exploitation, Cisco patched CVE-2025-20188 in IOS XE Wireless Controllers, rated CVSS 10. SonicWall fixed three critical flaws in SMA 100 devices enabling root access. OttoKit WordPress plugin is being exploited to create rogue admin accounts, and IXON VPN Client flaws are allowing privilege escalation on multiple platforms.
Let’s dive in!
Industry News
NSO Group Ordered to Pay $167 Million for WhatsApp Spyware Hack: A U.S. jury has ordered NSO Group to pay over $167 million in punitive damages to WhatsApp. The case stems from NSO’s 2019 spyware campaign targeting 1,400 users, including journalists and activists. Read more
CrowdStrike Says It Will Lay Off 500 Workers: CrowdStrike is laying off 500 employees, or 5% of its workforce, to streamline operations and meet its $10 billion ARR goal. Despite this, the company reported $1.38 billion in cash flow last year and plans to hire in key areas through January 2026. CEO George Kurtz said the changes will boost speed, efficiency, and leadership in cybersecurity. Read more
Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android: Google is deploying Gemini Nano, its on-device AI model, to detect scams in Chrome, Search, and Android. It boosts Safe Browsing by identifying deceptive pages, blocking scam notifications, and expanding detection to various fraud types. Read more
Google to Pay $1.375 Billion for Tracking Incognito Searches: Google will pay $1.375 billion to Texas to settle lawsuits over illegal location tracking and biometric data collection without consent. The record-breaking settlement underscores rising regulatory pressure and privacy demands, with Google introducing new user-controlled location privacy features. Read more
LockBit Ransomware Gang Hacked: LockBit’s dark web leak site was defaced on May 7, exposing a database containing internal chats, Bitcoin addresses, and affiliate details. The breach follows earlier takedowns and reveals tactics, ransom demands, and targeted backup systems used by the ransomware gang. Read more
Cisco Index Reveals Only 4% of Firms Achieve Mature Security: Cisco’s 2025 Cybersecurity Readiness Index shows only 4% of global organizations meet “mature” security standards, up just 1% from 2024. AI drives both innovation and risk, with 86% of firms reporting AI-related incidents and major gaps in employee awareness and infrastructure visibility. Read more
African Stories
South African Airways Confirmed a Cyber Attack: South African Airways experienced a cyber incident on 3 May 2025, affecting its website, mobile app, and some systems. Core services were restored the same day using disaster recovery protocols. Authorities were notified, and a forensic investigation is underway to determine the source and data impact. Read more
NightSpire Ransomware Group Hits Egypt’s Future Microfinance Association: Emerging group NightSpire claimed responsibility for a ransomware attack on Egypt's Future Microfinance Association, compromising 8GB of data. Exfiltrated files include financial records, HR data, and internal documents. The breach, first detected on April 30 and disclosed on May 5, is part of a larger campaign targeting Egypt’s financial sector. Read more
Kenya Court Orders Worldcoin to Delete Biometric Data Over Compliance Issues: Kenya’s High Court has directed Worldcoin to erase the iris and facial data of over 300,000 Kenyans within seven days. The court found Worldcoin's data collection violated the Data Protection Act. Read more
Africa’s Data Regulators Meet in Abuja to Push Stronger Privacy Frameworks: From May 6–8, 2025, African data regulators met in Abuja for the 8th NADPA-RAPDP Conference. Discussions focused on unifying regulations, securing the digital economy, and tackling AI privacy concerns. Read more
Threats and vulnerabilities
FBI Warns of Cybercriminal Exploitation of Obsolete Routers: The FBI warns that cybercriminals exploit end-of-life routers from Linksys, Cisco, and Cradlepoint using known vulnerabilities. These obsolete devices are hijacked into proxy botnets for malicious activity. Users should replace or secure them immediately. Read more
Cisco Patches CVE 2025-20188 in IOS XE that Enables Root Exploits Via JWT:
Cisco has patched CVE-2025-20188, a critical flaw in IOS XE Wireless Controllers, rated CVSS 10.0. It allows remote attackers to upload files and execute commands via a hard-coded JWT. Exploitation requires the Out-of-Band AP Image Download feature, which is disabled by default. Read more
SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root: SonicWall patched three SMA 100 vulnerabilities (CVE-2025-32819, 32820, 32821), enabling remote code execution via SSL-VPN user access.
Attackers can chain these flaws to gain root privileges and write to system directories. Update to version 10.2.1.15-81sv is strongly recommended. Read moreCritical Zero-Day in OttoKit WordPress Plugin Exploited to Create Rogue Admin Accounts: Hackers are actively exploiting CVE-2025-27007 in the OttoKit WordPress plugin to create rogue administrator accounts. The flaw, caused by a logic error in the API, allows unauthenticated privilege escalation. Users should upgrade to version 1.0.83 and inspect logs for compromise signs. Read more
IXON VPN Client Flaws Allow Local Privilege Escalation on Windows, Linux, and macOS: IXON VPN Client versions before 1.4.4 contain critical vulnerabilities (CVE-2025-26168, CVE-2025-26169) enabling local privilege escalation. Attackers can manipulate temporary configuration files to gain SYSTEM or root access on affected devices. Users should update to version 1.4.4 immediately and verify successful patching. Read more
Upcoming Events in Africa
IDC South Africa CIO Summit 2025 - May 13th, 2025 (South Africa)
Africa CyberFest 2025 - 31st May, 2025 (Nigeria)
Cyber Africa Forum 2025 - June 24-25, 2025 (Benin)
Check out the full list here.
Found this newsletter valuable?
Share this newsletter with your leadership teams, security professionals, and strategic partners.
Sharing enhances awareness, fosters collaboration, and strengthens the cybersecurity posture across the digital ecosystem.
Together, we can shape a safer, smarter cyber environment.
Follow us on:
Thank you for being a part of this community. Stay safe, stay informed!