Weekly Recap
Weekly Cybersecurity Recap - 24 March 2025
This Week in Cybersecurity: Phishing, Ransomware, and a $32B Acquisition
Weekly Cybersecurity Recap - 22 June 2026
Rising Ransomware Activity, Supply Chain Risks, and Critical Vulnerabilities Under Active Exploitation
By Paratus
Marketing Team
01 / Blog Article
Weekly Cybersecurity Recap - 22 June 2026
Introduction
Artificial intelligence, ransomware operations, software supply chain attacks, and actively exploited vulnerabilities continued to dominate the cybersecurity landscape last week. Organizations faced mounting pressure as threat actors accelerated exploitation timelines, targeted software development ecosystems, and expanded ransomware campaigns across industries. At the same time, defenders were challenged to secure increasingly complex environments where cloud infrastructure, developer tools, and AI-powered technologies have become attractive attack surfaces.
Last week’s developments highlight how modern cyber threats are evolving beyond traditional malware and phishing campaigns. From the rise of the INC ransomware operation and banking-focused credential theft campaigns to supply chain compromises impacting AI frameworks and software repositories, attackers are increasingly targeting trusted systems and development pipelines. Meanwhile, newly disclosed vulnerabilities in Splunk, Fortinet, and NGINX were rapidly weaponized, underscoring the critical importance of timely patching, proactive monitoring, and resilient security practices.
Ransomware and Cybercrime Trends
INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023
Cybersecurity researchers have documented the rapid growth of INC ransomware from a developing ransomware-as-a-service operation into one of the most prolific cybercrime groups active today. Since August 2023, the group has claimed more than 830 victims. Its Windows and Linux/ESXi encryptors have been rewritten in Rust, improving cross-platform capabilities while making analysis more difficult. Researchers also observed the use of updated credential-dumping tools capable of targeting modern Veeam backup deployments that utilize salted DPAPI credential encryption.
Kodak Admits Data Breach After ShinyHunters Hack Claims
Commercial printing and imaging company Kodak confirmed a data breach after the ShinyHunters cybercrime group claimed responsibility for stealing company data. The attackers alleged they obtained more than 2.2 million customer records and additional corporate information. After publicly listing Kodak on its leak site, the group threatened to release the data unless a ransom was paid, highlighting the continued use of double-extortion tactics by modern cybercriminal organizations.
Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2
Microsoft disclosed details of a sophisticated cryptocurrency-focused malware campaign active since February 2026. The operation deploys clipboard-intercepting malware designed to replace cryptocurrency wallet addresses during transactions. The malware also includes self-propagation capabilities using USB LNK worms and leverages the Tor network to conceal command-and-control communications, making detection and attribution more difficult.
Phishing Campaign Targets Banks with Fileless Phantom Stealer Malware
Researchers at Fortra Intelligence and Research Experts identified an active phishing campaign targeting banking institutions and other high-value organizations. The campaign distributes Phantom Stealer, a malware-as-a-service infostealer designed to collect credentials, financial information, and other sensitive data. Threat actors use evasive techniques and a subscription-based criminal business model, reflecting the continued professionalization of the cybercrime ecosystem.
Supply Chain Security
Mastra AI Framework Poisoned in npm Supply-Chain Attack
Microsoft’s threat intelligence team revealed a supply chain compromise involving packages within the Mastra AI framework ecosystem. The attack appears to have begun after threat actors gained access to legitimate Mastra credentials, allowing them to publish malicious package updates. Because Mastra is widely used to develop AI agents, workflows, and retrieval-augmented generation systems, the compromise demonstrates the growing focus on AI-related software ecosystems as high-value supply chain targets.
Novo Nordisk Breach Exposes Software Development Pipeline Risk
A significant breach at Novo Nordisk reportedly originated from the compromise of a single GitHub access token. The incident highlights how code repositories and development environments have become critical attack vectors for adversaries seeking intellectual property, credentials, and opportunities to compromise software supply chains. The case reinforces the need for stronger controls around developer credentials and repository access management.
Vulnerabilities and Exploitation
Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure
Organizations are being urged to patch a critical Splunk Enterprise vulnerability after attackers began exploiting it shortly after public disclosure. Tracked as CVE-2026-20253, the flaw allows unauthenticated attackers to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The rapid weaponization of the vulnerability demonstrates the shrinking window between disclosure and active exploitation.
Critical vulnerabilities in Fortinet FortiSandbox are under exploitation
Researchers reported active exploitation of three critical vulnerabilities affecting Fortinet FortiSandbox, an AI-powered malware analysis platform. The flaws provide attackers with opportunities to compromise systems responsible for identifying and analyzing advanced threats, potentially weakening an organization's defensive capabilities if left unpatched.
F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution
F5 released security updates addressing two critical vulnerabilities in NGINX Open Source that could allow remote code execution on affected systems. While there is currently no evidence of active exploitation, F5 products have historically been attractive targets for threat actors, making timely patching essential for organizations relying on NGINX-based infrastructure.
AI and Cybersecurity Evolution
AI Resets the Cybersecurity Space
Artificial intelligence continues to reshape the cybersecurity market as major vendors expand platform-based security strategies across on-premises, cloud, and AI environments. Industry consolidation is accelerating as organizations seek integrated solutions capable of managing increasingly complex attack surfaces. The trend reflects how AI is becoming both a security enabler and a driving force behind changes in cybersecurity operations and investment priorities.
Weekly Recap
Weekly Recap
Weekly Cybersecurity Recap - 7 April 2025
AI Weaknesses, Airport Ransomware, Cloud Gaps & Phishing PhaaS
Weekly Recap
Weekly Cybersecurity Recap - 14 April 2025
Fake Apps, Data Leaks, Ransomware Tactics & WordPress Plugin Exploits
Weekly Recap
Weekly Cybersecurity Recap - 21 April 2025
Multi-stage malware, GPS spoofing, ClickFix campaigns, and Shadow AI adoption—this week’s cybersecurity recap has it all
Weekly Recap
Weekly Cybersecurity Recap - 28 April 2025
QR code scams, GenAI hallucinations, mobile spyware, and double extortion — it’s another action-packed week in cybersecurity.
Weekly Recap
Weekly Cybersecurity Recap - 5 May 2025
TikTok fined €530M, hackers breach CNI, and top 2025 cyber threats – your weekly cyber update
Weekly Recap
Weekly Cybersecurity Recap - 12 May 2025
FreeDrain Crypto Phishing, Qilin Ransomware Surge & Google’s AI Moves
Weekly Recap
Weekly Cybersecurity Recap - 19 May 2025
Botnets, Bounties, and the AI Balancing Act
Weekly Recap
Weekly Cybersecurity Recap - 26 May 2025
Fake Installers, Ransomware Fallout & Malicious Extensions: Last Week’s Cyber Recap
Weekly Recap
Weekly Cybersecurity Recap - 2 June 2025
Malware campaigns, breaches, and the $111B cloud security boom
Weekly Recap
Weekly Cybersecurity Recap - 9 June 2025
From a massive AT&T data leak to new macOS malware and a takedown of a notorious carding site - here's what happened last week.
Weekly Recap
Weekly Cybersecurity Recap - 16 June 2025
Discord Malware, Salesforce Risks, SME Pressures and more
Weekly Recap
Weekly Cybersecurity Recap - 23 June 2025
Cybercriminal Innovation, Record-Breaking DDoS, and Retail Breaches - What You Missed Last Week
Weekly Recap
Weekly Cybersecurity Recap - 30 June 2025
Emerging Quantum Threats, UAE Cyber Trends, and Critical Exploits – Last Week’s Cybersecurity Recap
Weekly Recap
Weekly Cybersecurity Recap - 7 July 2025
Weekly Cybersecurity Recap: AI-Enhanced Phishing, Android Fraud, and Emerging Risks
Weekly Recap
Weekly Cybersecurity Recap - 14 July 2025
Weekly Cybersecurity Recap: Human Weakness, AI Risks, and Critical Vulnerabilities
Weekly Recap
Weekly Cybersecurity Recap - 11 August 2025
Weekly Cybersecurity Recap: AI-Powered Scams, Vault Flaws, Airline Breaches & GPT-5 Jailbreaks
Weekly Recap
Weekly Cybersecurity Recap - 25 August 2025
Weekly Cybersecurity Recap: Wi-Fi Breaches, AI Risks, and Major Exploits
Weekly Recap
Weekly Cybersecurity Recap - 1 September 2025
AI Ransomware, WhatsApp Zero-Click Exploit, and Salesforce Credential Theft
Weekly Recap
Weekly Cybersecurity Recap - 8 September 2025
AI-powered Threats, Global Partnerships, Zero-Day Exploits & Record DDoS Attack
Weekly Recap
Weekly Cybersecurity Recap - 15 September 2025
npm Breach, Zero-Days, AI Jailbreaks and More
Weekly Recap
Weekly Cybersecurity Recap - 22 September 2025
AI-powered threats, airport cyberattacks, phishing surges & critical vulnerabilities
Weekly Recap
Weekly Cybersecurity Recap - 6 October 2025
Oracle Extortion, Red Hat Breach, and AI Browser Exploits
Weekly Recap
Weekly Cybersecurity Recap - 13 October 2025
New Malware Strains, Supply Chain Risks, and Massive Breaches
Weekly Recap
Weekly Cybersecurity Recap - 20 October 2025
Smart Contract Malware, Corporate Breaches, and Ransomware Disruptions
Weekly Recap
Weekly Cybersecurity Recap - 27 October 2025
GlassWorm Supply Chain Attack, WSUS Exploited, and a $2.5B JLR Fallout
Weekly Recap
Weekly Cybersecurity Recap - 3 November 2025
AI Advances, Cloud Disruptions, and Global Threat Campaigns
Weekly Recap
Weekly Cybersecurity Recap - 17 November 2025
AI Framework Flaws, Mass Supply Chain Abuse, and Rising Ransomware Complexity
Weekly Recap
Weekly Cybersecurity Recap - 24 November 2025
Cloud Outages, AI Botnets, 7-Zip Exploits, and Rising Gulf Security Spend
Weekly Recap
Weekly Cybersecurity Recap - 8 December 2025
AI Risks, RCE Threats, Supply-Chain Abuse & Global Outages
Weekly Recap
Weekly Cybersecurity Recap - 15 December 2025
Zero-Days, AI Risk Warnings, and Escalating Exploits
Weekly Recap
Weekly Cybersecurity Recap - 19 January 2026
Malware Innovation, Zero-Days, and Cloud-Focused Threats
Weekly Recap
Weekly Cybersecurity Recap - 26 January 2026
Identity Attacks, Exploited Trust, and Emerging Global Defenses
Weekly Recap
Weekly Cybersecurity Recap - 2 February 2026
Cyber Risks Escalate Across Industry, Infrastructure, and AI as Attack Surfaces Expand
Weekly Recap
Weekly Cybersecurity Recap - 9 February 2026
Credential Theft, Supply Chain Risks, and Critical Exploits
Weekly Recap
Weekly Cybersecurity Recap - 16 February 2026
From nation-state activity targeting defense infrastructure to malicious browser extensions with tens of millions of downloads, this week’s events highlight how digital risk continues to expand across ecosystems, platforms, and sectors.
Weekly Recap
Weekly Cybersecurity Recap - 23 February 2026
Cyber threats are accelerating across both national infrastructure and enterprise environments. While governments strengthen defensive posture against organized cyberattacks, ransomware operators and AI-enabled adversaries continue to compress response timelines and expand sector targeting.
Weekly Recap
Weekly Cybersecurity Recap - 2 March 2026
This week’s cybersecurity landscape highlights long-term zero-day exploitation, widespread infrastructure compromise, AI-assisted attacks, and escalating credential theft.
Weekly Recap
Weekly Cybersecurity Recap - 9 March 2026
These developments underscore the urgency for organizations to strengthen defenses across identity, infrastructure, and emerging technologies.
Weekly Recap
Weekly Cybersecurity Recap - 16 March 2026
From destructive malware warnings and supply-chain attacks targeting developer ecosystems to vulnerabilities in widely used enterprise platforms, organizations are facing a rapidly evolving threat landscape.
Weekly Recap
Weekly Cybersecurity Recap - 23 March 2026
The latest cybersecurity developments highlight a surge in critical vulnerabilities, targeted ransomware campaigns, and evolving threats tied to remote work and artificial intelligence.
Weekly Recap
Weekly Cybersecurity Recap - 30 March 2026
The past week highlights a cybersecurity landscape shaped by active exploitation, evolving phishing techniques, and growing concerns around artificial intelligence.
Weekly Recap
Weekly Cybersecurity Recap - 6 April 2026
From a sophisticated nation-state operation resulting in a $285 million loss to widespread abuse of open-source ecosystems, attackers are increasingly leveraging both technical and human vulnerabilities to maximize impact.
Weekly Recap
Weekly Cybersecurity Recap - 13 April 2026
From AI models deemed too powerful for public release to persistent weaknesses in cloud and industrial environments, organizations are being forced to rethink how they approach resilience, governance, and threat detection in an increasingly complex ecosystem.
Weekly Recap
Weekly Cybersecurity Recap - 20 April 2026
The cybersecurity landscape is entering a new phase where artificial intelligence is not only transforming defense strategies but also accelerating the scale and sophistication of attacks.
Weekly Recap
Weekly Cybersecurity Recap - 27 April 2026
The cybersecurity landscape is increasingly shaped by the convergence of artificial intelligence, identity-centric threats, and supply chain dependencies.
Weekly Recap
Weekly Cybersecurity Recap - 4 May 2026
The past week underscores a critical shift in cybersecurity, where speed, scale, and automation are redefining both attack and defense dynamics.
Weekly Recap
Weekly Cybersecurity Recap - 11 May 2026
This week also saw critical vulnerability disclosures affecting widely used platforms such as Ivanti EPMM and cPanel/WHM, reinforcing the urgency of patch management and proactive defense strategies.
Weekly Recap
Weekly Cybersecurity Recap - 18 May 2026
Artificial intelligence, identity compromise, and software supply-chain abuse continued to dominate the cybersecurity landscape last week, with organizations facing increasingly automated and fast-moving threats.
Weekly Recap
Weekly Cybersecurity Recap - 25 May 2026
Cybersecurity threats continue to evolve at an aggressive pace, with last week highlighting a dangerous mix of supply chain compromises, actively exploited vulnerabilities, and escalating attacks against critical industries.
Weekly Recap
Weekly Cybersecurity Recap - 1 June 2026
Last week’s cybersecurity developments once again highlighted the growing risks tied to software supply chains, credential theft, and social engineering attacks.
Weekly Recap
Weekly Cybersecurity Recap - 8 June 2026
Cybersecurity developments last week highlighted the growing convergence of AI, software supply chain risk, and enterprise resilience.
Weekly Recap
Weekly Cybersecurity Recap - 16 June 2026
Artificial intelligence, identity security, and active vulnerability exploitation continued to dominate the cybersecurity landscape last week.
Protect your business with Paratus
Ready to get started? Fill out the form below and we'll get back to you in no time!
risk decrease
96%
Risks from dealing with clients and traders decrease by 96%