
Weekly Cybersecurity Recap - 24 March 2025
This Week in Cybersecurity: Phishing, Ransomware, and a $32B Acquisition
Major Cyber Breaches, Vulnerabilities & Industry Updates
FreeDrain's phishing empire exposed, Qilin ransomware dominates April’s threat landscape, LockBit’s secrets are leaked, and Google deploys AI to fight scams. We also look at WordPress plugin vulnerabilities, cyber-insurance trends, budget shifts toward AI, and a cyberattack on a major airline.
38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
A sprawling phishing campaign named FreeDrain has been uncovered, involving over 38,000 subdomains mimicking cryptocurrency wallet interfaces to steal seed phrases. The infrastructure is hosted on cloud services like Amazon S3 and Azure Web Apps, making takedown efforts more complex. Researchers attribute the campaign to actors operating in the Indian Standard Time zone, working regular weekday hours based on GitHub activity tied to the lures.
Qilin Ransomware Ranked Highest in April 2025 with 72 Data Leak Disclosures
The Qilin ransomware family, also known as Agenda, has topped the ransomware charts for April, claiming responsibility for 72 data leaks. Leveraging malware like SmokeLoader and a custom .NET loader (NETXLOADER), Qilin continues to evolve. The group has been active since 2022 and recently released an enhanced variant dubbed Qilin.B, pushing it past rivals like Akira and Play in terms of attack volume.
LockBit Ransomware Admin Panel Hacked, Leaks Reveal Inside Details
A major disruption occurred when an administration panel used by LockBit was compromised. The attacker defaced the domain and released an archive containing internal communications, affiliate accounts, victim data, and Bitcoin wallet addresses. The breach provides rare insight into the workings of one of the world’s most notorious ransomware operations and could aid law enforcement in identifying operators and infrastructure.
OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws
Security researchers warn of active exploitation targeting CVE-2025-27007, a critical privilege escalation vulnerability in the OttoKit (formerly SureTriggers) WordPress plugin. With over 100,000 installations affected, users are urged to update beyond version 1.0.82 immediately to avoid compromise.
Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
Google is deploying Gemini Nano, its on-device AI model, to power new scam-detection features in Chrome and Android. Initially targeting remote tech support scams, the AI will enhance Safe Browsing capabilities and make scam detection faster and more private by processing data on the device itself. Chrome 137 for desktops is the first to receive the upgrade.
Generative AI tops cybersecurity in 2025 tech budget priorities, new AWS study finds
A new AWS report reveals that 45% of IT leaders have made generative AI their top spending priority for 2025, surpassing cybersecurity. The findings reflect a growing shift in enterprise focus, driven by rapid innovation in AI capabilities and a desire to gain competitive edge through automation and intelligent systems.
Email-Based Attacks Top Cyber-Insurance Claims
According to Coalition’s 2025 Cyber Claims Report, email-based threats like business email compromise (BEC) and funds transfer fraud (FTF) drove 60% of all claims in 2024. BEC-related incidents saw a 23% increase in severity, costing organizations an average of $35,000 per attack. The report underscores how phishing and email fraud remain dominant vectors for financially damaging cyberattacks.
A cyber attack briefly disrupted South African Airways operations
South African Airways confirmed that its website, app, and IT systems were impacted by a cyberattack. Fortunately, the airline’s core flight operations continued unaffected. The IT team responded swiftly, mitigating further disruption and restoring system functionality without long-term downtime.
This Week in Cybersecurity: Phishing, Ransomware, and a $32B Acquisition
AI Weaknesses, Airport Ransomware, Cloud Gaps & Phishing PhaaS
Fake Apps, Data Leaks, Ransomware Tactics & WordPress Plugin Exploits
Multi-stage malware, GPS spoofing, ClickFix campaigns, and Shadow AI adoption—this week’s cybersecurity recap has it all
QR code scams, GenAI hallucinations, mobile spyware, and double extortion — it’s another action-packed week in cybersecurity.
TikTok fined €530M, hackers breach CNI, and top 2025 cyber threats – your weekly cyber update
Botnets, Bounties, and the AI Balancing Act
Fake Installers, Ransomware Fallout & Malicious Extensions: Last Week’s Cyber Recap
Malware campaigns, breaches, and the $111B cloud security boom
Ready to get started? Fill out the form below and we'll get back to you in no time!
risk decrease
To: Paratus
Thank you for reaching out to us. Your request has been received, and we will get back to you within the next 24 hours. Alternatively, you can also reach us at [email protected]
To: Paratus
To: Paratus