Weekly Cybersecurity Recap - 12 May 2025

This Week in Cybersecurity

FreeDrain's phishing empire exposed, Qilin ransomware dominates April’s threat landscape, LockBit’s secrets are leaked, and Google deploys AI to fight scams. We also look at WordPress plugin vulnerabilities, cyber-insurance trends, budget shifts toward AI, and a cyberattack on a major airline.

Cybercrime and Phishing Campaigns

38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases

A sprawling phishing campaign named FreeDrain has been uncovered, involving over 38,000 subdomains mimicking cryptocurrency wallet interfaces to steal seed phrases. The infrastructure is hosted on cloud services like Amazon S3 and Azure Web Apps, making takedown efforts more complex. Researchers attribute the campaign to actors operating in the Indian Standard Time zone, working regular weekday hours based on GitHub activity tied to the lures.

Ransomware and Data Breaches

Qilin Ransomware Ranked Highest in April 2025 with 72 Data Leak Disclosures

The Qilin ransomware family, also known as Agenda, has topped the ransomware charts for April, claiming responsibility for 72 data leaks. Leveraging malware like SmokeLoader and a custom .NET loader (NETXLOADER), Qilin continues to evolve. The group has been active since 2022 and recently released an enhanced variant dubbed Qilin.B, pushing it past rivals like Akira and Play in terms of attack volume.

LockBit Ransomware Admin Panel Hacked, Leaks Reveal Inside Details

A major disruption occurred when an administration panel used by LockBit was compromised. The attacker defaced the domain and released an archive containing internal communications, affiliate accounts, victim data, and Bitcoin wallet addresses. The breach provides rare insight into the workings of one of the world’s most notorious ransomware operations and could aid law enforcement in identifying operators and infrastructure.

Vulnerabilities and Exploits

OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws

Security researchers warn of active exploitation targeting CVE-2025-27007, a critical privilege escalation vulnerability in the OttoKit (formerly SureTriggers) WordPress plugin. With over 100,000 installations affected, users are urged to update beyond version 1.0.82 immediately to avoid compromise.

AI, Scam Detection & Tech Trends

Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android

Google is deploying Gemini Nano, its on-device AI model, to power new scam-detection features in Chrome and Android. Initially targeting remote tech support scams, the AI will enhance Safe Browsing capabilities and make scam detection faster and more private by processing data on the device itself. Chrome 137 for desktops is the first to receive the upgrade.

Generative AI tops cybersecurity in 2025 tech budget priorities, new AWS study finds

A new AWS report reveals that 45% of IT leaders have made generative AI their top spending priority for 2025, surpassing cybersecurity. The findings reflect a growing shift in enterprise focus, driven by rapid innovation in AI capabilities and a desire to gain competitive edge through automation and intelligent systems.

Cyber Insurance & Industry Trends

Email-Based Attacks Top Cyber-Insurance Claims

According to Coalition’s 2025 Cyber Claims Report, email-based threats like business email compromise (BEC) and funds transfer fraud (FTF) drove 60% of all claims in 2024. BEC-related incidents saw a 23% increase in severity, costing organizations an average of $35,000 per attack. The report underscores how phishing and email fraud remain dominant vectors for financially damaging cyberattacks.

Regional Incident

A cyber attack briefly disrupted South African Airways operations

South African Airways confirmed that its website, app, and IT systems were impacted by a cyberattack. Fortunately, the airline’s core flight operations continued unaffected. The IT team responded swiftly, mitigating further disruption and restoring system functionality without long-term downtime.