Weekly Cybersecurity Recap - 12 May 2025

Major Cyber Breaches, Vulnerabilities & Industry Updates

01 / Blog Article

Weekly Cybersecurity Recap - 12 May 2025
    Weekly Recap

    This Week in Cybersecurity

    FreeDrain's phishing empire exposed, Qilin ransomware dominates April’s threat landscape, LockBit’s secrets are leaked, and Google deploys AI to fight scams. We also look at WordPress plugin vulnerabilities, cyber-insurance trends, budget shifts toward AI, and a cyberattack on a major airline.

    Cybercrime and Phishing Campaigns

    38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases

    A sprawling phishing campaign named FreeDrain has been uncovered, involving over 38,000 subdomains mimicking cryptocurrency wallet interfaces to steal seed phrases. The infrastructure is hosted on cloud services like Amazon S3 and Azure Web Apps, making takedown efforts more complex. Researchers attribute the campaign to actors operating in the Indian Standard Time zone, working regular weekday hours based on GitHub activity tied to the lures.

    Ransomware and Data Breaches

    Qilin Ransomware Ranked Highest in April 2025 with 72 Data Leak Disclosures

    The Qilin ransomware family, also known as Agenda, has topped the ransomware charts for April, claiming responsibility for 72 data leaks. Leveraging malware like SmokeLoader and a custom .NET loader (NETXLOADER), Qilin continues to evolve. The group has been active since 2022 and recently released an enhanced variant dubbed Qilin.B, pushing it past rivals like Akira and Play in terms of attack volume.

    LockBit Ransomware Admin Panel Hacked, Leaks Reveal Inside Details

    A major disruption occurred when an administration panel used by LockBit was compromised. The attacker defaced the domain and released an archive containing internal communications, affiliate accounts, victim data, and Bitcoin wallet addresses. The breach provides rare insight into the workings of one of the world’s most notorious ransomware operations and could aid law enforcement in identifying operators and infrastructure.

    Vulnerabilities and Exploits

    OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws

    Security researchers warn of active exploitation targeting CVE-2025-27007, a critical privilege escalation vulnerability in the OttoKit (formerly SureTriggers) WordPress plugin. With over 100,000 installations affected, users are urged to update beyond version 1.0.82 immediately to avoid compromise.

    AI, Scam Detection & Tech Trends

    Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android

    Google is deploying Gemini Nano, its on-device AI model, to power new scam-detection features in Chrome and Android. Initially targeting remote tech support scams, the AI will enhance Safe Browsing capabilities and make scam detection faster and more private by processing data on the device itself. Chrome 137 for desktops is the first to receive the upgrade.

    Generative AI tops cybersecurity in 2025 tech budget priorities, new AWS study finds

    A new AWS report reveals that 45% of IT leaders have made generative AI their top spending priority for 2025, surpassing cybersecurity. The findings reflect a growing shift in enterprise focus, driven by rapid innovation in AI capabilities and a desire to gain competitive edge through automation and intelligent systems.

    Cyber Insurance & Industry Trends

    Email-Based Attacks Top Cyber-Insurance Claims

    According to Coalition’s 2025 Cyber Claims Report, email-based threats like business email compromise (BEC) and funds transfer fraud (FTF) drove 60% of all claims in 2024. BEC-related incidents saw a 23% increase in severity, costing organizations an average of $35,000 per attack. The report underscores how phishing and email fraud remain dominant vectors for financially damaging cyberattacks.

    Regional Incident

    A cyber attack briefly disrupted South African Airways operations

    South African Airways confirmed that its website, app, and IT systems were impacted by a cyberattack. Fortunately, the airline’s core flight operations continued unaffected. The IT team responded swiftly, mitigating further disruption and restoring system functionality without long-term downtime.

    02/ Related Posts

    view all
    Weekly Recap Weekly Recap

    Weekly Cybersecurity Recap - 24 March 2025

    This Week in Cybersecurity: Phishing, Ransomware, and a $32B Acquisition

    Weekly Recap Weekly Recap

    Weekly Cybersecurity Recap - 7 April 2025

    AI Weaknesses, Airport Ransomware, Cloud Gaps & Phishing PhaaS

    Weekly Recap Weekly Recap

    Weekly Cybersecurity Recap - 14 April 2025

    Fake Apps, Data Leaks, Ransomware Tactics & WordPress Plugin Exploits

    Weekly Recap Weekly Recap

    Weekly Cybersecurity Recap - 21 April 2025

    Multi-stage malware, GPS spoofing, ClickFix campaigns, and Shadow AI adoption—this week’s cybersecurity recap has it all

    Weekly Recap Weekly Recap

    Weekly Cybersecurity Recap - 28 April 2025

    QR code scams, GenAI hallucinations, mobile spyware, and double extortion — it’s another action-packed week in cybersecurity.

    Weekly Recap Weekly Recap

    Weekly Cybersecurity Recap - 5 May 2025

    TikTok fined €530M, hackers breach CNI, and top 2025 cyber threats – your weekly cyber update

    Weekly Recap Weekly Recap

    Weekly Cybersecurity Recap - 19 May 2025

    Botnets, Bounties, and the AI Balancing Act

    Weekly Recap Weekly Recap

    Weekly Cybersecurity Recap - 26 May 2025

    Fake Installers, Ransomware Fallout & Malicious Extensions: Last Week’s Cyber Recap

    Weekly Recap Weekly Recap

    Weekly Cybersecurity Recap - 2 June 2025

    Malware campaigns, breaches, and the $111B cloud security boom

    Protect your business with Paratus

    Ready to get started? Fill out the form below and we'll get back to you in no time!

    To: Paratus

    risk decrease

    96% Risks from dealing with clients and traders decrease by 96%