Weekly Cybersecurity Recap - 19 May 2025

Introduction

This week in cybersecurity, threat actors continued to target critical sectors through advanced malware, while AI’s influence dominated both headlines and strategic boardroom conversations. From malicious open-source packages and botnet-driven DDoS attacks to a bold $20M bounty from Coinbase, here’s a breakdown of the top stories you need to know - organized by threats, attacks, and emerging trends.

Malware and Supply Chain Threats

Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads

Security researchers uncovered a PyPI package named solana-token that posed as a Solana blockchain utility. While it was eventually removed, it had already been downloaded 761 times. It contained malicious code to exfiltrate developer secrets and source code, indicating a targeted approach to compromise dev environments. Notably, the versioning scheme was manipulated to avoid detection, raising concerns about visibility in open-source repositories.

Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper

A deceptive npm package, os-info-checker-es6, used clever evasion techniques to drop second-stage malware. While its earlier versions were clean, a recent update embedded malicious code inside a "preinstall.js" script. This script cleverly used Unicode characters and Google Calendar events as a covert communication channel to resolve the attacker’s server IP address. The tactic not only evaded traditional detection but also demonstrated how common cloud services can be repurposed for stealth.

Chinese Hackers Hit Drone Sector in Supply Chain Attacks

Earth Ammit, a China-linked APT group, carried out coordinated supply chain attacks targeting drone manufacturers and partners in Taiwan and South Korea. These multi-wave campaigns occurred between 2023 and 2024, and were designed to compromise trust in the drone sector's ecosystem. The campaigns spanned multiple industries and demonstrated the geopolitical and strategic importance of controlling drone tech infrastructure.

Attacks and Incidents

New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors

HTTPBot, a newly discovered Windows-based botnet written in Golang, has launched more than 200 precision DDoS attacks. Most of these attacks were aimed at the gaming sector, particularly login and payment platforms, but also affected tech and educational institutions in China. Its use of HTTP protocols and strategic targeting of high-value services marks it as a sophisticated evolution in botnet threats.

Coinbase Extorted, Offers $20M for Info on Its Hackers

In an unusual twist, Coinbase has turned the tables on its attackers. After receiving a credible threat via email claiming access to sensitive customer data and internal systems, the crypto exchange filed with the SEC and publicly offered a $20M reward for information leading to the hackers. This move is unprecedented and could mark a shift in how major companies respond to extortion attempts.

Industry Trends and Strategy

33% of Moroccan Companies Warn AI Is Widening Cybersecurity Gaps

According to a PwC-backed AUSIM survey, one-third of Moroccan firms see AI as their top cybersecurity risk - outweighing even cloud vulnerabilities. This signals an emerging recognition of the unique challenges AI introduces, especially in regions rapidly digitizing their operations.

OT cybersecurity budgets shift toward strategy and resilience to meet rising threats, compliance demands

Rather than investing reactively in tools and patching legacy infrastructure, OT cybersecurity leaders are shifting toward long-term strategies. Spending is increasingly aligned with regulatory compliance, resilience planning, and protecting complex industrial systems from sophisticated threats like ransomware and nation-state actors.

AI is the greatest threat - and defense - in cybersecurity today. Here’s why.

At RSA Conference 2025, AI stole the spotlight—both as a looming threat and as a critical defensive technology. Discussions highlighted the dual role of agentic AI in both advancing threat capabilities and bolstering cyber defenses. While some organizations are embracing AI-powered solutions, others are still catching up on foundational elements like IAM and vulnerability management.