
Weekly Cybersecurity Recap - 24 March 2025
This Week in Cybersecurity: Phishing, Ransomware, and a $32B Acquisition
Major Cyber Incidents, Vulnerabilities & Industry Updates
This week in cybersecurity, threat actors continued to target critical sectors through advanced malware, while AI’s influence dominated both headlines and strategic boardroom conversations. From malicious open-source packages and botnet-driven DDoS attacks to a bold $20M bounty from Coinbase, here’s a breakdown of the top stories you need to know - organized by threats, attacks, and emerging trends.
Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads
Security researchers uncovered a PyPI package named solana-token that posed as a Solana blockchain utility. While it was eventually removed, it had already been downloaded 761 times. It contained malicious code to exfiltrate developer secrets and source code, indicating a targeted approach to compromise dev environments. Notably, the versioning scheme was manipulated to avoid detection, raising concerns about visibility in open-source repositories.
Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper
A deceptive npm package, os-info-checker-es6, used clever evasion techniques to drop second-stage malware. While its earlier versions were clean, a recent update embedded malicious code inside a "preinstall.js" script. This script cleverly used Unicode characters and Google Calendar events as a covert communication channel to resolve the attacker’s server IP address. The tactic not only evaded traditional detection but also demonstrated how common cloud services can be repurposed for stealth.
Chinese Hackers Hit Drone Sector in Supply Chain Attacks
Earth Ammit, a China-linked APT group, carried out coordinated supply chain attacks targeting drone manufacturers and partners in Taiwan and South Korea. These multi-wave campaigns occurred between 2023 and 2024, and were designed to compromise trust in the drone sector's ecosystem. The campaigns spanned multiple industries and demonstrated the geopolitical and strategic importance of controlling drone tech infrastructure.
New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors
HTTPBot, a newly discovered Windows-based botnet written in Golang, has launched more than 200 precision DDoS attacks. Most of these attacks were aimed at the gaming sector, particularly login and payment platforms, but also affected tech and educational institutions in China. Its use of HTTP protocols and strategic targeting of high-value services marks it as a sophisticated evolution in botnet threats.
Coinbase Extorted, Offers $20M for Info on Its Hackers
In an unusual twist, Coinbase has turned the tables on its attackers. After receiving a credible threat via email claiming access to sensitive customer data and internal systems, the crypto exchange filed with the SEC and publicly offered a $20M reward for information leading to the hackers. This move is unprecedented and could mark a shift in how major companies respond to extortion attempts.
33% of Moroccan Companies Warn AI Is Widening Cybersecurity Gaps
According to a PwC-backed AUSIM survey, one-third of Moroccan firms see AI as their top cybersecurity risk - outweighing even cloud vulnerabilities. This signals an emerging recognition of the unique challenges AI introduces, especially in regions rapidly digitizing their operations.
OT cybersecurity budgets shift toward strategy and resilience to meet rising threats, compliance demands
Rather than investing reactively in tools and patching legacy infrastructure, OT cybersecurity leaders are shifting toward long-term strategies. Spending is increasingly aligned with regulatory compliance, resilience planning, and protecting complex industrial systems from sophisticated threats like ransomware and nation-state actors.
AI is the greatest threat - and defense - in cybersecurity today. Here’s why.
At RSA Conference 2025, AI stole the spotlight—both as a looming threat and as a critical defensive technology. Discussions highlighted the dual role of agentic AI in both advancing threat capabilities and bolstering cyber defenses. While some organizations are embracing AI-powered solutions, others are still catching up on foundational elements like IAM and vulnerability management.
This Week in Cybersecurity: Phishing, Ransomware, and a $32B Acquisition
AI Weaknesses, Airport Ransomware, Cloud Gaps & Phishing PhaaS
Fake Apps, Data Leaks, Ransomware Tactics & WordPress Plugin Exploits
Multi-stage malware, GPS spoofing, ClickFix campaigns, and Shadow AI adoption—this week’s cybersecurity recap has it all
QR code scams, GenAI hallucinations, mobile spyware, and double extortion — it’s another action-packed week in cybersecurity.
TikTok fined €530M, hackers breach CNI, and top 2025 cyber threats – your weekly cyber update
FreeDrain Crypto Phishing, Qilin Ransomware Surge & Google’s AI Moves
Fake Installers, Ransomware Fallout & Malicious Extensions: Last Week’s Cyber Recap
Malware campaigns, breaches, and the $111B cloud security boom
From a massive AT&T data leak to new macOS malware and a takedown of a notorious carding site - here's what happened last week.
Discord Malware, Salesforce Risks, SME Pressures and more
Cybercriminal Innovation, Record-Breaking DDoS, and Retail Breaches - What You Missed Last Week
Ready to get started? Fill out the form below and we'll get back to you in no time!
risk decrease
To: Paratus
Thank you for reaching out to us. Your request has been received, and we will get back to you within the next 24 hours. Alternatively, you can also reach us at [email protected]
To: Paratus
To: Paratus