Weekly Cybersecurity Recap - 19 May 2025

Major Cyber Incidents, Vulnerabilities & Industry Updates

01 / Blog Article

Weekly Cybersecurity Recap - 19 May 2025
    Weekly Recap

    Introduction

    This week in cybersecurity, threat actors continued to target critical sectors through advanced malware, while AI’s influence dominated both headlines and strategic boardroom conversations. From malicious open-source packages and botnet-driven DDoS attacks to a bold $20M bounty from Coinbase, here’s a breakdown of the top stories you need to know - organized by threats, attacks, and emerging trends.

    Malware and Supply Chain Threats

    Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads

    Security researchers uncovered a PyPI package named solana-token that posed as a Solana blockchain utility. While it was eventually removed, it had already been downloaded 761 times. It contained malicious code to exfiltrate developer secrets and source code, indicating a targeted approach to compromise dev environments. Notably, the versioning scheme was manipulated to avoid detection, raising concerns about visibility in open-source repositories.

    Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper

    A deceptive npm package, os-info-checker-es6, used clever evasion techniques to drop second-stage malware. While its earlier versions were clean, a recent update embedded malicious code inside a "preinstall.js" script. This script cleverly used Unicode characters and Google Calendar events as a covert communication channel to resolve the attacker’s server IP address. The tactic not only evaded traditional detection but also demonstrated how common cloud services can be repurposed for stealth.

    Chinese Hackers Hit Drone Sector in Supply Chain Attacks

    Earth Ammit, a China-linked APT group, carried out coordinated supply chain attacks targeting drone manufacturers and partners in Taiwan and South Korea. These multi-wave campaigns occurred between 2023 and 2024, and were designed to compromise trust in the drone sector's ecosystem. The campaigns spanned multiple industries and demonstrated the geopolitical and strategic importance of controlling drone tech infrastructure.

    Attacks and Incidents

    New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors

    HTTPBot, a newly discovered Windows-based botnet written in Golang, has launched more than 200 precision DDoS attacks. Most of these attacks were aimed at the gaming sector, particularly login and payment platforms, but also affected tech and educational institutions in China. Its use of HTTP protocols and strategic targeting of high-value services marks it as a sophisticated evolution in botnet threats.

    Coinbase Extorted, Offers $20M for Info on Its Hackers

    In an unusual twist, Coinbase has turned the tables on its attackers. After receiving a credible threat via email claiming access to sensitive customer data and internal systems, the crypto exchange filed with the SEC and publicly offered a $20M reward for information leading to the hackers. This move is unprecedented and could mark a shift in how major companies respond to extortion attempts.

    Industry Trends and Strategy

    33% of Moroccan Companies Warn AI Is Widening Cybersecurity Gaps

    According to a PwC-backed AUSIM survey, one-third of Moroccan firms see AI as their top cybersecurity risk - outweighing even cloud vulnerabilities. This signals an emerging recognition of the unique challenges AI introduces, especially in regions rapidly digitizing their operations.

    OT cybersecurity budgets shift toward strategy and resilience to meet rising threats, compliance demands

    Rather than investing reactively in tools and patching legacy infrastructure, OT cybersecurity leaders are shifting toward long-term strategies. Spending is increasingly aligned with regulatory compliance, resilience planning, and protecting complex industrial systems from sophisticated threats like ransomware and nation-state actors.

    AI is the greatest threat - and defense - in cybersecurity today. Here’s why.

    At RSA Conference 2025, AI stole the spotlight—both as a looming threat and as a critical defensive technology. Discussions highlighted the dual role of agentic AI in both advancing threat capabilities and bolstering cyber defenses. While some organizations are embracing AI-powered solutions, others are still catching up on foundational elements like IAM and vulnerability management.

    02/ Related Posts

    view all
    Weekly Recap Weekly Recap

    Weekly Cybersecurity Recap - 24 March 2025

    This Week in Cybersecurity: Phishing, Ransomware, and a $32B Acquisition

    Weekly Recap Weekly Recap

    Weekly Cybersecurity Recap - 7 April 2025

    AI Weaknesses, Airport Ransomware, Cloud Gaps & Phishing PhaaS

    Weekly Recap Weekly Recap

    Weekly Cybersecurity Recap - 14 April 2025

    Fake Apps, Data Leaks, Ransomware Tactics & WordPress Plugin Exploits

    Weekly Recap Weekly Recap

    Weekly Cybersecurity Recap - 21 April 2025

    Multi-stage malware, GPS spoofing, ClickFix campaigns, and Shadow AI adoption—this week’s cybersecurity recap has it all

    Weekly Recap Weekly Recap

    Weekly Cybersecurity Recap - 28 April 2025

    QR code scams, GenAI hallucinations, mobile spyware, and double extortion — it’s another action-packed week in cybersecurity.

    Weekly Recap Weekly Recap

    Weekly Cybersecurity Recap - 5 May 2025

    TikTok fined €530M, hackers breach CNI, and top 2025 cyber threats – your weekly cyber update

    Weekly Recap Weekly Recap

    Weekly Cybersecurity Recap - 12 May 2025

    FreeDrain Crypto Phishing, Qilin Ransomware Surge & Google’s AI Moves

    Weekly Recap Weekly Recap

    Weekly Cybersecurity Recap - 26 May 2025

    Fake Installers, Ransomware Fallout & Malicious Extensions: Last Week’s Cyber Recap

    Weekly Recap Weekly Recap

    Weekly Cybersecurity Recap - 2 June 2025

    Malware campaigns, breaches, and the $111B cloud security boom

    Weekly Recap Weekly Recap

    Weekly Cybersecurity Recap - 9 June 2025

    From a massive AT&T data leak to new macOS malware and a takedown of a notorious carding site - here's what happened last week.

    Weekly Recap Weekly Recap

    Weekly Cybersecurity Recap - 16 June 2025

    Discord Malware, Salesforce Risks, SME Pressures and more

    Weekly Recap Weekly Recap

    Weekly Cybersecurity Recap - 23 June 2025

    Cybercriminal Innovation, Record-Breaking DDoS, and Retail Breaches - What You Missed Last Week

    Protect your business with Paratus

    Ready to get started? Fill out the form below and we'll get back to you in no time!

    To: Paratus

    risk decrease

    96% Risks from dealing with clients and traders decrease by 96%