Weekly Cybersecurity Recap - 26 May 2025

Major Cyber Incidents, Vulnerabilities & Industry Updates

01 / Blog Article

Weekly Cybersecurity Recap - 26 May 2025
    Weekly Recap

    Introduction

    Last week brought a surge of malicious campaigns, high-profile cyberattacks, and revealing research. Fake VPN installers and phishing attacks targeting Russian firms highlighted how attackers are constantly adapting their delivery tactics. Meanwhile, Marks & Spencer reported that its ransomware incident could cost nearly $400 million - underscoring the rising stakes of enterprise breaches. Browser extensions, ICS honeypots, and cybersecurity board oversight also made headlines. Here’s a breakdown of what you need to know:

    Malware & Threat Campaigns

    Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware

    A newly exposed campaign is delivering Winos 4.0 malware through counterfeit installers disguised as popular applications like LetsVPN and QQ Browser. Researchers from Rapid7, who first observed this campaign in February 2025, say it uses a multi-stage, memory-resident loader named Catena. The attackers appear to be highly capable and focused, operating primarily in Chinese-speaking environments with signs of long-term strategic planning.

    PureRAT Malware Spikes 4x in 2025, Deploying PureLogs to Target Russian Firms

    PureRAT infections have quadrupled this year, particularly among Russian organizations. These attacks typically start with phishing emails that contain malicious RAR archives disguised as Word or PDF documents using double file extensions. While the campaign's origin remains unknown, it’s a clear sign that email remains a potent vector for targeting corporate environments with evasive malware.

    100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads

    A threat actor has developed over 100 malicious Chrome extensions since early 2024, posing as utilities but embedding dangerous capabilities. These browser add-ons do far more than advertised - they steal credentials and cookies, hijack sessions, inject ads, redirect traffic, and even manipulate webpages for phishing. The campaign illustrates how browser-based threats continue to evolve under the radar.

    3am Ransomware Adopts Email Bombing, Vishing Combo Attack

    The emerging 3AM ransomware group is now using combo tactics that combine email bombing and vishing - a technique made popular by the Black Basta group. In a recent campaign uncovered by Sophos, the group was able to exfiltrate data from a compromised system. Although a full ransomware attack wasn’t completed, the method demonstrates how initial access vectors are becoming more aggressive and hybridized.

    Major Incidents & Disruptions

    Marks & Spencer Expects Ransomware Attack to Cost $400 Million

    Marks & Spencer has revealed that the financial fallout from its recent ransomware attack could reach £300 million (about $400 million). The breach disrupted logistics, food sales, and store operations across its 500+ locations. The retailer is now in recovery mode, manually restoring critical systems and absorbing significant losses due to spoilage and supply chain inefficiencies. The incident highlights how deeply ransomware can affect even well-established global businesses.

    Research & Trends

    Up to 25% of Internet-Exposed ICS Are Honeypots: Researchers

    A new study by researchers from NTNU Gjøvik and TU Delft found that up to 25% of internet-facing Industrial Control Systems (ICS) may actually be honeypots. Using the Censys search engine, they scanned over 150,000 devices across 175 countries. Their discovery reveals how defenders are increasingly turning to deception as a tool to study, slow down, or trap attackers targeting critical infrastructure.

    Taming the Hacker Storm: Why Millions in Cybersecurity Spending Isn’t Enough

    According to the AV-TEST Institute, more than 450,000 new malware samples are detected daily. That staggering number reveals why even massive security budgets can fall short - organizations are simply overwhelmed by the pace and volume of threats. It’s a reminder that defense is not just about money, but about prioritization, agility, and proactive strategy.

    Boards Need a More Active Approach to Cybersecurity

    A recent survey of 151 executives shows a gap between perception and reality when it comes to boardroom cybersecurity strategy. While a majority believe their funding is sufficient, only a fraction see their boards as proactive or innovative. The data points to a growing need for directors to engage more directly and meaningfully with cybersecurity planning.

    02/ Related Posts

    view all
    Weekly Recap Weekly Recap

    Weekly Cybersecurity Recap - 24 March 2025

    This Week in Cybersecurity: Phishing, Ransomware, and a $32B Acquisition

    Weekly Recap Weekly Recap

    Weekly Cybersecurity Recap - 7 April 2025

    AI Weaknesses, Airport Ransomware, Cloud Gaps & Phishing PhaaS

    Weekly Recap Weekly Recap

    Weekly Cybersecurity Recap - 14 April 2025

    Fake Apps, Data Leaks, Ransomware Tactics & WordPress Plugin Exploits

    Weekly Recap Weekly Recap

    Weekly Cybersecurity Recap - 21 April 2025

    Multi-stage malware, GPS spoofing, ClickFix campaigns, and Shadow AI adoption—this week’s cybersecurity recap has it all

    Weekly Recap Weekly Recap

    Weekly Cybersecurity Recap - 28 April 2025

    QR code scams, GenAI hallucinations, mobile spyware, and double extortion — it’s another action-packed week in cybersecurity.

    Weekly Recap Weekly Recap

    Weekly Cybersecurity Recap - 5 May 2025

    TikTok fined €530M, hackers breach CNI, and top 2025 cyber threats – your weekly cyber update

    Weekly Recap Weekly Recap

    Weekly Cybersecurity Recap - 12 May 2025

    FreeDrain Crypto Phishing, Qilin Ransomware Surge & Google’s AI Moves

    Weekly Recap Weekly Recap

    Weekly Cybersecurity Recap - 19 May 2025

    Botnets, Bounties, and the AI Balancing Act

    Weekly Recap Weekly Recap

    Weekly Cybersecurity Recap - 2 June 2025

    Malware campaigns, breaches, and the $111B cloud security boom

    Weekly Recap Weekly Recap

    Weekly Cybersecurity Recap - 9 June 2025

    From a massive AT&T data leak to new macOS malware and a takedown of a notorious carding site - here's what happened last week.

    Weekly Recap Weekly Recap

    Weekly Cybersecurity Recap - 16 June 2025

    Discord Malware, Salesforce Risks, SME Pressures and more

    Weekly Recap Weekly Recap

    Weekly Cybersecurity Recap - 23 June 2025

    Cybercriminal Innovation, Record-Breaking DDoS, and Retail Breaches - What You Missed Last Week

    Protect your business with Paratus

    Ready to get started? Fill out the form below and we'll get back to you in no time!

    To: Paratus

    risk decrease

    96% Risks from dealing with clients and traders decrease by 96%