
Weekly Cybersecurity Recap - 24 March 2025
This Week in Cybersecurity: Phishing, Ransomware, and a $32B Acquisition
Major Cyber Incidents, Vulnerabilities & Industry Updates
Last week brought a surge of malicious campaigns, high-profile cyberattacks, and revealing research. Fake VPN installers and phishing attacks targeting Russian firms highlighted how attackers are constantly adapting their delivery tactics. Meanwhile, Marks & Spencer reported that its ransomware incident could cost nearly $400 million - underscoring the rising stakes of enterprise breaches. Browser extensions, ICS honeypots, and cybersecurity board oversight also made headlines. Here’s a breakdown of what you need to know:
Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware
A newly exposed campaign is delivering Winos 4.0 malware through counterfeit installers disguised as popular applications like LetsVPN and QQ Browser. Researchers from Rapid7, who first observed this campaign in February 2025, say it uses a multi-stage, memory-resident loader named Catena. The attackers appear to be highly capable and focused, operating primarily in Chinese-speaking environments with signs of long-term strategic planning.
PureRAT Malware Spikes 4x in 2025, Deploying PureLogs to Target Russian Firms
PureRAT infections have quadrupled this year, particularly among Russian organizations. These attacks typically start with phishing emails that contain malicious RAR archives disguised as Word or PDF documents using double file extensions. While the campaign's origin remains unknown, it’s a clear sign that email remains a potent vector for targeting corporate environments with evasive malware.
100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads
A threat actor has developed over 100 malicious Chrome extensions since early 2024, posing as utilities but embedding dangerous capabilities. These browser add-ons do far more than advertised - they steal credentials and cookies, hijack sessions, inject ads, redirect traffic, and even manipulate webpages for phishing. The campaign illustrates how browser-based threats continue to evolve under the radar.
3am Ransomware Adopts Email Bombing, Vishing Combo Attack
The emerging 3AM ransomware group is now using combo tactics that combine email bombing and vishing - a technique made popular by the Black Basta group. In a recent campaign uncovered by Sophos, the group was able to exfiltrate data from a compromised system. Although a full ransomware attack wasn’t completed, the method demonstrates how initial access vectors are becoming more aggressive and hybridized.
Marks & Spencer Expects Ransomware Attack to Cost $400 Million
Marks & Spencer has revealed that the financial fallout from its recent ransomware attack could reach £300 million (about $400 million). The breach disrupted logistics, food sales, and store operations across its 500+ locations. The retailer is now in recovery mode, manually restoring critical systems and absorbing significant losses due to spoilage and supply chain inefficiencies. The incident highlights how deeply ransomware can affect even well-established global businesses.
Up to 25% of Internet-Exposed ICS Are Honeypots: Researchers
A new study by researchers from NTNU Gjøvik and TU Delft found that up to 25% of internet-facing Industrial Control Systems (ICS) may actually be honeypots. Using the Censys search engine, they scanned over 150,000 devices across 175 countries. Their discovery reveals how defenders are increasingly turning to deception as a tool to study, slow down, or trap attackers targeting critical infrastructure.
Taming the Hacker Storm: Why Millions in Cybersecurity Spending Isn’t Enough
According to the AV-TEST Institute, more than 450,000 new malware samples are detected daily. That staggering number reveals why even massive security budgets can fall short - organizations are simply overwhelmed by the pace and volume of threats. It’s a reminder that defense is not just about money, but about prioritization, agility, and proactive strategy.
Boards Need a More Active Approach to Cybersecurity
A recent survey of 151 executives shows a gap between perception and reality when it comes to boardroom cybersecurity strategy. While a majority believe their funding is sufficient, only a fraction see their boards as proactive or innovative. The data points to a growing need for directors to engage more directly and meaningfully with cybersecurity planning.
This Week in Cybersecurity: Phishing, Ransomware, and a $32B Acquisition
AI Weaknesses, Airport Ransomware, Cloud Gaps & Phishing PhaaS
Fake Apps, Data Leaks, Ransomware Tactics & WordPress Plugin Exploits
Multi-stage malware, GPS spoofing, ClickFix campaigns, and Shadow AI adoption—this week’s cybersecurity recap has it all
QR code scams, GenAI hallucinations, mobile spyware, and double extortion — it’s another action-packed week in cybersecurity.
TikTok fined €530M, hackers breach CNI, and top 2025 cyber threats – your weekly cyber update
FreeDrain Crypto Phishing, Qilin Ransomware Surge & Google’s AI Moves
Botnets, Bounties, and the AI Balancing Act
Malware campaigns, breaches, and the $111B cloud security boom
From a massive AT&T data leak to new macOS malware and a takedown of a notorious carding site - here's what happened last week.
Discord Malware, Salesforce Risks, SME Pressures and more
Cybercriminal Innovation, Record-Breaking DDoS, and Retail Breaches - What You Missed Last Week
Ready to get started? Fill out the form below and we'll get back to you in no time!
risk decrease
To: Paratus
Thank you for reaching out to us. Your request has been received, and we will get back to you within the next 24 hours. Alternatively, you can also reach us at [email protected]
To: Paratus
To: Paratus