Weekly Cybersecurity Recap - 7 April 2025

Introduction

Cyber threats this week spanned the entire spectrum — from stealthy zero-click exploits and regional infrastructure breaches to the global evolution of phishing-as-a-service (PhaaS). Lucid PhaaS leveraged messaging apps like iMessage and RCS to silently harvest sensitive data across 88 countries. In Asia, Malaysia's biggest airport suffered a $10 million ransomware disruption, while new Kubernetes flaws exposed thousands of cloud IPs.

Samsung saw a data breach, tax-themed phishing attacks resurfaced, and a trending anime-art filter raised biometric privacy concerns. Here's a breakdown of what happened last week, why it matters, and how defenders can respond.

Malware & Phishing Campaigns

Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes

Microsoft has identified a surge in phishing campaigns using tax-related themes to deliver malware and steal credentials. These campaigns cleverly embed malicious QR codes and shortened URLs in PDFs to bypass traditional filters. Attackers also abuse legitimate file-hosting and business platforms for redirection, linking to phishing pages deployed via the RaccoonO365 phishing-as-a-service (PhaaS) toolkit.

Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing

The Lucid PhaaS platform is pushing phishing to new levels of stealth and scalability. By using Apple iMessage and RCS (Rich Communication Services) for Android, it bypasses traditional SMS security and content filtering. Researchers say Lucid enables threat actors to execute highly targeted smishing campaigns on a subscription basis, harvesting victims’ financial data without raising typical red flags.

Hacker Leaks Samsung Customer Data

A hacker known as 'GHNA' leaked approximately 270,000 customer support records allegedly stolen from Samsung Germany. The attacker reportedly accessed the data using long-compromised credentials from Spectos GmbH, a third-party vendor. This breach underscores the risks associated with vendor access and the long-term exposure that can come from unmanaged credentials.

Google Quick Share Bug Bypasses Allow Zero-Click File Transfer

Two patched RCE vulnerabilities in Google’s Quick Share feature (CVE-2024-38272 and CVE-2024-38271) were found to be easily bypassed. Originally disclosed at DEFCON, these flaws allow attackers to deliver malicious files to Windows users without any user interaction. SafeBreach researchers demonstrated that even minimal effort can reactivate this silent attack vector, highlighting the fragility of patch-based defenses.

Cloud, Enterprise & SaaS Security

Critical Kubernetes Controller Flaws: 4,000 IPs Exposed

Security researchers disclosed five critical vulnerabilities in Kubernetes’ Ingress Nginx Controller — used widely for traffic management in cloud environments. These flaws can be chained together for privilege escalation or full system compromise. With over 4,000 exposed IPs, the urgency to patch is high, especially now that proof-of-concept code is publicly available.

AI, Social Engineering & Emerging Threats

Hacker Tactics: Exploiting Edge Devices, Missing Multifactor

Cyber attackers in 2024 are succeeding not through complexity, but by exploiting the basics. Cisco Talos reports that 70% of ransomware incidents involve simple login-based access — often due to missing multifactor authentication (MFA) or unpatched network gear. This trend proves that even high-impact breaches often originate from low-effort intrusion methods.

Viral Ghibli Trend: UAE Experts Warn of Data Leak Risk

A viral AI trend transforming photos into Studio Ghibli-style art has raised red flags among privacy experts. UAE cybersecurity officials warn that these AI tools may collect and store biometric data such as facial features — which, unlike passwords, cannot be changed once compromised. The popularity of such apps highlights growing risks in consumer-facing AI experiences.

Regional Impact & Global Threats

Malaysian Airport's Cyber Disruption a Warning for Asia

Kuala Lumpur International Airport (KLIA) suffered a significant ransomware attack that disrupted check-ins, displays, and services. While initially downplayed, later reports confirmed a $10 million ransom demand and operational chaos. The attack signals the vulnerability of Asia’s critical infrastructure and the urgent need for resilience strategies in transportation sectors.

UAE Thwarts Over 600 Cyberattacks Targeting Critical Public, Private Sectors

The UAE Cybersecurity Council announced the successful blocking of over 600 cyberattacks targeting national systems. These included attempts at data exfiltration and disruption in both government and private sectors. Authorities are urging all institutions to reinforce cyber hygiene and report suspicious activities to national CERT teams.