⚠ Weekly Threat Advisory: Top Cyber Threats from April 14 – April 20, 2025 ⚠
This edition of the Weekly Threat Advisory presents a detailed summary of the latest cyber threats, including emerging threat actors, evolving malware types, ransomware activities, ongoing campaigns, critical CVEs, and sophisticated phishing kits impacting multiple industries. Cybercriminals are taking advantage of newly identified vulnerabilities, leveraging advanced phishing methods, and deploying flexible malware designed to evade existing security measures. Ransomware attacks continue to escalate, now incorporating double extortion techniques and compromising supply chains for greater disruption. Simultaneously, phishing toolkits are becoming more advanced, facilitating large-scale credential theft and unauthorized system infiltration. To counter these growing threats, cybersecurity teams must remain vigilant—implementing timely patching, strengthening threat hunting capabilities, and enhancing detection systems to reinforce organizational security.
☑️ Ongoing threat analysis and intelligence efforts continue to uncover both current and emerging cyber threats affecting a wide range of industries.
☑️ This week’s threat briefing reveals new threat actors, evolving malware strains, ransomware collectives, malicious campaigns, and high-priority CVEs.
☑️ Attackers are employing increasingly sophisticated techniques that enhance exploitation, maintain persistence, and avoid detection across network environments.
☑️ Newly identified vulnerabilities pose significant security concerns and demand immediate attention from cybersecurity teams.
☑️ Exploits involving zero-day vulnerabilities, deceptive phishing strategies, and privilege abuse are being used to gain unauthorized access.
☑️ Ransomware activity continues to surge, often incorporating double extortion tactics and targeting supply chains for greater damage.
☑️ Threat vectors like credential theft and the exploitation of cloud environments are becoming more frequent.
☑️ Both government-backed and financially motivated adversaries are refining their capabilities to bypass traditional security mechanisms.
☑️ Key sectors such as banking, healthcare, critical infrastructure, and cloud-based systems remain under persistent threat.
☑️ Recently weaponized vulnerabilities are being swiftly integrated into offensive toolkits, increasing the speed of exploitation.
☑️ Underground forums show a growing interest in automation tools that enable broad-scale attacks.
☑️ Malware continues to evolve, utilizing polymorphic behavior and fileless execution to evade defenses.
☑️ Security teams must prioritize urgent patch deployment and advance their detection infrastructure.
☑️ A proactive approach to threat hunting—focusing on early warning signs and behavioral anomalies—is crucial.
☑️ Strengthening response capabilities and fostering cross-sector threat intelligence sharing will be key to enhancing overall cyber resilience.
Weekly Threat Advisory Top Cyber Threats
Threat Actors
💡 UNC5174
💡 Sapphire Werewolf
💡 tommyboy_h1 and tommyboy_h2
💡 GOFFEE
💡 Slow Pisces (aka Jade Sleet, TraderTraitor, PUKCHONG)
💡 Mustang Panda
💡 APT38
Malware
📌 Gorilla Botnet C2
📌 Xeno RAT
📌 Spark RAT
📌 CurlBack RAT
📌 Aurotun Stealer
📌 BRICKSTORM_Backdoor
📌 PasivRobber
📌 Exposes Fortinet Exploits, Webshells, and Recon Activity
Ransomware
📍 RA Lord Ransomware
📍 Rhysida
📍 Akira Ransomware
Campaigns & Phishing Kit
🛡️ Smishing Scams
🛡️ Phishing Pages Impersonating Nintendo
🛡️ ClickFix social engineering scam
🛡️ SMS Exploitation
CVE
👉 CVE-2025-32433
👉 CVE-2025-2492
👉 CVE-2025-3803
Happy Threat Hunting
