⚠ Weekly Threat Advisory: Top Cyber Threats from April 21 – April 27, 2025 ⚠

The latest edition of the Weekly Threat Advisory delivers a comprehensive overview of recent cyber threat developments, highlighting new threat actors, advanced malware strains, active ransomware operations, targeted campaigns, critical vulnerabilities (CVEs), and increasingly sophisticated phishing kits affecting a wide range of industries. Cyber adversaries are exploiting newly discovered vulnerabilities, utilizing refined phishing techniques, and deploying adaptable malware capable of bypassing traditional security defenses. Ransomware incidents are on the rise, often involving double extortion strategies and supply chain compromises to amplify their impact. Meanwhile, phishing tool-kits are evolving rapidly, enabling large-scale credential theft and unauthorized network access. This Weekly Threat Advisory emphasizes the urgent need for cybersecurity teams to stay alert—through prompt vulnerability management, strengthened threat hunting practices, and improved detection mechanisms—to protect organizational assets against the escalating threat landscape.

☑️ Ongoing threat monitoring and intelligence gathering continue to expose both existing and emerging risks across numerous industries, contributing to the identification of Top Cyber Threats.
☑️ This week’s threat summary highlights new adversarial groups, shifting malware variants, ransomware organizations, malicious operations, and critical high-risk CVEs.
☑️ Attackers are adopting more advanced tactics to exploit systems, maintain a foothold, and evade traditional detection methods across complex environments.
☑️ Freshly discovered security flaws represent major risks and require immediate action by cybersecurity teams.
☑️ Threat actors are leveraging zero-day exploits, sophisticated phishing techniques, and privilege escalation to gain unauthorized system access.
☑️ Ransomware incidents continue to intensify, now frequently involving double extortion strategies and supply chain compromises for maximum disruption.
☑️ Attack methods such as credential harvesting and targeting of cloud-based infrastructures are becoming increasingly common.
☑️ Both nation-state groups and financially motivated cyber criminals are enhancing their attack techniques to defeat standard defense measures.
☑️ Critical sectors—including finance, healthcare, critical infrastructure, and cloud platforms—remain prime targets of Top Cyber Threats.
☑️ Newly weaponized vulnerabilities are rapidly added to offensive tool-kits, accelerating the pace of exploitation.
☑️ Activity on dark web forums reveals heightened interest in automated hacking tools designed for large-scale attacks.
☑️ Malware threats are growing more complex, with polymorphic behavior and file less methods being used to bypass security controls.
☑️ Immediate patching and the fortification of detection and response systems must be a high priority for defenders.
☑️ Proactive threat hunting that focuses on spotting early indicators and unusual behaviors is vital for preventing attacks.
☑️ Building stronger incident response capabilities and encouraging collaboration through cross-sector threat intelligence sharing are essential steps toward improving cyber defense readiness.

Weekly Threat Advisory Top Cyber Threats

Threat Actors

💡 APT_29_Midnight_Blizzard
💡 Slow Pisces (Jade Sleet, TraderTraitor or PUKCHONG)
💡 Void Dokkaebi (Famous Chollima)

Malware

📌 Suspicious CrushFTP Child Process
📌 TROX Stealer
📌 Suspicious Process Spawned by CentreStack Portal AppPool
📌 Lumma Stealer
📌 Tunneling-Based Scans for DNS Resolvers
📌 Malicious_PyPI_Package
📌 ToyMaker

Ransomware

📍 FOG Ransomware
📍 Brain Cipher Ransomware
📍 Cactus Ransomware
📍 Gunra Ransomware

Campaigns & Phishing Kit

🛡️ Malicious_NPM_Packages_Hijack_Crypto_Wallet
🛡️ RustoBot
🛡️ Multi_Layered_Malware_Delivery_Chain
🛡️ Infostealer Malware FormBook Spread via Phishing Campaign
🛡️ Malicious_PDF_Converter_Campaign

CVE

👉 CVE-2025-32433
👉 CVE-2025-24859
👉 CVE-2025-2903
👉 CVE-2025-30406
👉 CVE-2025-1950
👉 CVE-2025-32965
👉 CVE-2025-42603
👉 CVE-2025-1908
👉 CVE-2025-3603
👉 CVE-2021-47663
👉 CVE-2025-2470
👉 CVE-2025-28354

Benefits of Weekly Threat Advisory

Please find how Weekly Threat Advisory helps a SOC (Security Operations Center) analyst, threat hunters and threat intelligence analyst:

1. Prioritized Alerting The advisory informs the SOC about the most active or dangerous threats right now. SOC teams can adjust alert thresholds and prioritize specific alerts based on active threats, improving their speed of detection.
2. Faster Incident Response Knowing about trending malware, ransomware campaigns, or attack techniques ahead of time helps SOC analysts respond faster. Playbooks can be updated to include specific countermeasures for new threats.
3. Improved Threat Detection Rules Advisories often include new Indicators of Compromise (IOCs): IP addresses, hashes, domain names, etc. SOCs can feed these into SIEM rules (like Splunk, QRadar) to catch threats early in the kill chain.
4. Enhanced Threat Context When an alert fires, SOC analysts can use the advisory information to understand the full context (e.g., “This IP is linked to LockBit ransomware, not just a random spike”). Better context = better triage.
5. Smarter Triage and Escalation Instead of treating all alerts equally, SOC analysts can use the advisory to triage smarter. Alerts matching threats mentioned in advisories are flagged for immediate investigation, avoiding wasted time on noise.
6. SOC Playbook Updates Weekly Threat Advisories often reveal new TTPs (Tactics, Techniques, and Procedures). SOC engineers can update automated playbooks (SOAR workflows) to handle these new methods (e.g., phishing using QR codes → new parsing logic for emails).
7. Increased Situational Awareness Analysts get a “current global threat landscape view” weekly, keeping them sharp and situational aware. They can anticipate which attacks are likely to happen rather than only reacting to incidents.
8. Proactive Threat Hunting Support Hunters within the SOC can launch proactive hunts based on newly reported IOCs, techniques, or vulnerable software. Example: “Hunt for Cobalt Strike C2 domains using DNS beaconing,” based on advisory intel.
9. Better Reporting to Management SOC managers can brief leadership on emerging threats mentioned in advisories. This strengthens internal communications and justifies budget or staffing (“We’re seeing increased threats from [threat group], here’s why we need this tool/license”).
10. Reduced Dwell Time With fresh threat intelligence arriving every week, SOCs are better prepared to detect intrusions early. Early detection leads to lower attacker dwell time (time the attacker remains undetected inside the network), which massively reduces breach impact.

Happy Threat Hunting

#threathunting #threatintelligence #cybersecurity #threatactor #malware #CVE #campaign #ransomware #phishing #threatadvisory #ThreatFeeds #APTGroups #InfosecIntel #CTI #IOC #CyberThreatIntel #TTPs #CyberThreatReport #OSINT