Weekly Threat Advisory Top Cyber Threats from May 12 – May 18, 2025
The Weekly Threat Advisory delivers a comprehensive breakdown of the latest trends in cyber threat activity. It sheds light on newly surfaced threat actors and intricate malware strains now circulating in the wild. The report outlines the persistence of ransomware campaigns and deliberate intrusion operations targeting key sectors. Security experts are observing a rise in critical vulnerabilities (CVEs) affecting widely used software and platforms. There is growing concern over enhanced phishing kits being used to deceive users and harvest credentials. Cybercriminals are swiftly capitalizing on recent security gaps before patches can be applied. Phishing campaigns have become increasingly deceptive, using refined techniques to bypass detection. Modern malware is being built to morph and adapt, making it harder for legacy defenses to stop. Ransomware attacks are climbing, with many now involving double extortion and third-party compromise. Attackers are breaching supply chains to expand their reach and inflict greater damage. Phishing toolkits are evolving fast, fueling large-scale identity theft and unauthorized network access.
The Weekly Threat Advisory stresses the urgency for defenders to act proactively. Timely patching of vulnerabilities is critical to minimizing exposure to these evolving threats. Security teams must adopt robust threat hunting approaches and advanced monitoring strategies. Strengthening detection and response capabilities remains vital in countering this complex and dynamic threat landscape.
Weekly Threat Advisory Top Cyber Threats
Threat Actor
💡 CL‑STA‑0048
💡 UNC5221
💡 UNC5174
💡 Earth Ammit
💡 TA406
💡 Marbled Dust
💡 APT-Group 123
💡 APT36
💡 Scattered Spider – Roasting 0ktapus or Scatter Swine
💡 TheWizards
Malware
📌 BPFDoor
📌 Eye_Pyramid_C2
📌 MintsLoader
📌 Horabot Malware
📌 OtterCookie malware
📌 Swan Vector
📌 Lumma Stealer
📌 DarkCloud Stealer
📌 Operation: ToyBox Story
📌 Malicious_PyPI_Package
📌 DarkCloud Stealer
📌 TransferLoader
📌 DBatLoader (ModiLoader)
📌 PyPI
📌 Remcos RAT
Ransomware
📍 J Ransomware
📍 DragonForce Ransomware
📍 lcryx
📍 Mamona
Campaigns & Phishing Kit
🛡️ Malicious_PyPI_Package
🛡️ Operation RoundPress
CVE
👉 CVE-2025-46814
👉 CVE-2025-32756
👉 CVE-2025-32705
👉 CVE-2025-30663
👉 CVE-2025-27920
👉 CVE-2025-30397
👉 CVE-2025-4428
👉 CVE-2025-4632
👉 CVE-2025-4664
Happy Threat Hunting
#threathunting #threatintelligence #cybersecurity #threatactor #malware #CVE #campaign #ransomware #phishing #threatadvisory #ThreatFeeds #APTGroups #InfosecIntel #CTI #IOC #CyberThreatIntel #TTPs #CyberThreatReport
