Newsletter

Decrypted: Expert Insights Cybersecurity Briefing 

Last updated on Apr 3, 2025
Joel Witts
Laura Iannini
Written by Joel Witts Technical Review by Laura Iannini
Decrypted Cover
This article will cover

Welcome back to Cybersecurity Decrypted from Expert Insights. This week, the latest on $1.4 billion of stolen malware, Google buys Wiz, and document converter scams are taking off.

🌎 Next week, Expert Insights will be attending the ESET World Cybersecurity Conference in Las Vegas. Stay tuned for insights from top industry experts, analysts, and CISOs.

📰 Headlines

  • Google has announced it has entered an agreement to acquire cloud security platform Wiz for $32 billion in an all-cash-deal. If approved, the deal will be the biggest in cybersecurity industry history and the biggest acquisition ever made by Google. Wiz will join the Google Cloud security portfolio. (Google)
  • A game of whack-a-mole ensues as North Korean hackers attempt to launder more than $1.4 billion USD of cryptocurrency stolen from Bybit. Crypto-exchange OKX, a popular tool that the hackers were attempting to use to launder the funds temporarily shut down in response. (TheRecord)
  • FBI Denver has reported an increase in scams involving free online document converter tools used to spread malware and steal personal info. This news comes amid reports on Reddit that federal agents no longer have access to premium document conversion tools like Adobe Acrobat due to budget cuts. X users pointed out the potential risks waiting to happen. (FBIX)
  • Cybercriminals are exploiting CSS (Cascading Style Sheets) to evade email spam filters and email gateways to track users’ email habits, according to Cisco threat researchers. Implementing advanced email security controls is highly recommended. (THN)

🎣 Phish Report

  • ‘Cybercriminals are weaponizing AI to launch more sophisticated and deceptive attacks,’ including sophisticated phishing attacks, says Zscaler threat researchers in a new report shared with Expert Insights ahead of publication today. Zscaler analyzed 536.5 billion AI and ML transactions in the Zscaler cloud from Feb-Dec 2024. (Zscaler)
  • Multiple researchers have warned of new phishing campaigns targeting M365. Attackers were observed controlling multiple M365 tenants, impersonating Microsoft transaction notifications, and sending out phishing emails using Microsoft infrastructure. (SecurityWeek)
  • Bitdefender has warned that hundreds of malicious apps on the Google Play Store are being used to serve full-screen ads and conduct phishing attacks. (THN)
  • Hackers are impersonating Booking.com to attempt to trick users into downloading credential-stealing malware, in a new phishing campaign targeting hotel workers. (TheRecord)
  • A widespread phishing campaign is targeting Coinbase users with a wallet migration scam, tricking recipients into setting up a new wallet with a pre-generated recovery phrase controlled by attackers. (BleepingComputer)
  • Cybercriminals are continuing to use malicious OAUTH apps to compromise credentials – with new campaigns detected driving users to harmful M365 phishing pages or targeting GitHub repositories. (DarkReading)
  • An HTTP bug in Apple’s password manager app left users ‘vulnerable to phishing’ for almost three months. The attack would have only been possible to execute if the attacker was on the same network as the user & was patched in December. (9to5Mac)

📡 Threat Tracking

  • North Korean threat actors targeted Korean and English-speaking users with asurveillance tool distributed via Google Play. The malware was disguised phone utility apps – including a fake security app. (SecurityWeek)
  • The US Government has revealed that Medusa ransomware affiliates have successfully hit 300 critical infrastructure organizations. Attacks typically started with phishing to steal victim’s credentials. (SecurityWeek)
  • A new malware dubbed Arcane is stealing user data, including VPN account credentials, gaming clients, messaging apps, and information stored in web browsers. The malware is spread via YouTube videos promoting video game cheats and hacks which encourage users to download a malicious file. (BleepingComputer)
  • 7,966 new vulnerabilities impacting the WordPress ecosystem were uncovered last year,most of them impacting different plugins and themes. (SecurityWeek)
  • Microsoft has warned of a new Remote Access Trojan (RAT), StilachiRAT, that uses advanced techniques to avoid detection and steal credentials. (THN)

🚨 Industry News

  • Cloudflare has launched a new service that provides real-time threat intelligence based on the attacks monitored by their team. (SecurityWeek)
  • Google has announced a new version of their open-source vulnerability scanning and remediation tool OSV-Scanner with ‘significant new capabilities.’ (Google)
  • Forcepoint has announced it will acquire GetVisibility, an innovative startup in the AI-powered Data Security Posture Management (DSPM) space. (Forcepoint)
  • IRONSCALES has announced a new integration with CrowdStrike Falcon. Email security insights from IRONSCALES can now be integrated with Crowdstrike’s SIEM platform. (IRONSCALES)
  • Startup Orion Security has raised $6 million with a new AI-Driven DLP solution. (SecurityWeek)

🏛️ Cybersecurity Policy

  • The White House has urged all federal agencies to avoid laying off cybersecurity personnel as part of a Thursday deadline to submit budget reduction plans. (Reuters)
  • A ‘DOGE’ staffer broke Treasury policies by sending an email containing unencrypted personal info, according to testimony from a government cybersecurity official in a federal lawsuit. (TechCrunch)
  • US representatives and senators have reintroduced a bipartisan bill to boost the cybersecurity of rural water systems. (SecurityWeek)
  • Multiple cyberattacks are currently causing disruption for public services in four US states, including attacks on police stations, school districts, and courts. (TheRecord)

🎙️ Expert Insights: Latest From Us

Don’t miss this week’s round of interviews & insights with cybersecurity experts and thought leaders.

That’s all for this week! 👋

Next week our reporter Caitlin Jones will be out in Las Vegas covering ESET World. Stay tuned for her insights and perspectives from experts and CISOs.

Expert Insights’ Cybersecurity Resources

Written By
Joel Witts
Joel Witts

Joel Witts is the Content Director at Expert Insights, meaning he oversees all articles published and topics covered. He is an experienced journalist and writer, specialising in identity and access management, Zero Trust, cloud business technologies, and cybersecurity. Joel is a co-host of the Expert Insights Podcast and conducts regular interviews with leading B2B tech industry experts, including directors at Microsoft and Google. Joel holds a First Class Honours degree in Journalism from Cardiff University.

Technical Review
Laura Iannini
Laura Iannini Cybersecurity Analyst

Laura Iannini is an Information Security Engineer. She holds a Bachelor’s degree in Cybersecurity from the University of West Florida. Laura has experience with a variety of cybersecurity platforms and leads technical reviews of leading solutions. She conducts thorough product tests to ensure that Expert Insights’ reviews are definitive and insightful.