Top 5 Cybersecurity News Stories April 25, 2025

By Editorial Team | April 25, 2025

Cybersecurity threats are constantly evolving as threat actors seek access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of. No story is too big or small as we look at threats from espionage to security flaws in everyday devices:

1. 159 CVEs Exploited in Q1 2025 — 28.3% Within 24 Hours of Disclosure

A total of 159 vulnerabilities were exploited in the wild during Q1 2025, according to VulnCheck—an increase from 151 in Q4 2024. Shockingly, 28.3% were weaponized within 24 hours of disclosure.

Most targeted were CMS platforms (35), followed by network edge devices (29) and Microsoft Windows (15). Exploits remain the top initial access vector in cyberattacks.

2. DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack

Multiple North Korean threat clusters are targeting Web3 and crypto sectors to fund weapons programs, says Mandiant’s 2025 M-Trends report.

Groups like UNC1069, UNC4899, and UNC5342 use social engineering, fake job offers, and deepfake personas to infiltrate organizations, steal assets, and extort employers. One group, UNC3782, stole $137M in a single day via phishing.

3. Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts

Russian-linked groups UTA0352 and UTA0355 are using OAuth 2.0 phishing to hijack Microsoft 365 accounts, targeting Ukraine-related organizations. Victims are tricked via WhatsApp or Signal to share authorization codes or 2FA under false pretenses.

Attackers impersonate diplomats and use Visual Studio Code’s OAuth interface to gain lasting access. Volexity urges blocking suspicious URLs and enforcing strict device policies.

4. WhatsApp’s new Advanced Chat Privacy protects sensitive messages

WhatsApp has launched a new Advanced Chat Privacy setting that limits chat exports, media downloads, and use in AI features, aiming to keep private conversations secure. Available in both group and individual chats, the feature builds on years of encryption improvements.

While not foolproof—screenshots remain a loophole—it’s part of WhatsApp’s broader mission to enhance privacy.

5. FBI says cybercrime costs rose to at least $16 billion in 2024

Cybercrime cost victims over $16 billion in 2024, a 33% rise from the previous year, according to the FBI. Most losses came from low-tech scams like investment fraud and business email compromise.

The FBI’s Internet Crime Complaint Center recorded nearly 860,000 reports, mostly from the U.S. While comprehensive, the report likely underestimates ransomware losses.