By Ashwani Mishra, Editor-Technology, 63SATS
Cybersecurity threats are escalating worldwide, impacting industries from technology and finance to education and government. Job satisfaction in cybersecurity has plummeted, especially for women, due to widespread layoffs and budget cuts. Microsoft dismantled a GitHub-based malware campaign that infected nearly one million devices via malvertising on pirated streaming sites. Meanwhile, the Medusa ransomware gang continues to expand, with 400+ victims.
A cyberattack on U.S. school retirement plans exposed 40,000+ employees’ data. Japan’s critical sectors face sophisticated cyberattacks, while China-backed Silk Typhoon hackers exploit zero-day vulnerabilities to infiltrate organizations globally. Cybercrime is intensifying, demanding stronger defenses and rapid response strategies.
Job Satisfaction in Cybersecurity Drops, Women Most Affected
Job satisfaction among women in cybersecurity has sharply declined, with only 67% reporting satisfaction in 2024, down from 82% in 2022. Men also experienced a dip, but at a lesser rate, from 73% to 66%.
The decline is attributed to widespread layoffs and budget cuts in cybersecurity teams. 32% of women reported security layoffs in their organizations, compared to 23% of men. Organizations without layoffs saw higher job satisfaction rates—71% for women and 70% for men—highlighting the impact of job security on workplace morale.
Microsoft Takes Down GitHub Repositories Used in Massive Malware Campaign
Microsoft has removed multiple GitHub repositories linked to a widespread malvertising campaign that infected nearly one million devices worldwide. The campaign was first detected in December 2024, when malicious ads embedded in pirated streaming websites redirected users to GitHub-hosted malware.
The malware collected system details, such as memory size, OS type, and screen resolution, before deploying secondary payloads. Microsoft revealed that cybercriminals manipulated movie frames to insert malicious redirects, turning unsuspecting users into victims. This takedown highlights the growing risk of malvertising attacks using trusted platforms like GitHub.
Medusa Ransomware Group Expands Attacks, Claims 400 Victims
The Medusa ransomware gang has significantly escalated its operations, claiming nearly 400 victims since its emergence in January 2023. A 42% increase in attacks was observed between 2023 and 2024, with over 40 new attacks reported in the first two months of 2025 alone.
Tracked by Symantec under the name Spearwing, the group employs double extortion tactics—stealing sensitive data before encrypting networks to pressure victims into paying ransoms. Cybersecurity experts warn that Medusa’s growing reach poses a serious threat to businesses and organizations worldwide.
Cyberattack on Retirement Plan Administrator Exposes Thousands of Public School Employees
A December 2024 cyberattack on Carruth Compliance Consulting has compromised sensitive information of over 40,000 teachers and school staff across the U.S. The breach affected 403(b) and 457(b) retirement plan participants, with personal data being leaked.
Public schools in Maine, Massachusetts, Vermont, Pennsylvania, Oregon, California, Illinois, and New York have reported breaches. A cybercriminal group known as Skira Team claimed responsibility, stating they accessed data from 36 public schools. With more schools still assessing the breach, the actual number of affected individuals could be much higher.
Japan’s Tech and Telecom Sectors Targeted in Advanced Cyber Campaign
A sophisticated cyberattack has hit Japan’s technology, telecom, entertainment, education, and e-commerce sectors. Researchers at Cisco Talos found that attackers exploited CVE-2024-4577, a remote code execution (RCE) vulnerability in PHP-CGI on Windows, to gain initial access.
The attackers deployed Cobalt Strike reverse HTTP shellcode, enabling persistent remote access, privilege escalation, and credential theft. Cybercriminals used PowerShell scripts, Mimikatz, and lateral movement techniques to infiltrate networks. Security experts warn that this campaign highlights the ongoing risks of unpatched vulnerabilities in enterprise environments.
Silk Typhoon: China-Backed Hacking Group Expands Cyber Espionage
Since 2020, Silk Typhoon has emerged as one of the most sophisticated Chinese state-sponsored hacking groups. Known for rapidly exploiting zero-day vulnerabilities, the group targets public-facing infrastructure to infiltrate networks. While Microsoft has not detected direct attacks on its cloud services, Silk Typhoon has been found leveraging unpatched applications to expand access within targeted organizations.
The group focuses on technology, defense, government, healthcare, energy, education, and NGOs, with operations spanning both U.S. and international targets. Their growing activity underscores China’s strategic cyber espionage efforts worldwide.
