A Week in Security: April 27 – May 3, 2025

TL;DR

This week’s highlights include Microsoft’s emphasis on passkeys over passwords, security risks with Apple AirPlay SDK devices, major cybersecurity threats to small businesses, and insights into recent digital rampages and data leaks.

Main Content

Last week on Malwarebytes Labs, several critical cybersecurity issues were highlighted:

• Microsoft’s Passkey Initiative: On World Password Day, Microsoft advocated for the use of passkeys over traditional passwords to enhance security¹.
• Apple AirPlay SDK Vulnerabilities: Apple AirPlay SDK devices were found to be at risk of takeover, prompting users to ensure their devices are updated².
• Small Business Cybersecurity Threats: The three biggest cybersecurity threats to small businesses were discussed, emphasizing the need for robust security measures³.
• Decline in Zero-Day Attacks: Google reported a drop in zero-day attacks on browsers and smartphones, indicating improvements in security measures⁴.
• Phishing Scams: Fake Social Security Statement emails tricked users into installing remote access tools, highlighting the ongoing threat of phishing scams⁵.
• Digital Rampage at Disney: A former Disney employee removed nut allergy information from menus and doxed co-workers, underscoring the risks of insider threats⁶.
• Perplexity’s Data Tracking: Perplexity was criticized for building a browser to track user data and serve ads, raising concerns about privacy⁷.
• Employee Monitoring App Leak: An employee monitoring app exposed users and leaked over 21 million screenshots, highlighting the importance of data security⁸.

Last week on ThreatDown, the following topics were covered:

• Malware Hiding Spots: An article discussed where malware authors frequently hide their code, providing insights into malware detection⁹.
• Ransomware in March 2025: A report on ransomware activities in March 2025 was published, offering a glimpse into the evolving threat landscape¹⁰.

Stay safe by keeping your systems updated and being vigilant against potential threats.

---

Our business solutions remove all remnants of ransomware and prevent reinfection. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

For more details, visit the full article: source

Conclusion

This week’s security roundup underscores the ongoing challenges in cybersecurity, from the shift towards passkeys to the persistent threat of malware and data breaches. Staying informed and proactive is crucial for safeguarding digital assets.

References

1. (2025-05-05). “On world password day, Microsoft says fewer passwords, more passkeys”. Malwarebytes Labs. Retrieved 2025-05-05. ↩︎

2. (2025-05-05). “Apple AirPlay SDK devices at risk of takeover—make sure you update”. Malwarebytes Labs. Retrieved 2025-05-05. ↩︎

3. (2025-05-05). “The 3 biggest cybersecurity threats to small businesses”. Malwarebytes Labs. Retrieved 2025-05-05. ↩︎

4. (2025-05-05). “Zero-day attacks on browsers and smartphones drop, says Google”. Malwarebytes Labs. Retrieved 2025-05-05. ↩︎

5. (2025-04-30). “Fake Social Security Statement emails trick users into installing remote tool”. Malwarebytes Labs. Retrieved 2025-05-05. ↩︎

6. (2025-04-30). “Digital rampage saw ex-Disney employee remove nut allergy info from menus, dox co-workers, and more”. Malwarebytes Labs. Retrieved 2025-05-05. ↩︎

7. (2025-04-30). “What privacy? Perplexity wants your data, builds browser to track you and serve ads”. Malwarebytes Labs. Retrieved 2025-05-05. ↩︎

8. (2025-04-30). “Employee monitoring app exposes users, leaks 21+ million screenshots”. Malwarebytes Labs. Retrieved 2025-05-05. ↩︎

9. (2025-05-05). “Where malware likes to hide the most”. ThreatDown. Retrieved 2025-05-05. ↩︎

10. (2025-05-05). “Ransomware in March 2025”. ThreatDown. Retrieved 2025-05-05. ↩︎