Jorge Laurel
Friday Wrap Up

Friday Wrap Up: 2 May 2025

Jorge Laurel · ·3 min read ·Issue #77


From phishing rings to AI-written code, it’s been another week in cybersecurity where the only constant is everything’s on fire 🔥.

This week’s Friday Wrap Up features:

- Cybercriminals getting busted (some, not all—let’s not get crazy),

- Zero-days popping like popcorn 🍿,

- Space hacking (yes, literally),

- AI quietly taking over dev jobs,

- And government agencies asking, “Secure by Design—was that just a phase?”

If your cloud is leaking secrets, your CMS is under siege, or you’re wondering how ransomware gangs pivot after a breakup… we’ve got you covered.

👉 Check out this week’s Friday Wrap Up for the full breakdown. Because cybersecurity never sleeps. But you should—after reading it.


🚨 Cybercrime Crackdowns and Investigations\

A closer look at recent arrests, breaches, and threat actor shifts around the globe.

  • 🎯 JokerOTP dismantled after 28,000 phishing attacks across 13 countries; two suspects arrested in £7.5M cyber fraud. (Published on 4/28/2025, Hackread). Read More

  • 🕵️‍♂️ RansomHub’s infrastructure mysteriously vanished; affiliates reportedly migrated to rival ransomware groups. (Published on 4/30/2025, The Hacker News). Read More

  • 🐍 Despite recent arrests, threat group Scattered Spider continues high-profile cyberattacks. (Published on 5/2/2025, Dark Reading). Read More


🛡️ Software & System Vulnerabilities
Widespread exploitation of zero-days and critical software flaws continues to dominate the security landscape.

  • ⚠️ Hackers exploit critical Craft CMS zero-day flaws; hundreds of servers may be compromised. (Published on 4/28/2025, The Hacker News). Read More

  • 🔍 CISA urges patching Broadcom and Commvault flaws actively exploited in the wild. (Published on 4/29/2025, SecurityWeek). Read More

  • 🚨 Commvault shares IoCs after Azure-targeted zero-day hits; added to CISA’s KEV list. (Published on 5/1/2025, SecurityWeek). Read More

  • 🧪 SentinelOne targeted by North Korean IT workers, ransomware gangs, and Chinese hackers. (Published on 5/1/2025, SecurityWeek). Read More


🔐 Secure-by-Design & National Cyber Strategy
Is government-led software security fading, or just evolving into private-sector hands?

  • 🧱 CISA’s Secure by Design program falters amid staffing cuts; private sector urged to carry the torch. (Published on 4/28/2025, CSO Online). Read More

  • 🧬 DARPA and other federal agencies highlight obstacles in protecting critical infrastructure. (Published on 4/30/2025, Dark Reading). Read More


🔎 Secrets & Exposures
Data leaks and misconfigurations continue to expose sensitive information at scale.

  • 🧠 Hackers intensify scanning for leaked Git tokens and secrets to breach cloud services. (Published on 4/29/2025, BleepingComputer). Read More

  • 🗃️ TicketToCash left 200GB of user data exposed due to a misconfigured database. (Published on 5/1/2025, Hackread). Read More


💡 AI, Authentication, and Corporate Shifts
AI’s coding rise and passwordless authentication are transforming tech infrastructures.

  • 🤖 Microsoft CEO says AI writes up to 30% of company code internally. (Published on 4/30/2025, TechCrunch). Read More

  • 🔑 Microsoft enables passkeys by default for all new accounts, going fully passwordless. (Published on 5/2/2025, The Hacker News). Read More


⚖️ Compliance and Settlements
Cybersecurity missteps come with a price — and for some, that price is steep.

  • 💸 Raytheon and Nightwing to pay $8.4 million to settle cybersecurity failure allegations. (Published on 5/2/2025, SecurityWeek). Read More

🛰️ The New Cyber Frontier
Even the final frontier isn’t immune to hacking risks.

  • 🚀 Hacking space assets is more feasible than you’d think, say experts at RSAC 2025. (Published on 4/29/2025, Dark Reading). Read More

Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!