skip to main content
4.7/5
Customers rate us on G2
See our reviews on G2.

Reflecting on the Q1 Threat Landscape: Attacks & Lessons Learned

CategoryHuman Risk Management
Platform Icon
ByThe CultureAI Team
Date
Read time
Back to Blog

As a human risk management platform, we keep a close eye on the evolving threat landscape to help organisations detect and mitigate human cyber risks.

The first quarter of 2025 has already revealed critical vulnerabilities, data breaches, and novel attack vectors that highlight the importance of proactive security measures and automated interventions.

Here’s a deep dive into the major cyber security events of Q1 and what forward-thinking organisations, like yours, can learn from them.

DeepSeek’s Rapid Adoption: A Security Nightmare

The release of the open-source DeepSeekR1 models was met with overwhelming enthusiasm, propelling them to the top of Google and Apple’s app charts. However, this rapid adoption came with significant security concerns:

  • Privacy risks surged as the model's widespread availability raised alarms about potential misuse and misinformation.

  • A major security lapse was uncovered when DeepSeek’s database, containing chat histories, secret keys, and backend details, was found to be exposed online. The lack of authentication controls meant bad actors could gain full access to sensitive information, exposing organisations and individuals to severe risks.

Our Lead Security Researcher, Oliver Simonnet, produced a full investigation into this AI tool. Read his findings here.

OmniGPT Data Breach: The Dangers of AI Data Sharing

The cyber risks of AI platforms became even more evident with the massive OmniGPT data breach. Over 34 million user chat messages were exposed, containing sensitive details such as account names, phone numbers, files, and credentials. This breach serves as a stark reminder that:

  • Users often share confidential data with AI tools without considering the security implications.

  • AI platforms must prioritise end-to-end encryption and data anonymisation to prevent unauthorised access.

This incident served as an additional reminder that users share confidential data and credentials with AI platforms.

Malvertising Targets Homebrew/MacOS Users

Cybercriminals continued to leverage malvertising—the practice of injecting malicious ads into legitimate advertising networks—to target MacOS users. A fake Homebrew website promoted through Google Ads led users to download the Atomic MacOS Info Stealer, compromising their devices.

This attack demonstrated the continued importance of verifying the authenticity of software sources and not trusting arbitrary code online.

Read our full case study on this attack here.

Fake CAPTCHA Attacks Surge

Phishing attacks continued to deceive with the use of fake CAPTCHAs to trick users into installing the Lumma Stealer malware. This method exploits the trust users place in CAPTCHA verification, making it a particularly effective tactic.

This emphasises the need for vigilance when encountering unexpected CAPTCHA verifications, as well as the continued effectiveness of the strategy on unsuspecting users.

The Path Forward: Protect Against Human Vulnerabilities

These recent security incidents reinforce the need for organisations to stay ahead of emerging threats. That’s why we’ve developed our Human Threat Map framework, designed to track the techniques attackers are using to exploit human vulnerabilities. By providing real-world examples and risk analysis, it empowers security teams to identify, address, and mitigate threats before they escalate.

As threats grow more sophisticated, organisations must move beyond traditional security awareness training and adopt automated, proactive risk mitigation strategies.

By leveraging advanced human risk management solutions, businesses can reduce their exposure to cyber threats while empowering employees to be the first line of defence.

With Human Risk Management, organisations can:

  • Detect human cyber risks in real-time by analysing employee behaviours and identifying potential security lapses.

  • Automate interventions to prevent data breaches, phishing attacks, and credential leaks before they escalate.

  • Continuously adapt to the evolving threat landscape, ensuring security measures are always up to date.