Qilin Ransomware Tops April 2025 with 72 Data Breach Disclosures

In April 2025, the Qilin ransomware was ranked first with 72 disclosures of data leaks. In November 2024, malicious actors linked to Qilin used the SmokeLoader malware as well as a previously undocumented .NET compiled loader named NETXLOADER as part of a campaign. NETXLOADER is a new .NET-based loader that plays a crucial role in cyberattacks. Researchers from Trend Micro, Jacob Santos, Raymart Yambot, John Rainier Navato, and Sarah Pearl, have documented these observations.