šŸ›”ļø Weekly Cyber Update ā€“ May 12ā€“18, 2025: Breaches, Fines & Deepfake Threats

Community Center Cybersecurity News
, , , , ,
1

:shield: Weekly Cyber Update ā€“ May 12ā€“18, 2025: Breaches, Fines & Deepfake Threats

This weekā€™s update spans May 12ā€“18, 2025, delivering 20 must-know cybersecurity stories. For everyone, weā€™ve got breaches, scams, and simple safety tips. For pros, dive into zero-days, botnets, and supply chain threats with technical twists. Plus, handy tools and questions to keep you in the gameā€”letā€™s dive in!

Cybersecurity for Everyone

Your online lifeā€™s at risk this week! Ascension and Pearson breaches, Googleā€™s $1.4B fine, and fake AI apps target health, education, and wallets. Secure accounts and dodge scams with our simple safety tips.

:police_car_light: Top Stories

1. Ascension Health Breach Hits Over 430,000 Patients :hospital:

  • Summary: Hackers broke into Ascension Health, leaking personal and medical details of over 430,000 patients.
  • Why it matters: If youā€™re a patient, check your medical records for errors and add two-factor authentication to your health accounts.
  • :link: Read more

2. Google Fined $1.4 Billion for Tracking :round_pushpin:

  • Summary: Google shelled out $1.4 billion to Texas after secretly tracking usersā€™ locations and storing face data.
  • Why it matters: Open your Google privacy settings and limit what you shareā€”less data, less risk!
  • :link: Read more

3. Fake AI Video Tools Spread Malware :movie_camera:

  • Summary: Scammers tricked people with fake AI video apps that installed malware to steal info.
  • Why it matters: Stick to trusted app stores like Google Play or the App Storeā€”avoid sketchy downloads.
  • :link: Read more

4. iClicker Hack Targets Students :graduation_cap:

  • Summary: Hackers used fake CAPTCHAs on iClickerā€™s site to trick students into downloading malware.
  • Why it matters: Beware odd pop-upsā€”check a siteā€™s security before clicking anything weird.
  • :link: Read more

5. Pearson Education Data Stolen :books:

  • Summary: A cyberattack nabbed customer data from Pearson, the big education company.
  • Why it matters: If you use Pearson, watch your accounts for odd activity and change your passwords.
  • :link: Read more

6. LockBit Hackers Get Hacked :unlocked:

  • Summary: The LockBit gangā€™s site got breached, spilling victim chats and payment secrets.
  • Why it matters: Even crooks get hit! Use strong, unique passwords to stay out of ransomware messes.
  • :link: Read more

7. Insight Partners Breach Exposes Investors :briefcase:

  • Summary: A cyberattack on Insight Partners stole employee and investor data from the VC firm.
  • Why it matters: If youā€™re connected, watch out for phishing emails using that stolen info.
  • :link: Read more

8. PowerSchool Extortion Targets Schools :school:

  • Summary: Hackers hit PowerSchool, then demanded cash from schools using the platform.
  • Why it matters: If your school uses it, protect your details and report strange emails fast.
  • :link: Read more

9. Masimo Hit, Delays Medical Devices :factory:

  • Summary: A cyberattack on Masimo disrupted production of vital medical equipment.
  • Why it matters: If you depend on their gear, stay updatedā€”delays could affect your care.
  • :link: Read more

10. Coinbase Faces Data Breach After Extortion :money_bag:

  • Summary: Rogue staff at Coinbase leaked customer data; hackers demanded $20 million to keep quiet.
  • Why it matters: If you use Coinbase, check your account for odd changes and update security.
  • :link: Read more

Pro Insights: Advanced Cyber Threats (Advanced)

Pros and learners, itā€™s a tough week! Supply chain attacks, deepfake scams, and botnets hit solar grids, retail, and drones, exploiting Chromium and SAP flaws. Sharpen defenses with our technical tools.

:police_car_light: Top Technical Updates

1. Chinese Devices Raise Solar Security Concerns :sun:

  • Summary: Hidden cellular radios in Chinese-made power inverters at US solar farms could let attackers shut down grids remotely.
  • Why it matters: Supply chain risks are realā€”audit your hardware to block backdoors like these.
  • :link: Read more

2. FBI Warns of AI Voice Scams :studio_microphone:

  • Summary: Scammers used AI-generated texts and voice messages to impersonate US officials, targeting ex-staff.
  • Why it matters: Deepfakes are getting slickā€”use multi-factor authentication and verify callers.
  • :link: Read more

3. New Tool Disables Windows Defender :shield:

  • Summary: ā€˜Defendnotā€™ pretends to be an antivirus to trick Windows into shutting off Defender.
  • Why it matters: Keep Defender updated and monitor system tweaks to stop this sneaky bypass.
  • :link: Read more

4. Scattered Spider Targets Retail Sector :shopping_cart:

  • Summary: The group hitting UK retailers now targets US stores with social engineering and ransomware.
  • Why it matters: Retail pros, train staff on phishing and tighten access controlsā€”attacks are spiking.
  • :link: Read more

5. CISA Flags Chromium, DrayTek, SAP Flaws :clipboard:

  • Summary: The Cybersecurity and Infrastructure Security Agency listed exploited bugs in Google Chromium, DrayTek routers, and SAP NetWeaver.
  • Why it matters: Patch these fastā€”hackers are already in the wild with them.
  • :link: Read more

6. Chinese Intel Targets Laid-Off Workers :briefcase:

  • Summary: Chinaā€™s spies used fake LinkedIn job offers to recruit fired US government workers.
  • Why it matters: Insider threats soarā€”vet job offers and train staff on social engineering tricks.
  • :link: Read more

7. Pwn2Own Hackers Earn $260K :money_bag:

  • Summary: Bug hunters nabbed $260K on day one of Pwn2Own Berlin, exploiting VMware, SharePoint, and more.
  • Why it matters: Zero-days (new flaws hackers use) are liveā€”patch often and lean on threat intel.
  • :link: Read more

8. HTTPBot Botnet Hits Gaming and Tech :video_game:

  • Summary: The HTTPBot botnet slammed Chinaā€™s gaming and tech sectors with distributed denial-of-service (DDoS) attacks.
  • Why it matters: Online services, beef up DDoS defensesā€”watch traffic and scale fast.
  • :link: Read more

9. Dynamic DNS Aids Cyberattacks :globe_with_meridians:

  • Summary: Attackers use dynamic DNS to mask phishing and malware sites, slipping past blacklists.
  • Why it matters: Block shady domains and use threat intel to catch these slippery tactics.
  • :link: Read more

10. Earth Ammit Targets Drone Supply Chains :airplane:

  • Summary: China-linked Earth Ammit hit drone makers in Taiwan and South Korea via enterprise software flaws.
  • Why it matters: Supply chain attacks are risingā€”secure your vendors and patch systems now.
  • :link: Read more

:brain: Takeaway

Hackers are hitting health, wallets, and AIā€”stay one step ahead!

  • :locked: Secure health and school accounts with two-factor authentication.
  • :mobile_phone_with_arrow: Limit app downloads to trusted stores to dodge malware.
  • :man_detective: Verify calls and emails to outsmart AI fakes.

:hammer_and_wrench: Tools of the Week

  • DuckDuckGo Privacy Essentials (Everyone) ā€” A browser extension that blocks trackers, perfect for dodging Googleā€™s $1.4B fine-worthy tracking tactics.
  • Wireshark (Pros) ā€” A network analysis suite to spot rogue traffic from hidden devices like those in solar grids or botnets.

:speech_balloon: Community Questions

  • Everyone: After Googleā€™s $1.4B fine and fake AI app scams, whatā€™s your #1 privacy tweakā€”blocking trackers, using a VPN, or something else? Share your best tip!
  • Pros: With rogue solar devices and drone supply chain attacks, how are you reducing supply-chain risk in your environment this quarter? Letā€™s trade strategies!

:globe_with_meridians: Stay Connected and Secure

Want more? :bell: Join the Crushing Security newsletter for the latest news and tips: Sign up here.
Drop your thoughts belowā€”letā€™s keep the convo rolling!

:repeat_button: Suggestions

:light_bulb: Got ideas to make these updates better? Comment below, visit the feedback page, or ping Steve.