Weekly Cyber Update ā May 12ā18, 2025: Breaches, Fines & Deepfake Threats
This weekās update spans May 12ā18, 2025, delivering 20 must-know cybersecurity stories. For everyone, weāve got breaches, scams, and simple safety tips. For pros, dive into zero-days, botnets, and supply chain threats with technical twists. Plus, handy tools and questions to keep you in the gameāletās dive in!
Cybersecurity for Everyone
Your online lifeās at risk this week! Ascension and Pearson breaches, Googleās $1.4B fine, and fake AI apps target health, education, and wallets. Secure accounts and dodge scams with our simple safety tips.
Top Stories
1. Ascension Health Breach Hits Over 430,000 Patients 
- Summary: Hackers broke into Ascension Health, leaking personal and medical details of over 430,000 patients.
- Why it matters: If youāre a patient, check your medical records for errors and add two-factor authentication to your health accounts.
Read more
2. Google Fined $1.4 Billion for Tracking 
- Summary: Google shelled out $1.4 billion to Texas after secretly tracking usersā locations and storing face data.
- Why it matters: Open your Google privacy settings and limit what you shareāless data, less risk!
Read more
3. Fake AI Video Tools Spread Malware 
- Summary: Scammers tricked people with fake AI video apps that installed malware to steal info.
- Why it matters: Stick to trusted app stores like Google Play or the App Storeāavoid sketchy downloads.
Read more
4. iClicker Hack Targets Students 
- Summary: Hackers used fake CAPTCHAs on iClickerās site to trick students into downloading malware.
- Why it matters: Beware odd pop-upsācheck a siteās security before clicking anything weird.
Read more
5. Pearson Education Data Stolen 
- Summary: A cyberattack nabbed customer data from Pearson, the big education company.
- Why it matters: If you use Pearson, watch your accounts for odd activity and change your passwords.
Read more
6. LockBit Hackers Get Hacked 
- Summary: The LockBit gangās site got breached, spilling victim chats and payment secrets.
- Why it matters: Even crooks get hit! Use strong, unique passwords to stay out of ransomware messes.
Read more
7. Insight Partners Breach Exposes Investors 
- Summary: A cyberattack on Insight Partners stole employee and investor data from the VC firm.
- Why it matters: If youāre connected, watch out for phishing emails using that stolen info.
Read more
8. PowerSchool Extortion Targets Schools 
- Summary: Hackers hit PowerSchool, then demanded cash from schools using the platform.
- Why it matters: If your school uses it, protect your details and report strange emails fast.
Read more
9. Masimo Hit, Delays Medical Devices 
- Summary: A cyberattack on Masimo disrupted production of vital medical equipment.
- Why it matters: If you depend on their gear, stay updatedādelays could affect your care.
Read more
10. Coinbase Faces Data Breach After Extortion 
- Summary: Rogue staff at Coinbase leaked customer data; hackers demanded $20 million to keep quiet.
- Why it matters: If you use Coinbase, check your account for odd changes and update security.
Read more
Pro Insights: Advanced Cyber Threats (Advanced)
Pros and learners, itās a tough week! Supply chain attacks, deepfake scams, and botnets hit solar grids, retail, and drones, exploiting Chromium and SAP flaws. Sharpen defenses with our technical tools.
Top Technical Updates
1. Chinese Devices Raise Solar Security Concerns 
- Summary: Hidden cellular radios in Chinese-made power inverters at US solar farms could let attackers shut down grids remotely.
- Why it matters: Supply chain risks are realāaudit your hardware to block backdoors like these.
Read more
2. FBI Warns of AI Voice Scams 
- Summary: Scammers used AI-generated texts and voice messages to impersonate US officials, targeting ex-staff.
- Why it matters: Deepfakes are getting slickāuse multi-factor authentication and verify callers.
Read more
3. New Tool Disables Windows Defender 
- Summary: āDefendnotā pretends to be an antivirus to trick Windows into shutting off Defender.
- Why it matters: Keep Defender updated and monitor system tweaks to stop this sneaky bypass.
Read more
4. Scattered Spider Targets Retail Sector 
- Summary: The group hitting UK retailers now targets US stores with social engineering and ransomware.
- Why it matters: Retail pros, train staff on phishing and tighten access controlsāattacks are spiking.
Read more
5. CISA Flags Chromium, DrayTek, SAP Flaws 
- Summary: The Cybersecurity and Infrastructure Security Agency listed exploited bugs in Google Chromium, DrayTek routers, and SAP NetWeaver.
- Why it matters: Patch these fastāhackers are already in the wild with them.
Read more
6. Chinese Intel Targets Laid-Off Workers 
- Summary: Chinaās spies used fake LinkedIn job offers to recruit fired US government workers.
- Why it matters: Insider threats soarāvet job offers and train staff on social engineering tricks.
Read more
7. Pwn2Own Hackers Earn $260K 
- Summary: Bug hunters nabbed $260K on day one of Pwn2Own Berlin, exploiting VMware, SharePoint, and more.
- Why it matters: Zero-days (new flaws hackers use) are liveāpatch often and lean on threat intel.
Read more
8. HTTPBot Botnet Hits Gaming and Tech 
- Summary: The HTTPBot botnet slammed Chinaās gaming and tech sectors with distributed denial-of-service (DDoS) attacks.
- Why it matters: Online services, beef up DDoS defensesāwatch traffic and scale fast.
Read more
9. Dynamic DNS Aids Cyberattacks 
- Summary: Attackers use dynamic DNS to mask phishing and malware sites, slipping past blacklists.
- Why it matters: Block shady domains and use threat intel to catch these slippery tactics.
Read more
10. Earth Ammit Targets Drone Supply Chains 
- Summary: China-linked Earth Ammit hit drone makers in Taiwan and South Korea via enterprise software flaws.
- Why it matters: Supply chain attacks are risingāsecure your vendors and patch systems now.
Read more
Takeaway
Hackers are hitting health, wallets, and AIāstay one step ahead!
Secure health and school accounts with two-factor authentication.
Limit app downloads to trusted stores to dodge malware.
Verify calls and emails to outsmart AI fakes.
Tools of the Week
- DuckDuckGo Privacy Essentials (Everyone) ā A browser extension that blocks trackers, perfect for dodging Googleās $1.4B fine-worthy tracking tactics.
- Wireshark (Pros) ā A network analysis suite to spot rogue traffic from hidden devices like those in solar grids or botnets.
Community Questions
- Everyone: After Googleās $1.4B fine and fake AI app scams, whatās your #1 privacy tweakāblocking trackers, using a VPN, or something else? Share your best tip!
- Pros: With rogue solar devices and drone supply chain attacks, how are you reducing supply-chain risk in your environment this quarter? Letās trade strategies!
Stay Connected and Secure
Want more? Join the Crushing Security newsletter for the latest news and tips: Sign up here.
Drop your thoughts belowāletās keep the convo rolling!
Suggestions
Got ideas to make these updates better? Comment below, visit the feedback page, or ping Steve.