Date: 2 June 2025
May 2025 was a busy month in the world of cybersecurity news, and not in a good way! The massive Marks and Spencer cyber attack continued to make headlines almost every other day. Read all about the new twists and turns in the M&S cybersecurity saga in our Updated Marks and Spencer Cyber Attack Timeline.
Sadly, that wasn’t all. The UK retail sector was under siege with DragonForce’s relentless rampage. Harrods, Co-Op UK, even European Christian Dior faced intense pressure with the aggressive attacks. Peter Green Chilled, which serves major retailers including Tesco, Sainsbury's, Aldi, M&S, Waitrose, Asda, Ocado, Co-op, and Morrisons, wasn’t spared either.
The Coinbase ransomware attack was nothing short of theatrical. In a bold twist, attackers bribed insiders to access internal systems and extract user information—an audacious move that triggered a dramatic response. The CEO took to X, rejecting the ransom demand and instead offering a $20 million reward to anyone who could help unmask the perpetrators.
Read all about these and other headline-grabbing cyber attacks in our exclusive May 2025 roundup of ransomware attacks, data breaches, and digital mayhem.
- Ransomware Attacks in May 2025
- Data Breaches in May 2025
- Cyber Attacks in May 2025
- New Malware and Ransomware Discovered
- Vulnerabilities Discovered and Patches Released
- Advisories issued, reports, analysis etc. in May 2025
Ransomware Attacks in May 2025
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
May 01, 2025 |
Synnovis |
Patients left in the dark months after cyber criminals leak testing lab data |
Qilin Ransomware |
More than 11 months after a ransomware group published information from a U.K. pathology services company, the affected patients still have not been informed about what data of theirs was exposed in the incident, with material about sexually transmitted infections and cancer cases being included in the leaks. |
|
|
May 01, 2025 |
Cobb County, Georgia |
Qilin announces attack on Cobb County, Georgia |
Qilin Ransomware |
On May 1, Qilin added Cobb County, Georgia to its dark web leak site. The ransomware gang claims to have acquired 150 GB of data and more than 400,000 files. They provided 16 image files as proof of their claims. Qilin threatened to release the data on May 3 if no payment is received. Cobb County announced that it had declined to pay any ransom. |
|
|
May 06, 2025 |
Peru’s government portal gob.pe. |
Peru denies it was hit by ransomware attack following Rhysida claims |
Rhysida Ransomware |
Peru’s government is denying claims that its federal digital platform was taken over by a ransomware gang that has previously attacked governments around the world as the group demanded a 5 bitcoin ransom — worth about $472,000 — and shared documents allegedly stolen from Peru’s government portal gob.pe. |
Source: The Record |
|
May 07, 2025 |
Toronto school district/PowerSchool |
Toronto school district says data not deleted after ransom was paid to hacker |
LockBit (Allegedly) |
The Toronto District School Board (TDSB) told parents and staff that it was sent an extortion letter even after a hacker was paid off by the ed tech giant PowerSchool to prevent the leak of sensitive data. PowerSchool provides student information systems (SIS) to K-12 schools including those in the Toronto school district. |
Source: The Record |
|
May 20, 2025 |
Kettering Health |
Kettering Health hit by system-wide outage after ransomware attack |
Interlock |
Kettering Health, a healthcare network that operates 14 medical centers in Ohio, was forced to cancel inpatient and outpatient procedures following a cyberattack that caused a system-wide technology outage. |
|
|
May 20, 2025 |
The logistics company Peter Green Chilled |
Ransomware attack hits supplier of refrigerated groceries to British supermarkets |
Apparently Scattered Spider |
The logistics company Peter Green Chilled announced being hit by a ransomware attack that is disrupting supplies of refrigerated goods to some of the country’s largest supermarkets, according to reports. |
Source: The Record |
|
May 22, 2025 |
Coca-Cola |
Coca-Cola ignores ransom demand, hackers dump employee data |
Everest ransomware |
After an alleged ransomware attack, hackers have publicly released Coca-Cola’s internal data. Coca-Cola’s name showed up on a dark web leak site run by the Everest ransomware gang on May 22nd. The hackers claimed they’d swiped personal data from 959 employees, most tied to Coca-Cola’s Middle East distributor. |
|
|
May 26, 2025 |
MATLAB |
MATLAB dev confirms ransomware attack behind service outage |
Unknown |
MathWorks, a leading developer of mathematical computing and simulation software, has revealed that a recent ransomware attack is behind an ongoing service outage. |
Source: Bleeping Computer |
|
May 27, 2025 |
Sheboygan, Wisconsin |
Nearly 70,000 impacted by ransomware attack on Sheboygan, Wisconsin |
Chort ransomware |
The Wisconsin city of Sheboygan warned around 67,000 people that a ransomware attack in October gave hackers access to their personal information. |
Source: The Record |
|
May 29, 2025 |
ConnectWise |
ConnectWise breached in cyberattack linked to nation-state hackers |
Unknown |
IT management software firm ConnectWise said a suspected state-sponsored cyber attack breached its environment and impacted a limited number of ScreenConnect customers. |
Source: Bleeping Computer |
Data Breaches in May 2025
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
May 01, 2025 |
Ascension |
Healthcare group Ascension discloses second cyber attack on patients' data |
Unknown |
Ascension Health informed some of its patients, potentially for the second time in the space of a year, that their medical data was compromised during a major cyber attack. The company said one of its former business partners, with which the company shared some patient medical data (about 430,000), was ransacked by criminals that exploited a vulnerability in some third-party software. |
|
|
May 01, 2025 |
Barnstable County Sheriff’s Office |
Barnstable County Sheriff’s Office Employee On Leave, Suspected In Data Breach |
Insider Threat (Suspected) |
An employee with the Barnstable County Sheriff’s Office (BCSO) has been placed on leave for allegedly leaking personal information via a breach of data on over 100 former and one current employee. The sheriff’s office said that the leaked information included names, home addresses, and Social Security numbers. |
|
|
May 01, 2025 |
Oracle Health Outage |
45 CHS hospitals were affected by the Oracle Health outage |
Human Error |
Reportedly all resolved now, on April 25, Becker’s Hospital Review reported that 45 hospitals affiliated with Franklin, Tenn.-based Community Health Systems were experiencing IT outages after data storage linked to their Oracle Health EHRs was accidentally deleted. The hospitals have reverted to paper for patient records, with the issue expected to be resolved by the evening of April 28. Oracle Health engineers mistakenly deleted the storage while conducting maintenance work at one of their data centers. |
Source: DataBreaches.net |
|
May 02, 2025 |
Co-op UK |
Co-op cyber attack affects customer data, firm admits, after hackers contact the BBC |
DragonForce |
Hackers said they had infiltrated IT networks and stolen huge amounts of customer and employee data as a Co-op spokesperson said the hackers "accessed data relating to a significant number of our current and past members". The cyber criminals claim to have the private information of 20 million people who signed up to Co-op's membership scheme, but the firm would not confirm that number. |
Source: The BBC |
|
May 02, 2025 |
Emera Power |
Nova Scotia Power Says Hackers Stole Customer Information |
Unknown |
Emera reported earlier this week that on April 25 they detected unauthorised access to parts of their Canadian network and servers used for business applications. The impacted servers were shut down and isolated in response to the hack, which resulted in the disruption of customer phone lines and online services. However, the power company said there was no disruption to physical operations. |
|
|
May 02, 2025 |
Harrods |
Harrods the next UK retailer targeted in a cyber attack |
DragonForce (Allegedly) |
In a statement, Harrods said threat actors recently attempted to hack into their systems, causing the company to restrict access to sites. |
Source: Bleeping Computer |
|
May 02, 2025 |
Star Health Insurance |
Hacker hired Telangana man to courier threats to Star Health Insurance MD |
Xenzen |
The case of breach of data of 3.1 crore customers of the Chennai-headquartered Star Health Insurance has taken a fresh turn with its MD Anand Roy, his wife Akhila Shetty Roy and CFO Nilesh Kambli allegedly getting threat messages delivered via courier from Hyderabad. A probe by the TN cyber crime wing has found that the hacker known by his online identity ‘Xenzen’, who had released the data in public domain in September 2024, had hired a Hyderabad-based youth to send threats to the company’s officials in February 2025. |
|
|
May 02, 2025 |
Dating app Raw |
Dating app Raw exposed users’ location data and personal information |
Unknown |
A security lapse at dating app Raw publicly exposed the personal data and private location data of its users as the exposed data included users’ display names, dates of birth, dating and sexual preferences associated with the Raw app, as well as users’ locations. Some of the location data included coordinates that were specific enough to locate Raw app users with street-level accuracy. |
|
|
May 02, 2025 |
Saskatoon children's hospital |
Saskatoon children's hospital nurse unlawfully snooped on records of 314 patients: privacy report |
Insider Threat |
Without legal authority, a nurse who worked at Saskatoon’s Jim Pattison Children’s Hospital snooped on the private medical records of 314 patients, according to a recent report. The report stated that a registered nurse (RN) who was employed in the maternity department accessed the records for reasons “unrelated to patient care.” |
Source: Yahoo.com |
|
May 06, 2025 |
UK Legal Aid Agency |
UK Legal Aid Agency investigates cybersecurity incident |
Unknown |
The Legal Aid Agency (LAA), an executive agency of the UK's Ministry of Justice that oversees billions in legal funding, warned law firms of a security incident and said the attackers might have accessed financial information. |
|
|
May 06, 2025 |
Masimo |
Medical device maker Masimo warns of cyber attack, manufacturing delays |
Unknown |
Medical device company Masimo Corporation warned that a cyber attack is impacting production operations and causing delays in fulfilling customers' orders. |
Source: Bleeping Computer |
|
May 06, 2025 |
iHeartRadio |
Multiple iHeartRadio stations breached in December |
Unknown |
Several radio stations owned by iHeartMedia were breached in December, exposing Social Security numbers, financial information and other personal details. |
Source: The Record |
|
May 07, 2025 |
Insight Partners |
VC giant Insight Partners confirms investor data stolen in breach |
Unknown |
Venture capital firm Insight Partners has confirmed that sensitive data for employees and limited partners was stolen in a January 2025 cyberattack. |
Source: Bleeping Computer |
|
May 08, 2025 |
Pearson |
Education giant Pearson hit by cyber attack exposing customer data |
Unknown |
Education giant Pearson suffered a cyber attack, allowing threat actors to steal corporate data and customer information. Pearson confirmed they suffered a cyber attack and that data was stolen, but stated it was mostly "legacy data." |
Source: Bleeping Computer |
|
May 13, 2025 |
Marks & Spencer |
Marks & Spencer confirms customer data stolen in cyber attack |
DragonForce/Scattered Spider |
British retailer Marks and Spencer (M&S) announced that it was writing to customers to confirm their personal data had been compromised in a recent and massive cyber attack. |
|
|
May 14, 2025 |
Nova Scotia Power |
Nova Scotia Power says customer banking details may have been stolen by hackers |
Unknown |
Nova Scotia’s largest electric utility, Emera said that hackers stole sensitive information from customers in a recent cyber attack. The company discovered on April 25 that an intruder had gained access to parts of its network, prompting the companies to isolate the affected servers. |
Source: The Record |
|
May 14, 2025 |
Coinbase |
Coinbase offers $20 million bounty after extortion attempt with stolen data |
Unknown hackers |
Coinbase said in a regulatory filing with the Securities and Exchange Commission (SEC) that an “unknown threat actor” emailed a demand on May 11 for $20 million, threatening to publish stolen data about Coinbase customers and other company information. “We said no,” Coinbase said Thursday in a blog post explaining the incident. “Criminals targeted our customer support agents overseas. They used cash offers to convince a small group of insiders to copy data in our customer support tools for less than 1% of Coinbase monthly transacting users,” the blog post said. “Their aim was to gather a customer list they could contact while pretending to be Coinbase—tricking people into handing over their crypto.” |
|
|
May 14, 2025 |
Australian Human Rights Commission |
Australian Human Rights Commission leaks docs to search engines |
Unknown |
The Australian Human Rights Commission (AHRC) disclosed a data breach incident where private documents leaked online and were indexed by major search engines. Many of the hundreds of documents exposed online contained private, sensitive information, like names, contact information, health details, schooling, religion, employment info, and photographs. |
|
|
May 26, 2025 |
Adidas |
Adidas warns of data breach after customer service provider hack |
Unknown |
German sportswear giant Adidas disclosed a data breach after attackers hacked a customer service provider and stole some customers' data. |
Source: Bleeping Computer |
|
May 28, 2025 |
LexisNexis |
Data broker LexisNexis discloses data breach affecting 364,000 people |
Unknown |
Data broker giant LexisNexis Risk Solutions, a Georgia-based American data analytics company, has revealed that attackers stole the personal information of over 364,000 individuals in a December breach. |
Source: Bleeping Computer |
Cyber Attacks in May 2025
|
Date |
Victim |
Summary |
Threat Actor |
Business Impact |
Source Link |
|
May 01, 2025 |
Commvault |
Commvault Shares IoCs After Zero-Day Attack Hits Azure Environment |
Unknown |
Commvault has shared indicators of compromise (IoCs) associated with the exploitation of a vulnerability-CVE-2025-3928 (CVSS score of 8.7) recently added to CISA’s Known Exploited Vulnerabilities (KEV) catalogue. Commvault is investigating recent Azure environment activity by a nation-state threat actor affecting a small number of shared customers with Microsoft. Notified authorities and impacted customers are receiving assistance. Commvault has implemented stronger monitoring and key rotation measures post-attack. |
Source: Security Week |
|
May 01, 2025 |
Bartlesville School |
Cyber attack shuts down Bartlesville School network, state testing postponed |
Unknown |
A network security incident crippled Bartlesville Public Schools' internet systems, forcing the district to cancel state testing and prompted an investigation into the scope of the breach. |
|
|
May 02, 2025 |
Magento |
Magento supply chain attack compromises hundreds of e-stores |
Unknown |
A supply chain attack involving 21 backdoored Magento extensions has compromised between 500 and 1,000 e-commerce stores, including one belonging to a $40 billion multinational. Sansec researchers who discovered the attack report that some extensions were backdoored as far back as 2019, but the malicious code was only activated in April 2025. |
Source: Bleeping Computer |
|
May 05, 2025 |
Georgia school district, New Mexico, and New Mexico university |
Hackers launch ‘serious’ attacks against Georgia school district, New Mexico university |
Unknown |
Multiple school districts and a university in New Mexico are currently suffering from cyber attacks causing operational issues for thousands of students as Georgia’s Coweta County School System said it experienced a cyber attack that will impact its 23,000 students across 29 K-12 schools. Western New Mexico University has struggled for weeks with the cyber attack that took down its website and forced officials to provide alternative services to students and administrators. |
Source: The Record |
|
May 07, 2025 |
South African Airways |
South African Airways says cyber attack disrupted operational systems |
Unknown |
South Africa’s state-owned airline said a cyber attack temporarily disrupted its website and several internal operational systems as South African Airways (SAA) said the attack also affected its mobile application but noted the IT team was able to contain the incident and “minimise disruption to core flight operations.” |
Source: The Record |
|
May 07, 2025 |
PowerSchool |
Despite ransom payment, PowerSchool hacker now extorting individual school districts |
Unknown |
PowerSchool that was hacked in December said that the same threat actor is now attempting to use the stolen data to extort the individual school districts that it works with as Four school boards were contacted with the extortion requests, according to a source familiar with the investigation. |
Source: The Record |
|
May 08, 2025 |
Japan’s Financial Services Agency (FSA) |
Hackers hijack Japanese financial accounts to conduct nearly $2 billion in trades |
Unknown |
Japan’s Financial Services Agency (FSA) reported an explosion of unauthorised stock market trades in April — with almost $2 billion in funds moved by hackers. The FSA provided updated figures for last month after initially warning that there had been a “sharp increase in the number of cases of unauthorised access and unauthorised trading” through online trading services in the first three months of 2025. |
Source: The Record |
|
May 10, 2025 |
iClicker |
iClicker site hack targeted students with malware via fake CAPTCHA |
Unknown |
The website of iClicker, a popular student engagement platform, was compromised in a ClickFix attack that used a fake CAPTCHA prompt to trick students and instructors into installing malware on their devices. |
Source: Bleeping Computer |
|
May 11, 2025 |
Global Crossing Airlines Group |
Airline carrying out deportation flights confirms cyber attack to SEC |
Anonymous |
An airline involved in deportation flights on behalf of the Trump administration confirmed reports of a cybersecurity incident with the U.S. Securities and Exchange Commission (SEC). Global Crossing Airlines Group said a cyber attack on May 5 gave hackers access to “systems supporting portions of its business applications.” The filing with the SEC confirms reporting from the news outlet 404 Media, which was contacted by a hacker with information allegedly stolen from the company about ICE deportation flights. |
Source: The Record |
|
May 12, 2025 |
Alabama government |
Alabama says ‘cybersecurity event’ could disrupt state government services |
Unknown |
Alabama’s government faced a cybersecurity event that caused disruptions to government website access or other communications. |
Source: The Record |
|
May 13, 2025 |
Ukrainian government |
North Korean hackers target Ukrainian government in new espionage campaign |
The group, tracked as TA406 |
North Korean state-backed hackers have targeted Ukrainian government entities in a new espionage campaign, likely aimed at gathering intelligence on Russia’s war efforts, researchers have found. |
Source: The Record |
|
May 13, 2025 |
Steel company Nucor |
Cybersecurity incident forces largest US steelmaker to take some operations offline |
Unknown |
North Carolina-based steel company Nucor said it temporarily halted production operations at some locations because of a recent cybersecurity incident and is working to restart them. |
Source: The Record |
|
May 14, 2025 |
Lecardo Clinic |
Russian hospital faces multi-day shutdown as pro-Ukraine group claims cyber attack |
Hacker group 4B1D |
A private hospital in the Russian republic of Chuvashia experienced a multi-day disruption this week likely linked to a cyber attack claimed by a pro-Ukraine hacker group as Lecardo Clinic announced a "technical failure" that led to a three-day shutdown of its operations. |
Source: The Record |
|
May 19, 2025 |
Arla Foods |
Arla Foods confirms cyber attack disrupts production, causes delays |
Unknown |
Arla Foods has confirmed that it was targeted by a cyber attack that has disrupted its production operations. It clarified that the attack only affected its production unit in Upahl, Germany, though it expects this will result in product delivery delays or even cancellations. |
Source: Bleeping Computer |
|
May 20, 2025 |
Cellcom |
Mobile carrier Cellcom confirms cyber attack behind extended outages |
Unknown |
Wisconsin wireless provider Cellcom has confirmed that a cyber attack is responsible for the widespread service outage and disruptions that began on the evening of May 14, 2025. The incident disrupted voice and SMS services for customers across Wisconsin and Upper Michigan, leaving subscribers unable to make phone calls or send text messages. |
Source: Bleeping Computer |
|
May 22, 2025 |
Cetus Protocol |
Hacker steals $223 million in Cetus Protocol cryptocurrency heist |
Unknown |
The decentralised exchange Cetus Protocol announced that hackers have stolen $223 million in cryptocurrency and that it is offering a deal to stop all legal action if the funds are returned. |
Source: Bleeping Computer |
|
May 27, 2025 |
SimpleHelp |
DragonForce ransomware abuses SimpleHelp in MSP supply chain attack |
DragonForce |
The DragonForce ransomware operation successfully breached a managed service provider and used its SimpleHelp remote monitoring and management (RMM) platform to steal data and deploy encryptors on downstream customers' systems. It is believed that the threat actors exploited a chain of older SimpleHelp vulnerabilities tracked as CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726 to breach the system. |
Source: Bleeping Computer |
|
May 28, 2025 |
Victoria’s Secret |
Victoria’s Secret takes down website after security incident |
Unknown |
Fashion giant Victoria's Secret took down its website and some store services due to an ongoing security incident. |
Source: Bleeping Computer |
|
May 30, 2025 |
Russian Internet Service provider ASVT |
DDoS incident disrupts internet for thousands in Moscow |
Unknown |
Tens of thousands of people in Moscow and nearby areas lost internet access for several days after a major DDoS attack targeted the Russian Internet Service provider ASVT — an incident the company called one of the most severe of the year. |
Source: The Record |
|
May 28, 2025 |
Cork Protocol |
More than $12 million stolen from crypto platform Cork Protocol |
Unknown |
Hackers stole more than $12 million worth of cryptocurrency from the decentralised finance (DeFi) platform Cork Protocol in a cyber attack. |
Source: The Record |
|
May 31, 2025 |
Catholic healthcare organisation: St. Joseph Hospital and St. Mary’s Health System and St. Joseph Hospital. |
Hospitals in Maine, New Hampshire limit services after cyber attack on Catholic health organisation |
Unknown |
Three hospitals run by Catholic healthcare organisation Covenant Health are dealing with a cyber attack that forced the facilities to shut off all access to data systems. A spokesperson for Covenant Health confirmed that a cyber attack impacted two hospitals in Maine — St. Joseph Hospital and St. Mary’s Health System — and one in New Hampshire, which is also called St. Joseph Hospital. |
Source: The Record |
New Ransomware/Malware Discovered in May 2025
|
New Ransomware |
Summary |
|
"Bring Your Own Installer" EDR bypass technique |
A new "Bring Your Own Installer" EDR bypass technique is being exploited in attacks to bypass SentinelOne's tamper protection feature, allowing threat actors to disable endpoint detection and response (EDR) agents to install the Babuk ransomware. |
|
Second version of StealC, 2.2.4 |
The creators of StealC, a widely-used information stealer and malware downloader, have released its second major version, bringing multiple stealth and data theft enhancements. |
|
New phishing kit called 'CoGUI' |
A new phishing kit named 'CoGUI' sent over 580 million emails to targets between January and April 2025, aiming to steal account credentials and payment data as the messages impersonate major brands like Amazon, Rakuten, PayPal, Apple, tax agencies, and banks. |
|
A botnet malware named PumaBot |
A newly discovered Go-based Linux botnet malware named PumaBot is brute-forcing SSH credentials on embedded IoT devices to deploy malicious payloads. |
|
A new remote access trojan (RAT) named NodeSnake |
The Interlock ransomware gang is deploying a previously undocumented remote access trojan (RAT) named NodeSnake against educational institutes for persistent access to corporate networks. |
Sources for the above table: Bleeping Computer and Recorded Future News
Vulnerabilities Discovered & Patches Released in May 2025
|
Date |
New Flaws/Fixes |
Summary |
|
May 02, 2025 |
EX1064599 |
Microsoft has resolved an issue with a machine learning model that mistakenly flagged emails from Gmail accounts as spam in Exchange Online. |
|
May 06, 2025 |
CVE-2025-3248 |
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has tagged a Langflow remote code execution vulnerability as actively exploited, urging organisations to apply security updates and mitigations as soon as possible. |
|
May 06, 2025 |
CVE-2024-7399 |
Hackers are exploiting an unauthenticated remote code execution (RCE) vulnerability in the Samsung MagicINFO 9 Server to hijack devices and deploy malware. |
|
May 06, 2025 |
CVE-2025-30065 |
A proof-of-concept exploit tool has been publicly released for a maximum severity Apache Parquet vulnerability, making it easy to find vulnerable servers. |
|
May 07, 2025 |
CVE-2025-29824 |
The Play ransomware gang has exploited a high-severity Windows Common Log File System flaw in zero-day attacks to gain SYSTEM privileges and deploy malware on compromised systems. |
|
May 07, 2025 |
CVE-2025-27007 |
Hackers are exploiting a critical unauthenticated privilege escalation vulnerability in the OttoKit WordPress plugin to create rogue admin accounts on targeted sites. |
|
May 08, 2025 |
CVE-2025-20188 |
Cisco has fixed a maximum severity flaw in IOS XE Software for Wireless LAN Controllers by a hard-coded JSON Web Token (JWT) that allows an unauthenticated remote attacker to take over devices. |
|
May 12, 2025 |
CVE-2025-27920 |
A Türkiye-backed cyberespionage group exploited a zero-day vulnerability to attack Output Messenger users linked to the Kurdish military in Iraq. |
|
May 12, 2025 |
CVE-2025-3462 and CVE-2025-3463 |
The ASUS DriverHub driver management utility was vulnerable to a critical remote code execution flaw that allowed malicious sites to execute commands on devices with the software installed. |
|
May 14, 2025 |
CVE-2025-31324 |
Ransomware gangs have joined ongoing SAP NetWeaver attacks, exploiting a maximum-severity vulnerability that allows threat actors to gain remote code execution on vulnerable servers. |
|
May 16, 2025 |
CVE-2025-4664 |
CISA warned U.S. federal agencies to secure their systems against ongoing attacks exploiting a high-severity vulnerability in the Chrome web browser. |
|
May 22, 2025 |
CVE-2025-4428 |
Chinese hackers have been exploiting a remote code execution flaw in Ivanti Endpoint Manager Mobile (EPMM) to breach high-profile organizations worldwide. |
|
May 22, 2025 |
CVE-2025-0994 |
Chinese-speaking hackers have exploited a now-patched Trimble Cityworks zero-day to breach multiple local governing bodies across the United States. |
|
May 22, 2025 |
CVE-2025-34027, CVE-2025-34026, CVE-2025-34025 |
Critical vulnerabilities in Versa Concerto that are still unpatched could allow remote attackers to bypass authentication and execute arbitrary code on affected systems. |
Source for the above table: Bleeping Computer
Warnings/Advisories/Reports/Analysis
|
Date |
New Flaws/Fixes |
Summary |
|
May 02, 2025 |
EX1064599 |
Microsoft has resolved an issue with a machine learning model that mistakenly flagged emails from Gmail accounts as spam in Exchange Online. |
|
May 06, 2025 |
CVE-2025-3248 |
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has tagged a Langflow remote code execution vulnerability as actively exploited, urging organisations to apply security updates and mitigations as soon as possible. |
|
May 06, 2025 |
CVE-2024-7399 |
Hackers are exploiting an unauthenticated remote code execution (RCE) vulnerability in the Samsung MagicINFO 9 Server to hijack devices and deploy malware. |
|
May 06, 2025 |
CVE-2025-30065 |
A proof-of-concept exploit tool has been publicly released for a maximum severity Apache Parquet vulnerability, making it easy to find vulnerable servers. |
|
May 07, 2025 |
CVE-2025-29824 |
The Play ransomware gang has exploited a high-severity Windows Common Log File System flaw in zero-day attacks to gain SYSTEM privileges and deploy malware on compromised systems. |
|
May 07, 2025 |
CVE-2025-27007 |
Hackers are exploiting a critical unauthenticated privilege escalation vulnerability in the OttoKit WordPress plugin to create rogue admin accounts on targeted sites. |
|
May 08, 2025 |
CVE-2025-20188 |
Cisco has fixed a maximum severity flaw in IOS XE Software for Wireless LAN Controllers by a hard-coded JSON Web Token (JWT) that allows an unauthenticated remote attacker to take over devices. |
|
May 12, 2025 |
CVE-2025-27920 |
A Türkiye-backed cyberespionage group exploited a zero-day vulnerability to attack Output Messenger users linked to the Kurdish military in Iraq. |
|
May 12, 2025 |
CVE-2025-3462 and CVE-2025-3463 |
The ASUS DriverHub driver management utility was vulnerable to a critical remote code execution flaw that allowed malicious sites to execute commands on devices with the software installed. |
|
May 14, 2025 |
CVE-2025-31324 |
Ransomware gangs have joined ongoing SAP NetWeaver attacks, exploiting a maximum-severity vulnerability that allows threat actors to gain remote code execution on vulnerable servers. |
|
May 16, 2025 |
CVE-2025-4664 |
CISA warned U.S. federal agencies to secure their systems against ongoing attacks exploiting a high-severity vulnerability in the Chrome web browser. |
|
May 22, 2025 |
CVE-2025-4428 |
Chinese hackers have been exploiting a remote code execution flaw in Ivanti Endpoint Manager Mobile (EPMM) to breach high-profile organisations worldwide. |
|
May 22, 2025 |
CVE-2025-0994 |
Chinese-speaking hackers have exploited a now-patched Trimble Cityworks zero-day to breach multiple local governing bodies across the United States. |
|
May 22, 2025 |
CVE-2025-34027, CVE-2025-34026, CVE-2025-34025 |
Critical vulnerabilities in Versa Concerto that are still unpatched could allow remote attackers to bypass authentication and execute arbitrary code on affected systems. |
Sources: Bleeping Computer, Recorded Future News, BloombergLaw, Databreaches.net
