Sign in Subscribe

This Month in Security: May 2025

"Phishing" by kleuske is licensed under CC BY-SA 2.0.

May was another whirlwind month for cybersecurity, characterized by a surge in actively exploited zero-day vulnerabilities, large-scale ransomware attacks, data breaches, and sophisticated malware campaigns. Artificial Intelligence (AI) also continued its expansion, proving that it can be a powerful tool for both attackers and defenders, adding complexities to an already challenging threat landscape. 

Patch Tuesday and Zero-Day Exploits

  • Microsoft’s May Patch Tuesday released 78 fixes, including five (5) actively exploited zero days (Microsoft, BleepingComputer)
  • Ivanti patched two (2) active critical Remote Code Execution (RCE) exploits, CVE-2025-4427 and CVE-2025-4428, in Endpoint Manager Mobile (Ivanti)
  • Fortinet released a patch for a RCE vulnerability in its’ FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera Systems (FortiGuard, SecurityWeekly)
  • Google issued an emergency update for several high-severity vulnerabilities in Chrome due to CVE-2025-4664 existing in the wild (Google Blog, Malwarebytes)

Notable Threats and Incidents

  • Ransomware
    • A major Ohio healthcare network, Kettering Health, suffered a system-wide outage due to a ransomware attack. This impacted over a dozen hospitals and medical facilities (Kettering Health, HIPAA Journal).
    • Peter Green Chilled, a major UK grocery distributor, was hit by ransomware. Deliveries to clients like Tesco and Sainsbury’s were affected (BBC, The Record).
    • KnowBe4 released their Municipalities Cybersecurity Report, highlighting a surge in ransomware attacks targeting state and local Government agencies (SecurityInfoWatch, KnowBe4).  
  • Data Breaches
    • A database containing 47 GB of data and over 184 million login credentials was found by security researcher Jeremiah Fowler. The logins spanned from Facebook and Instagram to numerous Government portals. The database is now offline, but it is unknown how long the database was available prior to Fowler’s discovery (TechRepublic, Bitdefender).
    • Broadcom employee data was leaked due to a two-step supply chain attack from Business Systems House (BSH) to ADP, then to Broadcom. BSH is a payroll supplier in the Middle East and partners with ADP (which Broadcom previously owned). BHS was the victim of a ransomware attack back in December, but Broadcom was not made aware that their data was involved until this month (The Register, TechRadar).
    • Coinbase was also a victim of an insider leak, affecting nearly 70,000 users (Coinbase, BleepingComputer).
  • Malware and Phishing
    • Procolored printers were found to be packaged with official print drivers infected with remote access trojans and cryptocurrency stealers (BleepingComputer, Malwarebytes).
    • A criminal group, Hazy Hawk, targeted a DNS misconfiguration in several cloud environments, including AWS and Azure, to distribute malware. Notable victims include the Centers for Disease Control and Berkeley (DarkReading, HackerNews)
    • Zscaler ThreatLabz released their 2025 phishing report, highlighting that while phishing attacks have gone down in the U.S., they are becoming increasingly more sophisticated with the use of AI (HackerNews, Zscaler).

Policy and Framework Updates

  • Nations are now seeking alternatives to U.S.-based cloud providers fueled by fears that the U.S will share foreign data with their Government and the large influence that U.S.-based tech companies have. Some nations include Canada, Europe, Australia, and New Zealand (RedSeal, TechNewsToday).
  • The EU fined TikTok 530 million euros for GDPR violations related to China data transfers (Reuters, APNews).

Key Takeaways

  • Patch Promptly: Apply security updates for operating systems and applications as soon as possible. Ensuring that critical CVEs and actively exploitable vulnerabilities are prioritized.
  • Be Vigilant and Aware: Be on the lookout for phishing attempts, like fake job offers and any login that bypasses MFA. Always verify communication (Slack, MS Teams, Email, etc.) sender identities and be wary of suspicious links or attachments. Never click on a link or attachment you are unsure of. Report any suspicions to your IT department or service provider.
  • Review Access: Ensure proper access controls and credential management procedures are in place. Remove extra or unused access promptly. Apply proper and automated key rotation where applicable.
  • Monitor Supply Chains: Stay aware of risks associated with third-party software and dependencies. Ensure automatic patching or updates are enabled.
  • Reach Out: When needed, reach out to a trusted provider to review your security posture, like Cloud Security Partners. contact@cloudsecuritypartners.com