Major Incidents or Breaches

  • Coinbase Data Breach: Coinbase disclosed a breach affecting approximately 1% of its users. Cybercriminals bribed customer support agents to steal customer data, including government-issued IDs. Attackers attempted to extort $20 million, but the attempt failed.
  • Nova Scotia Power Data Breach: Nova Scotia Power confirmed a cyberattack resulting in the theft of sensitive customer data.
  • Steel Manufacturer Cyber Incident: Nucor, a major steelmaker, halted operations due to a cyber incident. Details on the nature and scope of the breach remain undisclosed.
  • Breachforums Settlement: The former administrator of Breachforums agreed to pay nearly $700,000 to settle a civil lawsuit related to a healthcare data breach.

Newly Discovered Vulnerabilities

  • Google Chrome Zero-Day: Google patched a high-severity Chrome vulnerability (with a public exploit in the wild) that enables cross-origin data leaks via Loader Referrer Policy. Emergency updates have been released.
  • Samsung MagicInfo Server (CVE-2025-4632): Threat actors are actively exploiting a patch bypass for a previously disclosed vulnerability in Samsung MagicInfo 9 Server.
  • SAP NetWeaver (CVE-2025-31324): Ongoing exploitation of a critical SAP NetWeaver vulnerability is being observed. Administrators are urged to patch immediately.
  • Windows 10 KB5058379 Update Issue: The latest Windows 10 update is triggering unexpected BitLocker recovery prompts on some devices after installation.

Notable Threat Actor Activity

  • APT28 Cyber Espionage: Russia-linked APT28 exploited a zero-day in MDaemon and other webmail servers (Roundcube, Horde, Zimbra) via XSS vulnerabilities in a global campaign (“RoundPress”) targeting government organizations.
  • Malicious npm Package: Researchers identified a malicious npm package (“os-info-checker-es6”) using Unicode steganography to hide its payload and Google Calendar links as command-and-control infrastructure.

Trends, Tools, or Tactics of Interest

  • Industrial Automation Threats: Kaspersky ICS CERT reported a continued high threat landscape for industrial automation systems in Q1 2025, with increased targeting of critical infrastructure and persistent OT security gaps.
  • Ransomware Evolution: Ransomware actors are leveraging legitimate IT tools and increasingly sophisticated tactics to evade detection and disrupt business continuity.
  • AI-Driven Voice Deepfakes: The FBI warned of ongoing voice phishing attacks against US officials using AI-generated audio deepfakes since April.
  • Anonymity Tools: Tor released Oniux, a command-line tool enabling any Linux application to route network traffic through the Tor network for enhanced anonymity.
  • Penetration Testing Practices: Industry discussion highlights the inadequacy of compliance-only penetration testing, emphasizing the need for continuous and adaptive security assessments.
  • Pwn2Own Berlin 2025: Security researchers demonstrated successful zero-day exploits against Windows 11, Red Hat Linux, Docker Desktop, and Oracle VirtualBox on the first day, earning $260,000 in rewards.

Regulatory or Policy Developments

  • Meta AI Data Use Controversy: Meta plans to use E.U. user data for AI training without explicit consent from May 27. The Austrian privacy group noyb has issued a cease-and-desist letter and is threatening a class action lawsuit if Meta proceeds.
  • Critical Infrastructure Security Warnings: Federal agencies continue to warn that OT security in critical infrastructure remains inadequate amid persistent and sophisticated cyber threats.

Artificial Intelligence Developments

  • OpenAI ChatGPT Integrations: Leaks confirm upcoming integration of Model Context Protocol (MCP), enabling ChatGPT to connect with third-party services. Additionally, a new feature will allow ChatGPT to record, transcribe, and summarize meetings, potentially increasing exposure of sensitive business communications.