Get In Touch

Cybersecurity News Update: May 2025 – Threats, Breaches, and Innovations

As we move into May 2025, the cybersecurity landscape continues to evolve with notable shifts from April. The rise in sophisticated nation-state attacks, particularly those exploiting cloud environments and SaaS platforms, has intensified, with groups like Void Blizzard and Earth Lamia leveraging advanced phishing and vulnerability exploits. There’s also a marked increase in ransomware and info-stealer campaigns targeting AI users through SEO scams and social ads, a trend that gained traction this month. Additionally, the departure of key CISA leadership has raised concerns about weakened cyber defenses amid growing global threats. This blog post provides a global overview of the latest threats, breaches, and innovations shaping cybersecurity in May 2025.

Major Cybersecurity Threats in May 2025

The following table summarizes key threats reported this month, drawing from trusted sources like The Hacker News, CISA, and MITRE ATT&CK.

Threat Name

Description

Affected Systems

Source

LummaC2 Malware

Information stealer infiltrating networks to exfiltrate sensitive data.

Windows-based systems

FBI & CISA Advisory

Rockwell PowerMonitor 1000 Vulnerabilities

Three critical vulnerabilities (CVSS 9.8) risking device takeover and remote code execution.

Industrial control systems

Industrial Cyber

SAP NetWeaver Exploit (CVE-2025-31324)

Unauthenticated file upload vulnerability exploited by Earth Lamia for reverse shell access.

SAP NetWeaver systems

The Hacker News

ConnectWise Breach

Suspected nation-state attack targeting ScreenConnect customers.

ScreenConnect software

The Hacker News

Fake AI Installers

Ransomware and info-stealers disguised as ChatGPT and InVideo tools via SEO scams.

Business IT systems

The Hacker News

Void Blizzard Phishing

Credential phishing via fake Microsoft Entra login pages targeting NGOs.

Cloud environments

The Hacker News

ViciousTrap Honeypot

Exploited Cisco flaw (CVE-2023-20118) to hijack 5,300 routers for spying.

ASUS routers

The Hacker News

Malicious npm/VS Code Packages

Over 70 packages delivering sandbox-evasive malware to steal data and crypto.

Developer environments

The Hacker News

Ivanti EPMM Flaws

China-nexus group UNC5221 exploiting CVE-2025-4427 and CVE-2025-4428.

Ivanti EPMM software

The Hacker News

Commvault SaaS Attacks

Threat actors accessed client secrets in Microsoft 365 backup solutions.

Cloud SaaS platforms

The Hacker News

Notable Breaches in May 2025

This table highlights significant breaches reported globally, impacting organizations and critical infrastructure.

Organization

Breach Details

Impact

Source

Lorain County Courts

Cybersecurity incident shut down Common Pleas Court operations.

Court services disrupted

Cleveland.com

Victoria’s Secret

Website and store services taken offline due to a security incident.

Retail operations affected

Bleeping Computer

ConnectWise

Nation-state actors breached ScreenConnect, affecting a small number of customers.

Potential data exposure

The Hacker News

Dutch Police

Void Blizzard used pass-the-cookie attack to access employee data.

Work-related contact info stolen

The Hacker News

Multiple NGOs

Over 20 NGOs hit by Void Blizzard’s phishing campaign targeting cloud data.

Sensitive data exfiltrated

The Hacker News

Asian/Brazilian Orgs

Earth Lamia exploited SAP and SQL Server flaws since 2023.

Unauthorized system access

The Hacker News

ASUS Routers

9,000 routers compromised by ViciousTrap for a global honeypot network.

Espionage and surveillance

The Hacker News

Dior

Unknown attackers accessed customer data in a cybersecurity incident.

Customer data breach

Bleeping Computer

Various SaaS Providers

CISA warned of attacks targeting cloud apps with default configurations.

Unauthorized cloud access

The Hacker News

GitLab AI Assistant

Indirect prompt injection flaw risked malicious code injection.

Source code exposure

The Hacker News

Cybersecurity Innovations in May 2025

Innovations are critical to staying ahead of cyber threats. Here are the latest advancements reported this month.

Innovation

Description

Impact

Source

Medcrypt Platform Expansion

Enhanced cybersecurity solutions for medical devices with regulatory support.

Secure medical tech

PR Newswire

Post-Quantum Chips

Decent Cybersecurity unveiled chips to counter quantum computing threats.

Future-proof encryption

Investing.com

EU Cybersecurity Regulations

NIS2, GDPR, and Cyber Resilience Act reshape global standards.

Enhanced compliance

ASUS Pressroom

University of Cincinnati Program

Expanded virtual internships for IT and cybersecurity students.

Workforce development

TradingView

Radware Awards

Recognized Bell Canada and Presidio for innovative cybersecurity solutions.

Industry excellence

Security Brief

CrowdStrike Growth

AI-driven cybersecurity platform sees 43% stock gain in 2025.

Cloud security leadership

Yahoo Finance

Palo Alto Networks Acquisition

Acquired Protect AI for $700 million to bolster AI security.

Enhanced AI protection

The Motley Fool

Rapid7 Strategic Investments

Focus on MDR and Exposure Command for 2025 growth.

Improved threat detection

Investing.com

AWS re:Inforce 2025

Conference to promote SIEM and SOAR adoption for better threat response.

Industry collaboration

Cybersecurity Dive

CISA SaaS Security Guidance

Recommendations to secure cloud environments against attacks.

Stronger SaaS defenses

The Hacker News

APT Background Summary

Below is a summary of Advanced Persistent Threat (APT) groups mentioned in May 2025 reports, based on MITRE ATT&CK and Malpedia data.

  • Void Blizzard: A Russian-linked APT known for credential phishing and cloud data exfiltration. In May 2025, they targeted over 20 NGOs using fake Microsoft Entra login pages and executed a pass-the-cookie attack on Dutch police systems. Known for sophisticated espionage tactics.

  • Earth Lamia: A China-nexus group active since 2023, exploiting SAP NetWeaver (CVE-2025-31324) and SQL Server vulnerabilities to establish reverse shells. Targets organizations in Asia and Brazil, with updated backdoors using WebSocket communication.

  • UNC5221: Another China-linked APT exploiting Ivanti EPMM flaws (CVE-2025-4427, CVE-2025-4428) across Europe, North America, and Asia-Pacific. Focuses on cyber espionage across multiple sectors.

  • ViciousTrap: Exploited Cisco vulnerabilities (CVE-2023-20118) to compromise 5,300 routers, creating a global honeypot network for espionage. Activity traced to a single IP since March 2025.

Conclusion

May 2025 has underscored the escalating sophistication of cyber threats, from nation-state attacks to AI-targeted malware campaigns. Innovations like post-quantum cryptography and enhanced medical device security offer hope, but the loss of CISA leadership and ongoing breaches highlight the need for vigilance. Stay informed with trusted sources like The Hacker News, CISA, and Cybernews to protect your organization in this dynamic threat landscape.

VeriTech Services

True Tech Advisors – Simple solutions to complex problems. Helping businesses identify and use new and emerging technologies.
  • Consulting
  • Cloud Services
  • Risk Management
  • Training
  • Operations
Contact Info
  • 100 Grace Hopper Lane Suite 3739 Augusta, GA 30901
  • 833-233-3096
  • contact@veritech.consulting
Close

Liana Pannell

Director of Operations

Liana is a process-driven operations leader with nine years of experience in project management, technology program management, and business operations. She specializes in developing, scaling, and codifying workflows that drive efficiency, improve collaboration, and support long-term growth. Her expertise spans edtech, digital marketing solutions, and technology-driven initiatives, where she has played a key role in optimizing organizational processes and ensuring seamless execution.

With a keen eye for scalability and documentation, Liana has led initiatives that transform complex workflows into structured, repeatable, and efficient systems. She is passionate about creating well-documented frameworks that empower teams to work smarter, not harder—ensuring that operations run smoothly, even in fast-evolving environments.

Liana holds a Master of Science in Organizational Leadership with concentrations in Technology Management and Project Management from the University of Denver, as well as a Bachelor of Science from the United States Military Academy. Her strategic mindset and ability to bridge technology, operations, and leadership make her a driving force in operational excellence at VeriTech Consulting.

Close

Keri Fischer

CEO & Founder

Founder & CEO | Cybersecurity & Data Analytics Expert | SIGINT & OSINT Specialist

Keri Fischer is a highly accomplished cybersecurity, data science, and intelligence expert with over 20 years of experience in Signals Intelligence (SIGINT), Open Source Intelligence (OSINT), and cyberspace operations. A proven leader and strategist, Keri has played a pivotal role in advancing big data analytics, cyber defense, and intelligence integration within the U.S. Army Cyber Command (ARCYBER) and beyond.

As the Founder & CEO of VeriTech Consulting, Keri leverages extensive expertise in cloud computing, data analytics, DevOps, and secure cyber solutions to provide mission-critical guidance to government and defense organizations. She is also the Co-Founder of Code of Entry, a company dedicated to innovation in cybersecurity and intelligence.

Key Expertise & Accomplishments:

Cyber & Intelligence Leadership – Served as a Senior Technician at ARCYBER’s Technical Warfare Center, providing SME support on big data, OSINT, and SIGINT policies and TTPs, shaping future Army cyber operations.
Big Data & Advanced Analytics – Spearheaded ARCYBER’s Big Data Platform, enhancing cyber operations and intelligence fusion through cutting-edge data analytics.
Cybersecurity & Risk Mitigation – Excelled in identifying, assessing, and mitigating security vulnerabilities, ensuring mission-critical systems remain secure, scalable, and resilient.
Strategic Operations & Decision Support – Provided key intelligence support to Joint Force Headquarters-Cyber (JFHQ-C), Army Cyber Operations and Integration Center, and Theater Cyber Centers.
Education & Innovation – The first-ever 170A to graduate from George Mason University’s Data Analytics Engineering Master’s program, setting a new standard for data-driven military cyber operations.

Career Highlights:

🔹 Senior Data Scientist – Led groundbreaking all domain efforts in analytics, machine learning, and data-driven operational solutions.
🔹 Senior Technician, U.S. Army Cyber Command (ARCYBER) – Recognized as the #1 warrant officer in the command, driving big data analytics and cyber intelligence strategies.
🔹 Division Chief, G2 Single Source Element, ARCYBER – Directed 20+ analysts in SIGINT, OSINT, and cyber intelligence, influencing Army cyber policies and operational training.
🔹 Senior Intelligence Analyst, ARCYBER – Built the Army’s first OSINT training program, improving intelligence support for cyberspace operations.

Recognition & Leadership:

🛡️ Lauded as “the foremost expert in data analytics in the Army” by senior leadership.
📌 Key advisor to the ARCYBER Commanding General on all data science matters.
🚀 Led the development of ARCYBER’s first-ever OSINT program and cyber intelligence initiatives.

Keri Fischer is a visionary in cybersecurity, intelligence, and data science, continuously pushing the boundaries of technological innovation in defense and national security. Through her leadership at VeriTech Consulting, she remains dedicated to helping organizations navigate the complexities of emerging technologies and drive mission success in an evolving cyber landscape.

Education:

National Intelligence University Graphic

National Intelligence University

Master of Science – MS Strategic Intelligence

 – 

George Mason University Graphic

George Mason University

Master of Science – MS Data Analytics

 –