Hacktavists Hit Trump Admin. Scams to Avoid. NSO Group Loses Lawsuit. Las Vegas Hackers Back.
Cybersecurity News of the Week & Patch Report, May 11, 2025
This week's essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate.
Section 1: Top of the News
Hacktavists take aim at Trump Admin.
GlobalX, Airline for Trump’s Deportations, Hacked: Hackers say they have obtained what they say are passenger lists for GlobalX flights from January to this month. The data appears to include people who have been deported. … The data, which the hackers contacted 404 Media and other journalists about unprompted, could provide granular insight into who exactly has been deported on GlobalX flights, when, and to where, with GlobalX being the charter company that facilitated the deportation of hundreds of Venezuelans to El Salvador. … “Anonymous has decided to enforce the Judge's order since you and your sycophant staff ignore lawful orders that go against your fascist plans,” a defacement message posted to GlobalX’s website reads. Anonymous, well-known for its use of the Guy Fawkes mask, is an umbrella some hackers operate under when performing what they see as hacktivism.
Messaging app seen in use by Mike Waltz suspends service after hackers claim breach: TeleMessage, the app that President Donald Trump’s former national security adviser, Mike Waltz, appeared to use to archive his group chats, has suspended all services after hackers claimed to have stolen files from it.
SecureTheVillage
Upcoming SecureTheVillage Events
May 13, SecureTheVillage's Cybersecurity Connect Discussion Group. Cybersecurity Connect is where Southern California’s cybersecurity professionals, IT leaders, attorneys, risk managers, educators, investors, and law enforcement come together to discuss challenges, exchange ideas, and strengthen our collective defenses. May discussion leader: Joe Greenfield, PhD, Assoc. Professor, USC; President, Maryman; Topic: Digital Forensics: What we find. What we’d like to find. Closing the discrepancy; May 13, 3:45 - 5:00 PDT.
SecureTheVillage FREE Newsletters. Sign up or share with a friend!
Cybersecurity News of the Week & Weekend Patch Report. Our award winning newsletter. Essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned.
Family Protection Newsletter: Our monthly newsletter for non-cyber experts. For your parents, friends, and those who need to protect themselves in a digital world.
SecureTheVillage Guides for families and individuals
Guide to Password Managers. What you need to know to get a password manager that's right for you.
**NEW**: After a Disaster: A Guide to Keep Your Phone Secure, Safeguard Your Information, and Avoid Being Scammed. This is a concise guide on how to protect yourself from scams in the aftermath of a local disaster, whether it's an earthquake, major fire, hurricane, or other crisis.
How Hackable Are You? Strengthen your cybersecurity and privacy defenses with our free updated 13-step guide.
Please Support SecureTheVillage: We need your help if we're to build a world of CyberGuardians. Please donate to SecureTheVillage. Thank you.
Cybersecurity Nonprofit of the Week
Kudos this week to cybersecurity nonprofit Global Cyber Alliance (GCA). GCA builds practical, measurable solutions and easy to use tools, and they work with partners to accelerate adoption around the world. GCA was one of the founders of Nonprofit Cyber, the first-of-its-kind coalition of global nonprofit organizations to enhance joint action to improve cybersecurity. SecureTheVillage is a proud member of Nonprofit Cyber.
Section 2: Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware.
How old's your router? Is it putting you and others in jeopardy?
FBI: End-of-life routers hacked for cybercrime proxy networks: The FBI warns that threat actors are deploying malware on end-of-life (EoL) routers to convert them into proxies sold on the 5Socks and Anyproxy networks. … These devices, which were released many years back and no longer receive security updates from their vendors, are vulnerable to external attacks leveraging publicly available exploits to inject persistent malware. … Once compromised, they are added to residential proxy botnets that route malicious traffic. In many cases, these proxies are used by cybercriminals to conduct malicious activities or cyberattacks.
Making two-factor authentication stronger.
Two-Factor Authentication Can Fail You, but You Can Make It More Secure: Some forms of 2FA can be easily phished. … Two-factor authentication (2FA) is a great way to boost the security of your accounts. But even with that added layer of security, malicious actors are finding ways to break in. So-called adversary-in-the-middle attacks take advantage of weaker authentication methods to access accounts. Your two-factor and multi-factor authentication (MFA) may be weak, but, luckily, there's something you can do about it.
Scams to avoid. Always be suspicious.
‘Hello pervert’: the sextortion scam claiming to have videoed you: How to deal with an email that says your device has been hacked and the camera used to record an intimate act.
How to Spot and Avoid Toll Road Payment Scam Texts: Cash-free toll lanes are popping up in more and more places across the United States. If you are driving in a new area, covered by a different toll operator, you may not always be sure that you electronically paid for the toll. … Hoping the fear of unpaid tolls may help them make some quick money, scammers are sending out texts claiming you have a toll violation. … The FCC has received consumer complaints about imposters sending fraudulent text messages claiming to be from one of several legitimate toll payment companies. The scam texts say that the recipient has an unpaid toll or owes a balance on their account, which will be suspended if immediate payment is not made…. What you should do if you receive one of these messages:
If you haven't locked your SIM card yet, do it now. It's easy to set up a PIN code.
How SIM swapping led to a $1.8M cyber fraud case: A brazen scheme that cost dozens of victims and how to protect yourself from it. … A San Fernando Valley, California man has been sentenced to more than five years in federal prison after orchestrating a massive fraud operation that targeted dozens of victims, many of them elderly. Oren David Sela, 36, stole mail, hijacked phone numbers through SIM swapping, and used victims’ identities to drain bank accounts, stealing over $1.8 million. Here is how the scheme worked and what you can do to avoid becoming a victim of a similar attack.
Section 3: Cybersecurity and Privacy News for the Cyber-Concerned.
In national security news
Could striking first in cyber be new Pentagon policy?: Bolstering cyber operations is top of mind for Katie Sutton, the White House’s pick to lead Defense Department cyber policy. … The White House’s pick to lead Pentagon cyber policy wants to lean in on offensive cyber operations and using AI as the cyberattacks become more common and lawmakers worry about conflict with China. … “While we need strong defenses, we are not going to deter the adversary with defenses only,” Katie Sutton, who was recently the chief technology advisor at U.S. Cyber Command, told senators Tuesday during her confirmation hearing to become assistant defense secretary for cyber policy. “If confirmed, I will work to strengthen our offensive cyber capabilities to ensure the President has the options he needs to respond to this growing threat.”
NIST loses key cyber experts in standards and research: The head of the agency’s Computer Security Division and roughly a dozen of his subordinates took the Trump administration’s retirement offers, placing key programs at risk. … Top cybersecurity staffers at the National Institutes of Standards and Technology (NIST) are leaving the agency as part of the Trump administration’s downsizing operation, Cybersecurity Dive has learned. … The departures are raising concerns over NIST’s work on emerging technology issues in quantum computing and artificial intelligence.
A shift in fraud protection as regulators begin imposing stricter controls on receiving banks.
Banking fraudsters: Why the world is holding receiving banks accountable: Receiving banks are constantly in the news these days. A receiving bank simply means that side of a financial institution that receives financial transactions (e.g. wires and faster payments) from another financial institution. The reason receiving banks are in the news is that they are the location of money mule accounts. And money mule accounts are the ‘fuel’ for facilitating fraud (unauthorized transactions by fraudsters), scams (authorized transactions induced by scammers), money laundering and more. … Until recently, all of the focus for fraud and scam losses has been on the sending bank. … That is changing.
In Cybersecurity legal news.
Spyware-maker NSO ordered to pay $167 million for hacking WhatsApp: The jury verdict hands a huge loss to the Israel-based company, already banned from use in the U.S., after a years-long legal fight. … A federal jury on Tuesday ordered the best-known maker of government spyware to pay a record-setting $167 million for hacking more than 1,000 people through WhatsApp messages in a stunning cap to six years of litigation.
This week in cybercrime and continued attacks on our privacy.
Despite ransom payment, PowerSchool hacker now extorting individual school districts: An education tech giant that was hacked in December said Wednesday that the same threat actor is now attempting to use the stolen data to extort the individual school districts that it works with. … PowerSchool — which was breached in late December, exposing the sensitive personal data of more than 60 million K-12 students and more than nine million teachers — had previously said the incident had been “contained” and that it had paid a ransom. … At the time, PowerSchool expressed confidence the incident was resolved, telling Bleeping Computer the hacker shared a video which purported to show the data being deleted. … By Wednesday, it had become clear that was wishful thinking.
Hacking Group That Wreaked Havoc on Las Vegas Appears to Be Back: Attacks on U.K. retailers appear to mark comeback of ‘Scattered Spider,’ a network that has disrupted operations at dozens of corporations. … Hacking group Scattered Spider, known for disrupting the Las Vegas Strip, is suspected in recent cyber intrusions at U.K. retailers. … Harrods, Marks & Spencer, and Co-op have reported cyber intrusions, with attacks bearing hallmarks of Scattered Spider’s methods. … Scattered Spider, which went silent after several arrests last year, uses social engineering and other methods to steal data and demand extortion payments.
Half of South Korea Hit: SK Telecom’s Worst Data Breach in History: South Korea’s telecom giant SK Telecom has confirmed its worst cybersecurity breach in history, impacting nearly half the country’s population. The April 2025 breach compromised sensitive SIM data, triggered mass customer exits, and may cost the company over $5 billion. Investigations suggest a China-backed campaign exploiting Ivanti VPN vulnerabilities.
4 Million Social Security Numbers May Have Been Leaked in Employee Benefits Company Breach: VeriSource Services, an employee benefits company, recently disclosed that a February 2024 data breach has compromised the personal identifiable data of 4 million people. … In a notice sent to the Maine Attorney General's office, the Houston, Texas-based company said that a combination of the following employee data may have been compromised: name, address, date of birth, gender and Social Security numbers.
Medical device giant Masimo says cyberattack is limiting ability to fill customer orders: A cyberattack on medical device manufacturer Masimo is affecting the company’s ability to process and ship customer orders. … The company notified the U.S. Securities and Exchange Commission on Tuesday evening about a cyberattack that was first identified on April 27. … “As a result of the incident, certain of the Company’s manufacturing facilities have been operating at less than normal levels, and the Company’s ability to process, fulfill, and ship customer orders timely has been temporarily impacted,” company officials warned SEC regulators.
Hackers hijack Japanese financial accounts to conduct nearly $2 billion in trades: Japan’s leading financial regulator reported an explosion of unauthorized stock market trades in April — with almost $2 billion in funds moved by hackers. … Japan’s Financial Services Agency (FSA) provided updated figures for last month after initially warning that there had been a “sharp increase in the number of cases of unauthorized access and unauthorized trading” through online trading services in the first three months of 2025. … The FSA said that in April alone, nine securities firms reported 2,746 fraudulent transactions conducted through nearly 5,000 accounts that were breached by hackers.
Section 4: For smaller businesses and nonprofits, and their IT
Use SonicWalls? Stay alert.
SonicWall customers confront resurgence of actively exploited vulnerabilities: The network security device vendor is making a regular appearance on CISA’s known exploited vulnerabilities catalog. Unlike its competitors, SonicWall hasn’t signed the secure-by-design pledge. … Vulnerabilities are proliferating in SonicWall devices and software this year, putting the vendor’s customers at risk of intrusion via secure access gateways and firewalls. … The total number of vulnerabilities publicly disclosed by the company so far in 2025 has grown to 20. … Eight of those vulnerabilities have been exploited in ransomware campaigns, according to the Cybersecurity and Infrastructure Security Agency’s known exploited vulnerabilities (KEV) catalog.
Section 5: Weekend Patch Report
Keeping your computers, smartphones, notepads and other devices patched and updated is #4 on SecureTheVillage's How Hackable Are You Guide. While patching is increasingly automated, it's important to double-check that it's being done. The following lists current versions of common software programs. Items in Bold have been updated in the past week. Updates are usually available from within the program. If not, updates can be downloaded from the company's website.
7-Zip 24.09.
Adobe Acrobat Reader2025.001.20474.
AVG updated to 25.4.3378.
Apple iOS 18.4.1
Apple iPadOS 18.4.1
Apple macOS Sequoia 15.4
Apple macOS Sonoma 14.7.5
Apple macOS Ventura 13.7.5
Apple watchOS to 11.4
Apple tvOS 18.4.1
Apple visionOS 2.4.1
Apple Safari 18.4
Brave updated to 1.78.97.
CCleaner 6.35.11488.
Chrome updated to 136.0.7103.93.
Discord updated to 1.0.9191.
Dropbox 223.4.4909.
Edge updated to 136.0.3240.64.
Evernote 10.136.4.
ExpressVPN 12.101.0.45
Firefox 138.0.1.
Foxit Reader 2025.1.0.27937.
Google Drive for Desktop 107.0.3.0.
iTunes 12.13.7.1.
KeePass 2.57.1.
Malwarebytes 5.3.0.186.
Microsoft 365 & Office
Microsoft Windows
Notepad++ updated to 8.8.1.
OneDrive 25.065.0406.0002.
Opera Chromium updated to 118.0.5461.83.
Skype 8.138.0.214.
Spotify updated to 1.2.63.394.
TeamViewer 15 updated to 15.65.6.
Thunderbird 138.0.
Zoom 6.4.6.64360.