Cybersecurity news continues to emerge and develop at an alarming pace in 2025, with the month of May being no different. This recap of top stories from SWK Technologies covers several uncovered malware campaigns, including major ransomware attacks against healthcare and other critical infrastructure industries. The good news is that in spite of these rampant cyber incidents, there remains solutions available to help navigate the current security landscape, and many institutions and organizations are actively working to identify and combat these threats as they emerge.
Here are the top cybersecurity articles selected by SWK from May 2025:
Ransomware Takes Down Ohio Healthcare Network’s Systems for Days
Kettering Health, a nonprofit organization that manages over a dozen hospitals and other medical facilities, published a statement on Tuesday, May 20 that they were experiencing a “system-wide technology outage,” later confirmed to have originated from a cyber attack. The incident resulted from unauthorized access to their network, and brought down online patient portals and phones systems as well as forcing their medical centers to cancel or reschedule all elective procedures. It was also confirmed the same day that several scam calls claiming to be from Kettering were related to the attack, which additionally forced the nonprofit to cease all calls regarding payment to avoid confusing patients.
Though Kettering Health declined to provide a comment, CNN claims to have obtained a note indicating the outage resulted from a breach and ransomware infection carried out by the Interlock gang. This group has become notorious for several recent high-profile attacks, with a sizable portion of these targeting the healthcare industry. The immediate and potential fallout of the Kettering outage is a likely reflection of why – simply locking down some systems or data can have severe operational consequences, not even mentioning the physical effects for patients, and victims in this sector are always going to have a greater incentive to find a quick resolution that could include giving into the extortion.
Printers Spread Malware to Customer Networks
Procolored, a digital printing solutions provider based in China, was found to have offered software drivers for their printers that were infected with multiple malware strains. The widespread infections first came to light when a YouTuber that received a $6000 device from the company for review was alerted to the presence of viruses on the drivers by Windows Defender and Google Chrome’s antivirus tools, which he then brought to the attention of security researchers. This led to investigator discovering that the file sharing database Procolored used to host their file downloads contained evidence of multiple infections that went back at least 6 months.
Some of the malware identified came from known strains, but others were brand new versions that had never been caught in the wild by researchers previously. One in particular could modify executable files and allow itself to self-replicate within a network, which researchers suspect is what led to the widespread infection in the first place. Procolored has since removed all of the infected downloads from their website after initially denying their presence.
College Student Pleads Guilty to Cyber Extortion Attack
A student who had been studying at Assumption University in Worcester, MA has plead guilty to charges pertaining to hacking, stealing information from and extorting two U.S.-based organizations, including education software publisher, PowerSchool. Matthew Lane is accused of being part of a group that actively stole data of millions of students and teachers collected by PowerSchool and others, and later attempted to blackmail the solutions provider into paying a ransom on the threat of leaking the files. Lane is now facing multiple charges that include “…cyber extortion conspiracy; cyber extortion; unauthorized access to protected computers; and aggravated identity theft.”
Though one case of many, the relative swiftness at which Lane was charged does seem to reflect a pattern of renewed focus from law enforcement on cybercrime and a faster reaction time when culprits are identified. The federal government has already processed over 100 such cases in 2025, though by the FBI’s own statistics, these types of crimes have only continued to increase over the past year.
Hackers Exploit CVE Flaws in SAP NetWeaver
German software publisher SAP announced the discovery of a critical CVE bug present in their NetWeaver platform in April 2025, before uncovering another exploitable flaw a few weeks later in May. Both vulnerabilities affect Visual Composer Development Servers and potentially allow hackers to gain unauthorized backdoor access to the entire hosted environment, which can then enable entry into additional connected applications like Industrial Control Systems (ICS). Even while investigators had identified the first exploit and before the second was found, bad actors were already found taking advantage of the former and quickly picked up on the latter.
SAP has worked to release patches for both flaws as of this writing, but security researchers previously warned the public that thousands of servers were likely vulnerable to the exploit and several attacks had been confirmed before the systems were patched. If you own or have a system connected to SAP NetWeaver, SWK recommends ensuring your software is up to date with the latest security patches, and contacting your support partner or an MSSP (managed security services provider) ASAP.
Malware Campaigns Target Cloud Resources of Major Institutions
Various malware distribution campaigns have been identified by researchers targeting different victims over online channels, with perhaps of the largest of these going after multiple cloud hosting services. This latter campaign by the cybercriminal group Hazy Hawk aimed to exploit DNS (Domain Name System) misconfigurations in various inactive cloud environments – including some hosted by Cloudflare, GitHub and Akamai – to hijack domains of popular brands that could be used to spread malware to unsuspecting victims.
Exploiting misconfiguration is a common attack vector for more sophisticated hackers looking to break into cloud networks, though not an easy one by any means as most public clouds are frequently secured against this type of attack. However, flaws still appear every once in a while, such as with the SAP NetWeaver example earlier in this blog or the NetSuite SuiteCommerce incident from 2024.
Keep Up with the Latest Cybersecurity News
The stories featured in this recap are still only a fraction of the major cybersecurity news that popped up in May 2025, including additional ransomware campaigns targeting retailers, more hacks against public institutions and other malware traps on popular websites. The increasing pace of these incidents continues to shift the security landscape in new ways – but staying on top of the latest developments will help your business to prepare for emerging threats and adapt your cybersecurity posture to meet them.
Contact SWK here to discover how we can help you stay informed on the latest security trends and what measures your business must implement to guard against evolving cyber risks.