This Week in Cybersecurity - May 23, 2025

From healthcare disruptions to deep-rooted processor vulnerabilities and large-scale malware takedowns, this week’s cybersecurity headlines highlight just how varied and persistent today’s threats have become. For SMB leaders, staying informed isn’t just smart—it’s essential. In this week’s roundup, we break down three major stories affecting organizations like yours, along with a practical security tip, a stat worth knowing, and key takeaways to help keep your business resilient.

Top News This Week

Kettering Health Network Hit by Cyberattack, Disrupting Care and Patient Services

Kettering Health Network in Ohio experienced a major cybersecurity incident that resulted in system-wide IT outages, forcing the cancellation of elective procedures and patient appointments. CEO Mike Gentry confirmed the unauthorized network access and emphasized that staff are following downtime protocols while services are being restored. The incident also triggered a wave of scam calls, with attackers impersonating staff to solicit credit card payments. In response, all payment-related calls have been halted, and temporary contact numbers were posted online. The network expects recovery to take 10–20 days but remains operational for emergency care.

Takeaway: Even well-established healthcare systems are vulnerable to cyberattacks that cause significant business disruption and customer confusion. SMBs should ensure they have clear downtime protocols, employee scam awareness training, and a communication plan ready to deploy in the event of an incident.

(WCPO9)

New Intel CPU Flaws Revive Spectre Vulnerability Concerns

Researchers at ETH Zürich have uncovered a new vulnerability in all modern Intel CPUs, dubbed Branch Privilege Injection (BPI), which allows attackers to exploit the CPU's predictive behavior to gain unauthorized access to sensitive memory. This flaw revives concerns over the long-standing Spectre vulnerability, originally discovered in 2018. The attack takes advantage of Branch Predictor Race Conditions (BPRC), allowing an unprivileged user to leak data from privileged processes. Intel has released microcode patches for BPI (CVE-2024-45332, CVSS 5.7). Meanwhile, VUSec researchers disclosed additional Spectre v2-style vulnerabilities (CVE-2024-28956, CVE-2025-24495), capable of leaking kernel memory and bypassing isolation boundaries—even across virtual machines.

Takeaway: If your business relies on Intel-based infrastructure, ensure systems are fully patched with the latest firmware and microcode updates. While these attacks require local access, the continued emergence of hardware-level exploits underscores the importance of maintaining strict access controls and regularly updating endpoint protection.

(The Hacker News)

Microsoft and DOJ Dismantle Global Lumma Malware Operation

Microsoft announced it has dismantled the Lumma Stealer malware network in coordination with international law enforcement, including the U.S. Department of Justice. The Lumma malware infected over 394,000 Windows devices between March and May 2025, stealing sensitive data such as passwords, banking details, and cryptocurrency wallets. Authorities seized Lumma’s core command infrastructure, shut down online marketplaces selling the malware, and redirected over 1,300 associated domains to Microsoft-controlled sinkholes. Lumma had been widely used in phishing attacks and targeted industries including healthcare, manufacturing, education, and logistics.

Takeaway: Malware-as-a-Service tools like Lumma can easily target unsuspecting users through phishing and social engineering. SMBs must prioritize endpoint protection, implement phishing-resistant email security, and train employees to recognize suspicious links and attachments—especially in industries increasingly targeted by these types of attacks.

(MSNBC)

Cyber Tip of the Week

Review & Refresh Downtime Protocols

Ransomware, malware, and hardware-level attacks can bring operations to a halt. Ensure your team knows what to do when systems go down: have printed workflows, offline backups, and clear client communication plans ready. Test these protocols regularly—don’t wait for an emergency.

Stat of the Week

394,000+ Windows PCs infected

Between March and May 2025, Microsoft found over 394,000 Windows devices worldwide infected by the Lumma malware. This highlights just how widespread and fast-acting modern malware threats can be—even against users with basic security in place.

Final Thoughts

This week’s stories paint a clear picture: cyber threats continue to evolve across all fronts—hardware, software, and human error. Whether it’s a healthcare provider grappling with outages, new vulnerabilities in processors, or large-scale malware campaigns, businesses of every size need layered security, proactive monitoring, and real-world response plans. Cybersecurity isn’t a one-time setup—it’s a continuous process. SMBs that treat it as such will be better equipped to protect their data, reputation, and bottom line.

Have questions about your cybersecurity posture? Let’s talk.