This Week in Cybersecurity - May 30, 2025

Cybercriminals are getting bolder—and more creative. This week’s top stories reveal how trusted platforms like Google Calendar and AI tools are being weaponized for stealthy, large-scale attacks. From deepfake scams that impersonate real people to malware hiding in plain sight and critical infrastructure vulnerabilities, the digital threat landscape continues to evolve. Here’s what business leaders need to know to stay ahead of the risks.

Top News This Week

APT41 Uses Google Calendar to Hide Malware Activity

Google has identified a new malware strain, ToughProgress, deployed by Chinese state-backed hackers APT41, which abuses Google Calendar as a command-and-control system. The malware hides encrypted commands and stolen data in calendar event descriptions, allowing attackers to blend in with normal cloud activity and evade detection. This tactic highlights a broader trend of cybercriminals exploiting trusted cloud platforms like Microsoft, Dropbox, and now Google to conduct stealth operations.

Takeaway: Even trusted cloud tools can be weaponized—SMBs need to monitor for unusual behavior across all cloud applications, not just block known threats.

(Cybersecurity Dive)

Deepfake Scams and AI-Powered Attacks Surge in 2025

The 2025 AI Security Report warns that cybercriminals are increasingly using AI to scale scams, automate phishing, and impersonate individuals in real-time through deepfake audio and video. Tools like GoMailPro and DarkGPT enable mass-targeted attacks, while stolen AI platform credentials are sold on the dark web. Attackers are also jailbreaking AI models to bypass safeguards and poisoning training data to spread misinformation. Even novice criminals can now launch sophisticated, multilingual attacks at scale with minimal effort.

Takeaway: AI is making cybercrime faster, smarter, and harder to detect—businesses must combine strong identity protection, data hygiene, and employee awareness to stay ahead.

(Fox News)

Report Reveals Critical Gaps in Industrial Cybersecurity

TXOne Networks’ 2024 OT/ICS Cybersecurity Report warns that supply chain risks, aging infrastructure, and ineffective patching leave industrial sectors dangerously exposed to cyber threats. Based on input from 150 global executives, the report highlights that 94% of organizations faced OT-related threats, while 98% saw IT issues spill into operational environments. As IT and OT systems become more interconnected, traditional security tools often fall short—especially against advanced threats like nation-state attacks, Fuxnet, and FrostyGoop.

Takeaway: SMBs in industrial sectors must go beyond basic asset visibility and invest in specialized OT cybersecurity strategies to protect critical operations from modern threats.

(SSI)

Cyber Tip of the Week

Review & Refresh Downtime Protocols

Ransomware, malware, and hardware-level attacks can bring operations to a halt. Ensure your team knows what to do when systems go down: have printed workflows, offline backups, and clear client communication plans ready. Test these protocols regularly—don’t wait for an emergency.

Stat of the Week

94% of organizations experienced operational technology (OT) cyber threats in the past year, according to TXOne Networks' 2024 report—showing just how deeply cyber risks now penetrate critical infrastructure.

Final Thoughts

From AI-powered phishing to stealthy malware hiding in trusted processes, cyberattacks are becoming harder to spot and easier to launch. As threat actors evolve, so must your defenses. That means combining cloud monitoring, behavioral detection, OT-specific protections, and employee training into a cohesive strategy. The tools may change, but the priority stays the same: stay alert, stay updated, and don’t let trust be your vulnerability.

Have questions about your cybersecurity posture? Let’s talk.