In today’s cybersecurity news…
US DOJ opens investigation into Coinbase’s recent cyberattack
The U.S. Department of Justice has launched a criminal investigation into a recent cyberattack targeting Coinbase, the world’s largest crypto exchange. Coinbase clarified it is not under investigation, but is cooperating with the DOJ and other law enforcement agencies. The breach, disclosed on May 11, compromised some customer data—names, addresses, and emails—but not login credentials, and is expected to cost the company between $180 million and $400 million.
Dutch government passes law to criminalize cyber-espionage
The Dutch government has enacted a new law criminalizing digital espionage to safeguard national security and infrastructure. This legislation now allows prosecution for leaking sensitive non-classified data and acting for foreign entities against Dutch interests, carrying penalties up to 12 years for severe offenses. The law addresses growing concerns about cyber-espionage from nations like China and Russia, citing attempted infrastructure sabotage and infiltration of international organizations in the Netherlands.
Ransomware attack on food distributor spells more pain for UK supermarkets
UK food distributor Peter Green Chilled says it was hit by a ransomware attack on May 14th, disrupting operations and deliveries to major supermarkets. New orders were paused, potentially causing significant losses for small suppliers. Experts warn of increasing cyber threats targeting the UK retail supply chain’s operational systems.
South Asian Ministries Hit by SideWinder APT Using Old Office Flaws and Custom Malware
The SideWinder APT group has launched a targeted cyber-espionage campaign against government institutions in Sri Lanka, Bangladesh, and Pakistan. Using spear-phishing emails and geofenced malware payloads, attackers exploited outdated Microsoft Office vulnerabilities to deliver the StealerBot malware. This .NET-based tool captures sensitive data like keystrokes, passwords, and screenshots, with a high degree of precision and selectivity in targeting, reflecting SideWinder’s ongoing and methodical activity in the region.
Huge thanks to our sponsor, Conveyor
With Conveyor, they can. Conveyor is the trust center and security questionnaire automation tool your infosec friends love to use. Whether through Slack or the Conveyor app, sales and presales teams can easily get AI-generated answers to any customer security question, with your pre-set rules and reviews in place. Free up your team and keep deals moving at www.conveyor.com
SK Telecom says malware breach lasted 3 years, impacted 27 million numbers
South Korea’s SK Telecom reported a nearly three-year-long undetected malware breach, beginning June 2022, which compromised sensitive SIM data of nearly 27 million customers, including authentication keys and contact information, elevating SIM-swapping risks. The company is replacing SIMs, blocking unauthorized device changes, and accepting responsibility for resulting damages. Investigations identified 25 malware types on 23 servers, but the full scope of data loss is uncertain due to limited early logging.
Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers
NIST and CISA have developed Likely Exploited Vulnerabilities (LEV), a new metric using mathematical equations to predict vulnerability exploitation probability. This complements KEV and EPSS to improve patching prioritization by identifying potential overlooked threats. NIST is currently seeking industry partners to evaluate LEV’s real-world impact.
KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS
KrebsOnSecurity reports it was hit by a 6.3 Tbps DDoS attack on May 12th, likely a test of the Aisuru Internet of Things botnet. The attack lasted less than a minute but was clocked as the largest ever mitigated by Google’s Project Shield. Aisuru has been linked to a known figure named “Forky,” compromising hijacked IoT devices using zero-day exploits. Forky denies involvement in the attack, now claiming to focus on his hosting business, Botshield.
Mobile carrier Cellcom confirms cyberattack behind extended outages
Cellcom, a Wisconsin-based mobile carrier, confirmed a cyberattack was behind the widespread outages that began on May 14, 2025, disrupting voice and SMS services across Wisconsin and Upper Michigan. The company initially described it as a technical issue but later acknowledged the cyber incident, stating sensitive customer data wasn’t impacted. Cellcom is working with the FBI and cybersecurity experts to restore service, which it aims to complete by the end of the week.
VanHelsing ransomware builder leaked on hacking forum
The source code of the VanHelsing ransomware group was leaked after a failed sale by a former developer. The group then released parts of the code themselves, including the Windows encryptor builder and affiliate panel, but not the full Linux builder or databases. Despite being incomplete, the leak could enable copycat attacks, similar to past incidents involving Babuk, Conti, and LockBit.