Biweekly Recap: Ransomware Chaos, Mega Breaches, Crypto Heists, AI Privacy Wars & Global Crackdowns

Welcome to the inaugural edition of the PreventCyber Bulletin, your monthly cybersecurity digest.

🚨 Threat of the Week

Marks & Spencer Projects $400M Loss After Ransomware Attack

British retail giant Marks & Spencer has been hit by a devastating ransomware attack that encrypted critical systems and exfiltrated customer data. The company now projects financial losses nearing $400 million due to suspended digital operations, logistics disruptions, and customer service slowdowns. With digital sales not expected to resume until July, the incident ranks among the most financially destructive breaches in retail history.

Why it matters: This attack highlights the need for operational resilience and proactive incident response in cloud-first architectures. Business continuity planning is now a critical boardroom priority.

📰 Top 10 Cybersecurity News

1. Google Pays $1.375 Billion in Historic Privacy Settlement

Google has agreed to a record-breaking $1.375 billion settlement with the state of Texas for illegally collecting user data without consent. The lawsuit revealed that Android devices continued tracking users even after they disabled location sharing. The ruling is expected to have major implications for tech privacy across the United States.

2. Germany Dismantles Crypto Exchange Laundering €19 Billion

German police have dismantled a cryptocurrency exchange involved in laundering over €19 billion in illicit funds. The exchange was reportedly used by ransomware groups and darknet marketplaces. Authorities seized servers and arrested several suspects, marking one of Europe’s largest crypto-crime busts to date.

3. Ascension Health Data Breach Affects 437,000 Patients

One of the largest healthcare providers in the US, Ascension, has disclosed a breach affecting 437,000 patients. Hackers gained access to medical records, insurance inform d582106ation, and internal systems. Several hospitals experienced outages in patient portals and care coordination tools during the attack.

4. Lumma Stealer Malware Network Dismantled by FBI and Europol

An international law enforcement task force has shut down the Lumma Stealer operation, a malware-as-a-service platform used to harvest browser-stored credentials and session cookies. Authorities seized over 2,000 domains and arrested key operators responsible for compromising nearly 400,000 systems worldwide..

5. FBI AND EUROPOL DISMANTLE LUMMA STEALER MALWARE NETWORK

An international law enforcement task force has shut down the Lumma Stealer operation, a malware-as-a-service platform used to harvest browser-stored credentials and session cookies. Authorities seized over 2,000 domains and arrested key operators responsible for compromising nearly 400,000 systems worldwide.

META FACES LEGAL ACTION FOR TRAINING AI ON USER DATA

Privacy watchdog NOYB is preparing legal action against Meta for using personal data from Facebook and Instagram users in Europe to train its AI models. Critics argue the company failed to obtain meaningful consent. The case could shape the future of AI training practices under GDPR.

COINBASE REPORTS INTERNAL SECURITY BREACH

Coinbase has confirmed a cybersecurity breach involving bribed support staff who leaked sensitive user data. No funds were lost, but attackers accessed personal and account details of thousands of customers. The company is tightening internal access controls and launching a full investigation.

DUTCH POLICE ARREST RANSOMWARE GROUP BEHIND €4.5 MILLION IN DAMAGES

Dutch authorities have arrested members of a ransomware gang responsible for phishing attacks and extortion campaigns across Europe. The group reportedly targeted small businesses and nonprofits, encrypting systems and demanding cryptocurrency payments.

SCATTERED SPIDER LAUNCHES NEW WAVE OF RANSOMWARE ATTACKS

The group known as Scattered Spider is targeting retail and hospitality companies with a new form of ransomware. The attacks use phishing, remote access tools, and multi-stage extortion tactics to maximize pressure on victims. Experts warn that insider threats are also becoming part of the group’s playbook.

MALICIOUS CHROME EXTENSIONS TARGET MILLIONS

Over 100 malicious Chrome extensions have been found hijacking browser sessions, stealing login credentials, and injecting ads into legitimate websites. These extensions were disguised as shopping tools, productivity apps, and crypto wallets. Google has removed them from the Chrome Web Store.

🔍 Spotlight: The Business of Ransomware is Changing

The past month confirms a troubling trend. Threat actors are evolving from disruptive attackers to precision extortionists targeting core revenue streams. Ransomware groups are increasingly:

• Targeting business applications and APIs

• Exploiting trusted insiders and social engineering

• Employing leak-and-extort tactics in multiple stages

Enterprises must prepare not only to detect but also to withstand prolonged, multi-vector threats that impact both data integrity and customer trust.

Thank you for reading the PreventCyber Bulletin. We’ll be back with more stories, insights, and expert commentary on the evolving cyber threat landscape.

Until then, stay alert, stay secure.