From zero-day headlines to breach disclosures and security takeaways, this edition wraps up May’s critical updates, insights, and impact stories, all in one place.
- CVE-2025-32756 | Fortinet Multiple Products Stack-Based Buffer Overflow
- CVE-2025-30400 | Microsoft Windows DWM Core Library Use-After-Free
- CVE-2025-32701 | Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free
- CVE-2025-32706 | Microsoft Windows CLFS Driver Heap-Based Buffer Overflow
- CVE-2025-30397 | Microsoft Windows Scripting Engine Type Confusion
- Coca-Cola Ransomware Leak Everest ransomware gang leaked sensitive employee data from Coca-Cola’s Middle East unit after a $20M ransom demand was ignored. The breach exposed nearly 1,000 personnel records and hinted at global IT vulnerabilities. Read More
- Coinbase Insider Breach Bribed overseas agents leaked data of 69,000 users in a $20M extortion attempt. Coinbase responded with contract terminations and launched a U.S.-based support hub. Read More
- Adidas Vendor Breach Customer contact info was compromised via a third-party support vendor. No financial data leaked, but trust and vendor oversight are now under the spotlight. Read More
- Marks & Spencer Cyberattack M&S faced Easter weekend disruptions and customer data exposure linked to potential vulnerabilities in TCS-managed infrastructure. Online services were down for 72+ hours. Read More
- Ascension Healthcare Breach Over 437,000 patients' sensitive health data was exposed due to outdated third-party software. Ascension now faces HIPAA scrutiny and increased compliance demands. Read More
- AT&T Massive Data Leak A threat actor claims to have leaked 31 million AT&T customer records, including tax and device data. AT&T has yet to confirm the breach, raising alarms over internal safeguards. Read More
