Top 5 Cybersecurity News Stories May 16, 2025

By Editorial Team | May 16, 2025

Cybersecurity threats are constantly evolving as threat actors seek access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of. No story is too big or small as we look at threats from espionage to security flaws in everyday devices:

1. Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit

Austrian privacy group noyb has sent Meta a cease-and-desist letter, threatening legal action over plans to use Facebook and Instagram user data in the EU for AI training without explicit opt-in consent. Starting May 27, 2025, Meta intends to collect public user data under “legitimate interest,” which noyb argues violates GDPR.

Meta claims users can object clearly, but noyb says the opt-out model is unlawful. The issue reignites concerns about Meta’s past reliance on “legitimate interest” for data collection.

2. Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server

Microsoft’s May 2025 Patch Tuesday fixes 78 vulnerabilities, including five actively exploited zero-days, with 28 enabling remote code execution and 21 allowing privilege escalation. Critical bugs include a scripting engine flaw (CVE-2025-30397) that enables code execution and DWM and CLFS driver vulnerabilities used in prior malware campaigns.

CISA has mandated U.S. federal agencies to patch all five zero-days by June 3. Additional flaws affect Microsoft Defender for Endpoint, Azure DevOps Server, and Defender for Identity.

3. FBI: US officials targeted in voice deepfake attacks since April

The FBI has issued a public warning about cybercriminals using AI-generated audio deepfakes to impersonate senior U.S. officials in voice phishing (vishing) attacks since April 2025. These deepfakes, combined with smishing texts, aim to build trust and trick victims into sharing account access or transferring funds.

The attackers seek to exploit personal and government networks by impersonating compromised contacts. Similar threats have been flagged by Europol, HHS, and LastPass.

4. Windows 11 and Red Hat Linux hacked on first day of Pwn2Own

On the first day of Pwn2Own Berlin 2025, researchers earned $260,000 for demonstrating zero-day exploits against Windows 11, Red Hat Linux, and Oracle VirtualBox. Highlights include privilege escalation on Red Hat via integer overflow and use-after-free chains, and multiple SYSTEM-level exploits on Windows 11.

Oracle VirtualBox and Docker Desktop were also compromised. The contest runs May 15–17, with $1M+ in prizes across categories including AI, virtualization, and automotive. Vendors have 90 days to issue patches.

5. Coinbase warns of up to $400 million hit from cyberattack

Coinbase disclosed a cyberattack that compromised account data of some customers, forecasting a financial impact between $180M–$400M. Hackers accessed names, addresses, and emails, but not passwords. The company will reimburse users tricked into sending funds and has fired involved contractors.

The SEC is also probing Coinbase over potentially misstated user data. With a $20M bounty for hacker info and new security measures underway, the breach casts a shadow as Coinbase prepares to join the S&P 500.