Security News Update for May 18, 2025

This week’s news includes:

• Be Careful What You Wish For – You May Get it and not Like It
• CMMC Q&A
• DoD (DCSA) Releases New SF-328 for Foreign Ownership Interests
• Apple Patches 30 Vulnerabilities
• Of Course Microsoft isn’t Going to Let Apple Out-Patch Them
• Researcher Says Commvault Patch Didn’t Fix Problem – But it Did
• CISA Adds TeleMessage Bug to KEV List After Breach
• Zoom Fixes Multiple Vulnerabilities; Says Windows Users, Especially, Should Patch
• Pro-Ukraine Hackers Erase a Third of Russian Court Case Archive
• Marks & Spencer Admits Customers’ Data Stolen
• Alabama Says “Cybersecurity Event” Could Disrupt State Services
• UK Retailer Marks & Spencer May be Ready to File 100 Million Pound Insurance Claim
• Largest US Steelmaker Hit by Cyber Attack
• Google to Pay Nearly $1.4 Billion to Settle with Texas
• EU Launches Vulnerability Database in Wake of CISA Cuts
• Coinbase Customer Info Stolen by Bribed Insiders
• Security News for the week ending May 16th, 2025: FTC says it won’t regulate AI until after it causes harm, Chinese hackers going after Taiwan and South Korea supply chains, another reason to get off Windows 10, Israel arrests suspect behind $190 million crypto hack and Coinbase users lose tens of millions a week while Coinbase ignores it.

• Audio
• Video