Cerner Discovered the Breach in February 2025. Atrium Health Patients Found Out 15 Months Later

Cerner discovered the breach in February 2025. Atrium Health patients only learned this week. The 15-month gap — across 16 health systems through one Oracle-owned vendor — is the year's clearest HIPAA business-associate accountability test.

Comcast's $117.5M Xfinity Settlement Puts a Price Tag on Citrix Bleed — $10K Per Customer

Comcast just agreed to write a $117.5 million check over a vulnerability it didn't write. The Xfinity settlement is the first major Citrix Bleed bill to come due — the precedent it sets for shared customer-vendor liability is the part defenders should read twice.

Foxconn Hit by Nitrogen Ransomware — 11M Files Across Apple, NVIDIA, Google

Foxconn confirmed a cyberattack on its North American factories. Nitrogen ransomware claims 8TB and 11M+ files including Apple, NVIDIA, Google, Intel, and Dell project documentation. Mount Pleasant AI server factory was offline for a week.

Odido Refuses to Compensate 6.2M Breach Victims After ShinyHunters Attack

Odido's CEO confirmed May 12 that the Dutch telecom will not compensate 6.2 million ShinyHunters breach victims. Dutch prosecutors are investigating whether the company retained data beyond GDPR limits. The CRM compromise pattern matches the broader ShinyHunters Salesforce campaign.

ICE Agents Now Carry a 20 Million-Person Palantir List on Their iPhones

ICE Assistant Director Matthew Elliston disclosed at the Border Security Expo that agents now reach a 20-million-person list from their iPhones via Palantir's ELITE system. The Mobile Fortify accuracy claim is in tension with 404 Media's January reporting.

FCC Backs Off Foreign Router Ban — Updates Now Extended to 2029

The FCC extended the security update cutoff for foreign-made routers and drones from March 2027 to January 2029. The import ban on the Covered List remains. Netgear and Eero hold conditional approval through October 2027.

Ransomware Forces West Pharmaceutical to Take Global Systems Offline

West Pharmaceutical Services disclosed a disruptive ransomware attack via SEC Form 8-K on May 7, took global systems offline, and engaged Palo Alto Unit 42. The pharma-packaging CI adjacency just became a documented sector risk.

GM Just Paid $12.75M for Selling Driver Data It Shouldn't Have Kept

California AG Bonta announced a $12.75M civil penalty against GM and OnStar for selling driver data to data brokers 2020-2024. Largest CCPA penalty ever; first data minimization enforcement.

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, and 170 Packages

TeamPCP's Mini Shai-Hulud worm hit 170+ packages May 11, including TanStack, Mistral AI, and Guardrails AI. First npm worm to ship valid SLSA Build Level 3 provenance for malicious code.

Instructure Paid the Ransom. Congress Just Opened an Investigation.

Instructure paid ShinyHunters on May 11 to delete 3.65TB from 8,809 schools. Congress opened an investigation the same day. The vendor-paid-ransom precedent for SaaS is now set.

South Staffordshire Water Just Got Fined Nearly 1 Million Pounds for a Cl0p Attack Hackers Hid In for 20 Months

The ICO fined South Staffordshire Water nearly GBP 1 million over a Cl0p attack that exposed 633,887 records. Hackers sat undetected for 20 months. Only 5 percent of the IT environment was monitored.

Dirty Frag: A New Linux Kernel LPE With Public Exploit and No Coordinated Patch

Two page-cache write bugs chained for deterministic Linux root. Public exploit released after embargo break on May 7. AlmaLinux specifics matter; container workloads inherit host kernel exposure.