Weekly Threat Briefing · May 2025 · Issue #47
Issue #47
This Week's Briefing

Their Breach.

Your Problem.

Unless You Read This First.
4 Stories / 8 Min Read / Critical
Current Threat Level
Elevated
This week hackers attacked millions of students during finals, Iranian groups wiped hospital supply chains, and Russian military broke into 18,000 home routers to spy on people. If you use Canvas, ADT, or an old router, you need to read this right now.
■ Threat 01
Critical

Canvas Locked Out 275 Million Students

Hackers attacked Canvas, the online learning platform used by 9,000 schools across America, and locked everyone out during final exams. The group called ShinyHunters threatened to leak data on 275 million students and teachers unless schools paid ransom. They stole names, email addresses, student ID numbers, and billions of private messages between students and teachers.
Put Simply: Someone broke into your school, changed all the locks, and threatened to post everyone's report cards and private messages online unless the school pays them.
■ Threat 02
Critical

Iranian Hackers Wiped Hospital Supply Chain

Iranian government hackers destroyed data on over 200,000 computers at Stryker, a major medical device company, sending 5,000 workers home and leaving hospitals unable to order surgical supplies. This was a "wiper attack"—they erased everything instead of stealing it. The attack affected 56,000 Stryker employees across 61 countries and countless hospitals that depend on their equipment.
Put Simply: Someone erased every recipe, order form, and phone at your favorite restaurant chain all at once—now they can't make food or take orders anywhere.
■ Threat 03
High

Russian Military Hijacked 18,000 Home Routers

Russian hackers broke into over 18,000 home and small business routers and quietly redirected internet traffic to steal login tokens from Microsoft Office users. They didn't install malware—just changed router settings to intercept traffic and read emails without ever needing passwords. This affected more than 200 organizations and 5,000 regular people using older MikroTik and TP-Link routers.
Put Simply: Someone secretly rewired your mailbox so all your mail goes through their house first, where they open it, read it, and make copies before you ever see it.
■ Threat 04
Medium

ADT Lost 5.5 Million Customer Records

The same ShinyHunters group that hit Canvas tricked an ADT employee over the phone into giving them access to company systems, stealing personal information on 5.5 million home security customers. The hackers pretended to be from IT, and the employee accidentally handed over the keys to everyone's information. ADT hasn't disclosed exactly what data was stolen yet.
Put Simply: A scammer called pretending to be from the IT department, and an employee accidentally gave them the keys to everyone's information.
Action Required
Change your router password right now. Open a web browser and type 192.168.1.1 or 192.168.0.1 into the address bar. Log in with your current username and password (check the sticker on your router if you never changed it). Find the settings page and create a new, strong password. If you can't figure it out, call your internet provider or Google your router model plus "change password." This single action protects you from becoming part of a botnet like the ones the FBI just shut down this week.
Stay Sharp. Stay Safe.
— The Cybersecurity1o1 Team