20260228 Cybersecurity Threat Rundown Thumbnail

Cybersecurity Threat Roundup: Ransomware, Chinese Telecom Spies, and Data Breaches You Need to Know About

By Bryan Longworth | A Faster PC | Managed IT Services for Florida's Treasure Coast, Space Coast, and South Florida

Right now, while you're reading this, North Korean government hackers are targeting hospitals and nonprofits — including a school for autistic children — with ransomware. The mental health app on your phone may be leaking your most private therapy records to anyone who wants them. And Chinese spies have had access to major US telecom networks for years, with the FBI confirming the threat is still very much ongoing.

This is your weekly cybersecurity threat roundup, brought to you by A Faster PC — your local managed services provider (MSP) serving businesses and families across Florida's Treasure Coast, Space Coast, and South Florida. We break down the biggest cybersecurity news of the week in plain English so you can take action to protect yourself, your business, and your data.

The Ransomware Economy: Good News and Bad News

There is genuinely good news on the ransomware front. According to blockchain analyst firm Chainalysis, the percentage of ransomware victims who actually paid hackers dropped to an all-time low of 28% in 2025, down from 62% in 2024 and nearly 79% in 2020. Businesses are investing in better backups and incident response plans, and law enforcement crackdowns are contributing to the decline.

But do not celebrate yet.

Ransomware attacks rose 50% year over year. There are now 85 active ransomware gangs operating globally — more than at any point in history. Artificial intelligence is allowing these criminal organizations to operate more rapidly and efficiently with less manpower. And the median ransomware demand jumped 368%, from $12,724 to nearly $60,025.

Hackers are hitting fewer targets but squeezing much harder. Smaller organizations that assumed they were flying under the radar are increasingly the ones getting hit. Ransomware is not going away — it is evolving.

What you can do: Invest in reliable, tested backups. Implement a documented incident response plan. Work with a managed services provider like A Faster PC to monitor your systems around the clock.

North Korean State Hackers Are Targeting US Healthcare With Ransomware

This is one of the most disturbing developments in recent cybersecurity news. Cybersecurity firm Symantec confirmed that North Korea's Lazarus Group — the same state-sponsored hacking team behind billions of dollars in cryptocurrency heists — is now deploying ransomware against US healthcare organizations using a strain called MedUSA ransomware.

Confirmed victims include a mental health nonprofit and a school for children with autism. The average ransom demand is approximately $260,000.

Why is healthcare being targeted? These organizations are chronically underfunded, cannot afford operational downtime, and face enormous pressure to restore services as quickly as possible. North Korean state hackers operate with essentially no moral guardrails when selecting victims.

If you run a healthcare practice, a nonprofit, a clinic, or any organization that serves vulnerable populations, you need to understand that you are a target. Not because of who you are, but because of how urgently you need your systems back online.

A Faster PC specializes in protecting exactly these types of organizations across Florida's Treasure Coast, Space Coast, and South Florida. Do not wait for a six-figure ransom demand to take action.

Chinese Espionage: Salt Typhoon Is Still Inside US Telecom Networks

This story has been building for over a year, and it is still not resolved.

Google's Threat Intelligence Group confirmed this week that a Chinese state-sponsored hacking campaign has been quietly infiltrating telecom companies and government agencies around the world. The confirmed numbers are staggering: 53 organizations across 42 countries, with suspected infections in at least 20 additional nations. The campaign has been active since at least 2023.

This operation is tied to Salt Typhoon, a Chinese cyber espionage group that the FBI has described as responsible for one of the worst telecom breaches in US history. AT&T, Verizon, and T-Mobile have all been compromised. Hackers reportedly accessed the phone communications of senior US government officials.

As of this week, the FBI is stating clearly that the threat remains ongoing.

If you use a major US carrier, sophisticated surveillance tools may have been inside those networks for years. The FBI's consistent guidance is straightforward: the most common way attackers get in is through phishing emails and unpatched systems. The fixes are not exciting, but they work.

What you can do: Keep all systems and devices patched and updated. Train employees to recognize phishing attempts. Partner with a managed services provider who handles this proactively.

Critical Vulnerabilities in Routers and Network Hardware

This week brought a wave of critical hardware vulnerabilities that every business owner and IT manager needs to be aware of.

Zyxel disclosed a critical remote code execution flaw affecting more than a dozen of their popular routers. An unpatched Zyxel router — whether in your home or your office — can be taken over completely by an attacker from anywhere on the internet. No password required.

Juniper Networks disclosed a critical flaw in their routers that allows an unauthenticated attacker to execute code with full root access, effectively handing an attacker complete control of the device.

Cisco is warning of a critical vulnerability in their Catalyst SD-WAN system that has been actively exploited since 2023. Some businesses have had an open hole in their network for more than two years without knowing it.

SolarWinds patched critical flaws in their Serv-U file transfer software that could allow attackers to gain root-level access to servers.

The pattern is clear. Network devices are a primary entry point for attackers. If your routers and switches are not being monitored and patched on a regular schedule, you may already be compromised.

This is exactly the kind of ongoing maintenance and monitoring that A Faster PC provides for businesses across Florida's Treasure Coast, Space Coast, and South Florida.

Data Breaches This Week: Are You Affected?

Several significant data breaches were reported this week that may directly affect you or someone you know.

CarGurus — the popular car shopping website — had over 12 million user records leaked by the ShinyHunters extortion group. Names, email addresses, and personal data were published to the dark web.

ManoMano — a major European home improvement retailer — notified nearly 4 million customers of a breach caused by a compromised third-party vendor.

Wynn Resorts confirmed a data breach affecting employees following an extortion threat.

Optimizely, an ad tech firm, was compromised through a voice phishing attack in which criminals called an employee while impersonating IT support and talked their way into company systems.

UFP Technologies, a medical device company, warned patients that personal data was stolen in a cyberattack.

Odido, a Dutch telecom provider, had over 6 million customer records claimed by the ShinyHunters group in a separate breach.

The common thread across nearly all of these incidents is the same: either a third-party vendor was the weak link, or a human was manipulated. Cybersecurity is not only about software and hardware. It requires training people to recognize and resist social engineering attacks.

If you have received a data breach notification recently, you are not alone. A Faster PC can help you assess your exposure and strengthen your defenses.

Malicious Google Ads and API Key Vulnerabilities Targeting Small Businesses

Two stories this week are particularly relevant for small business owners who rely on Google's tools and advertising platform.

A platform called OneCampaign is being used by cybercriminals to run malicious Google ads that evade Google's own detection systems. These ads appear completely legitimate and may mimic your bank, your accounting software, or local service businesses. They redirect users to phishing pages designed to steal login credentials. If you run Google ads, your brand could be spoofed without your knowledge. If you click on an ad searching for a service, you may not end up where you expect.

Separately, researchers discovered that certain Google API keys — the type routinely embedded in business websites and applications — can be exploited to access private data through Google's Gemini AI system. If a developer ever placed an API key into publicly accessible code, your data could be exposed right now.

What you can do: Review who has access to your Google account. Audit all API keys currently in use. Be suspicious of any ad or pop-up prompting you to log in to an account.

Fake Job Interviews Are Delivering Malware to Developers

If you work in software development or employ developers, this threat is directly relevant to you.

Researchers uncovered a campaign in which hackers post fake job listings and send applicants a technical coding test. When the developer runs the code, it silently installs a backdoor on their machine, giving attackers persistent, undetected access to everything on that computer.

Never run code received as part of a job application without first having it reviewed by a trusted colleague or security professional. If you hire developers, make sure your team knows about this threat.

Mental Health Apps and iPhone Spyware: Your Phone Is a Target

Two mobile security stories this week deserve serious attention.

Researchers analyzed 10 popular Android mental health apps with a combined 14.7 million downloads and found over 1,500 security vulnerabilities, including dozens of high-severity flaws. One therapy app was exposing users' session tokens and therapy records to any other app installed on the same device. Another was storing sensitive personal data in plain text. On the dark web, mental health records sell for over $1,000 each — significantly more than stolen credit card numbers. The apps have not yet been publicly identified, so if you use a mental health app on Android, pay close attention to updates and be cautious about the personal information you enter.

On the iPhone side, advanced commercial spyware called Predator has been found to embed itself directly into the iOS operating system's core, hiding all microphone and camera activity from the user. While this spyware is typically deployed against journalists and executives, it is a clear reminder that no device is inherently secure without proper security practices in place.

The Good Guys Are Winning Some Battles

Amid all of this, there are meaningful wins worth noting.

The US government sanctioned a Russian-backed broker who was caught buying and selling stolen zero-day exploits — undisclosed software vulnerabilities that sell for millions on the black market. A former executive at defense contractor L3Harris was sentenced to federal prison for selling zero-days to that same broker. Law enforcement agencies across multiple countries executed a coordinated crackdown on the Com cybercrime gang, a loosely organized group of young hackers connected to some of the largest breaches in recent years, resulting in 30 arrests. Spain arrested suspected members of Anonymous Phoenix for launching denial-of-service attacks against government websites. And a Ukrainian man pled guilty to operating an AI-powered fake ID service that produced fraudulent passports and driver's licenses.

These enforcement actions matter. But they also reinforce an important truth: law enforcement is always playing catch-up. Prevention remains the most effective protection available.

What This Means for Your Business and Your Family

Cyber threats are more frequent, more targeted, and more sophisticated than at any point in history. Whether you run a business, medical office, dental office, accountant's office, attorney's office, non-profit, home office,  owner, or simply someone who uses a smartphone or computer on the Treasure Coast, the Space Coast, or in South Florida, you are a target. Not because of who you are, but because of what you have: your data, your access, and your money.

The encouraging reality is that most successful cyberattacks exploit the basics — unpatched systems, weak passwords, no multi-factor authentication, and employees who have not been trained to recognize threats. Fix the basics and you are dramatically more secure.

That is exactly what A Faster PC does every day for businesses and families across Florida's Treasure Coast, Space Coast, and South Florida. We handle the monitoring, the patching, the employee training, advanced cybersecurity, and the incident response — so you don't have to become a cybersecurity expert to stay protected.

Ready to Protect Your Business?

Call us at 772-878-5978.
 Visit us at AFasterPC.com.

From our website, you can schedule a free discovery call to discuss your systems and how we can protect your business from the threats covered in this post. We also offer a free downloadable cybersecurity report to help you get started.

Watch our YouTube Video: Your Router, Phone, and Email Are All Targets — Here's What Happened This Week in Cybersecurity
Watch our YouTube Short Video: Chinese Spies Are Still Inside US Phone Networks Right Now #Shorts

A Faster PC is a leading managed services provider (MSP) serving Florida's Treasure Coast, Space Coast, and South Florida. We provide comprehensive IT support, advanced cybersecurity solutions, patch management, computer repair, and technical support for businesses and individuals throughout the region.

Every week at 10:07 AM EST, A Faster PC hosts A Faster PC Live Technical Support which is a live Radio Show that is livestreamed to YouTube and Facebook and is available as a podcast. For various ways to listen to and watch A Faster PC Live Technical Support.

A Faster PC services the following counties and cities: St. Lucie County including: Port St. Lucie, Fort Pierce, St. Lucie West, Tradition, St. Lucie Village; Martin County including: Stuart, Jensen Beach, Jupiter Island, Ocean Breeze Park, and Sewall's Point; Indian River County: including Vero Beach, Sebastian, Fellsmere, Indian River Shores; Palm Beach County including: Jupiter, Jupiter Inlet Colony, Juno Beach, Tequesta, Palm Beach Gardens, North Palm Beach, Palm Beach Shores, Riviera Beach, West Palm Beach, Wellington, Royal Palm Beach, Greenacres, Lake Worth Beach, Lantana, Boynton Beach, Ocean Ridge, Briny Breezes, Gulf Stream, Delray Beach, Highland Beach, and Boca Raton; Broward County including: Fort Lauderdale, Hollywood, Pompano Beach, Coral Springs, Pembroke Pines, Miramar, Davie, Plantation, Sunrise, Deerfield Beach, Lauderhill, Weston, Tamarac, Coconut Creek, Margate, Lauderdale Lakes, Oakland Park, Hallandale Beach, Cooper City, Wilton Manors, Lighthouse Point, Parkland, Lauderdale-by-the-Sea, Sea Ranch Lakes, Lazy Lake, Hillsboro Beach, Southwest Ranches, North Lauderdale, Dania Beach; Miami-Dade County including: Miami, Miami Beach, Hialeah, Miami Gardens, Coral Gables, Homestead, Doral, North Miami, Aventura, Kendall, Cutler Bay, Sunny Isles Beach, Key Biscayne, Pinecrest, Surfside, Bal Harbour, North Miami Beach, Palmetto Bay, Miami Springs, Opa-locka, Miami Lakes, Florida City, South Miami, Sweetwater, West Miami, Bay Harbor Islands, Biscayne Park, El Portal, Golden Beach, Hialeah Gardens, Indian Creek, Medley, North Bay Village, and Virginia Gardens; and Okeechobee County including: Okeechobee, Taylor Creek, Cypress Quarters, Fort Drum, and Basinger.