In a recent LinkedIn post, Dale Peterson — founder of S4 and noted voice in cybersecurity — echoed this urgency, arguing that the ICS security community must move beyond the endless hunt for vulnerabilities. He notes that many ICS devices still lack basic security controls, making the steady discovery and patching of vulnerabilities far less impactful. Instead, Peterson urges the industry to focus on externally exploitable flaws and prioritize network segmentation, rather than scrambling to patch a mountain of OT assets. He also called out vendors (hi, that’s us!) for sometimes promoting flashy vulnerability news without driving real-world risk reduction.

As vendors, we could take offense. But honestly? He’s right. We wholeheartedly agree: the obsession with finding and patching vulnerabilities is vastly overrated in the ICS/OT/CPS space. Keeping up with the endless game of patching is a losing battle — especially in OT environments, where patch cycles often happen only twice a year (if that).

Still, we think it’s important to regularly share updates — like in this very blog series — about vulnerabilities and breaches. That’s because these issues are real, and they deserve serious attention. According to the FBI’s Internet Crime Report, victims lost a staggering $16.6 billion to cybercrime in 2024. The agency received more than 4,800 complaints from critical infrastructure operators alone — a 9% increase over the previous year — with most cases tied to ransomware attacks or data breaches.

Our goal is to stay closely attuned to the evolving threat landscape and to offer practical strategies for mitigation and prevention. As one commenter on Dale’s post wisely noted, some of the most impactful security measures aren’t flashy — and that’s exactly why they demand consistent, persistent focus to stay top of mind. Implementing Zero Trust access policies, segmenting networks, and deploying virtual patching are among the most critical (and yet often overlooked) steps organizations can take.

With that context, let’s dive into this month’s major cybersecurity stories and what you can do about them.

Telecom Cyberattacks Escalate: Breaches, SIM Swaps, and Data Leaks

The telecommunications sector faced relentless cyberattacks in April, exposing persistent vulnerabilities across global networks.

According to The Wall Street Journal, Chinese officials privately admitted to the Biden administration their government’s involvement in the Volt Typhoon attack campaign — a significant disclosure made during the final months of the administration.

In South Korea, SK Telecom confirmed a breach that compromised SIM card-related data, potentially enabling SIM swap attacks. In response, the company is offering free SIM card replacements to its 23 million subscribers.

Meanwhile, a major telecom provider in South Africa suffered a significant data leak. The group behind the attack, RansomHouse, is notorious for its extortion tactics — instead of encrypting victim data, they publicly release stolen information to pressure victims into paying up.

Interestingly, this strategy mirrors the approach of another threat actor group, Hunters International, which is preparing to rebrand as “World Leaks” and shift to an extortion-only model. According to research from Group-IB, the move is motivated by profit and risk calculations: “ransomware is no longer profitable and risky. […] Instead of conducting double extortion, the operation will shift to extortion-only attacks.” The group is reportedly equipping affiliates with a self-developed exfiltration tool designed to automate data theft from victims’ networks.

The wave of cyberattacks targeting telecommunications providers highlights just how aggressively threat actors are adapting their tactics. As attacks grow more sophisticated and relentless, telecom companies must rethink how they secure critical systems and customer data. Xage helps telecom providers move beyond traditional perimeter defenses by enforcing Zero Trust access, dynamically segmenting critical assets, and enabling secure operations. By stopping attackers from moving freely within networks and protecting sensitive data at every layer, Xage empowers telecom organizations to stay resilient against rapidly evolving threats.

Healthcare Sector Under Siege: Breaches in April

The healthcare sector also suffered significant cyber incidents in April, impacting millions of patients across the United States.

DaVita Inc., one of the nation’s largest dialysis providers, disclosed that it had been hit by a ransomware attack. The attack encrypted portions of DaVita’s network and disrupted operational activities. Despite these setbacks, the company was able to maintain critical patient care services by isolating affected systems and deploying interim measures.

This month also brought news of a breach at Yale New Haven Health System (YNHHS) in Connecticut, where unauthorized access compromised data belonging to 5.5 million patients. Although the attack did not involve YNHHS’ primary electronic medical record system or financial accounts, sensitive information such as Social Security numbers, medical record numbers, and demographic details was exposed.

Meanwhile, Frederick Health Medical Group in Maryland reported a separate ransomware-related breach affecting nearly one million patients. The stolen data varied by individual and may have included highly sensitive personal and clinical information.

These attacks underscore the growing need for healthcare organizations to strengthen defenses against ransomware and data breaches. Xage helps healthcare providers protect critical systems and patient data by enforcing Zero Trust access across all assets and accounts. By isolating threats early and minimizing the blast radius of any attack, Xage empowers healthcare organizations to maintain continuity of care and safeguard sensitive information.

Ransomware Threats Intensify Across Critical Infrastructure

Ransomware’s impact shows no signs of fading — even as reporting varies depending on the source. According to Verizon’s 2025 Data Breach Investigations Report (DBIR), ransomware attacks increased by 37% over the past year.

Here are a few of the major ransomware-related incidents impacting critical infrastructure this month:

• Sensata Technologies: A Massachusetts-based industrial technology manufacturer experienced a ransomware attack that significantly disrupted global operations. The incident led to the shutdown of shipping, receiving, manufacturing, and other functions.
• Baltimore City Public Schools: Officials disclosed a ransomware attack from February that affected over 31,000 individuals, including students, employees, contractors, and volunteers. Stolen information included Social Security numbers, driver’s license numbers, passport information, birth certificates, and home addresses.

Xage dramatically reduces ransomware risk by enforcing a Zero Trust security model across users, devices, and applications — whether in IT, OT, or cloud environments. By protecting each asset individually, requiring continuous authentication for every action, and eliminating reliance on vulnerable VPNs and static credentials, Xage makes ransomware campaigns far less effective — minimizing both the operational impact and the blast radius of potential attacks.

VPN Vulnerabilities Surge: Edge Risks Reach New Heights

April brought fresh reminders that VPNs and edge devices remain critical weak points for many organizations.

Mandiant reported that a China-aligned threat actor is actively exploiting a critical vulnerability (CVE-2025-22457) in Ivanti Connect Secure VPNs (again). Although initially thought to be a low-risk denial-of-service issue, further research revealed the flaw could enable remote code execution on unpatched systems. Separately, CISA issued an alert regarding active exploitation of a flaw in SonicWall’s Secure Mobile Access (SMA) 100 VPN products (CVE-2021-20035).

If there was any lingering doubt about the risk, Verizon’s 2025 DBIR confirms it:

• Third-party breaches have doubled year over year, now accounting for 30% of incidents.
• Exploitation of vulnerabilities — especially in VPNs and edge devices — grew by 34%.
• Attacks targeting VPNs and edge devices rose from 3% to 22% of vulnerability-driven breaches, an almost eight-fold increase.

Xage replaces VPNs entirely with a modern, identity-based approach to secure remote access. Using Xage’s Fabric technology, organizations enforce Zero Trust at the edge, granting users, devices, and applications only the specific access they need — and nothing more. Critical systems are dynamically segmented to limit lateral movement, and security is maintained even when devices are unpatched or under attack. Xage enables employees and third parties to interact securely with infrastructure without relying on vulnerable VPN tunnels, delivering the resilience needed to eliminate risky legacy access methods.