Top Cybersecurity News Stories From May 2025
From the RSAC Conference’s main-stage revelations to real-world ransomware wake-up calls, it’s no longer about if a breach happens. It’s what you do next that counts.
May’s news coverage shows organizations are starting to turn to resilience over prevention and reality over wishful thinking.
This month’s news features insights from top security experts on:
- Forbes’ top takeaways from RSAC 2025
- Why breach containment is the solution to today’s post-breach world
- John Kindervag’s philosophy behind Zero Trust
- The most recent ransomware attack to hit the UK grocery supply chain
Forbes on RSAC 2025: cyber defense has new rules
In his Forbes recap of this year's RSA Conference, “Agentic AI, Identity And The New Rules Of Cyber Defense,” cybersecurity journalist Tony Bradley summed up the event as “a mix of urgency and cautious optimism” driven by changes in threat vectors, AI capabilities, and the collapse of traditional network perimeters.
One of the biggest — and most anticipated — trends at this year’s conference was AI. But Bradley noted that it wasn’t all hype.
“This year focused on the reality: the need for accountability, automation, and smarter adaptation,” he wrote.
One new AI solution he spotlighted was Illumio Insights, the first cloud detection and response (CDR) powered by an AI security graph. Insights helps security teams make sense of complex environments, spot threats, and take action faster.
Bradley sees it as part of a bigger push to simplify security, even as systems get more complex.
He also pointed out that traditional threats like email attacks and insider risks aren’t going away. And on top of those continued threats, AI is now being used by both defenders and attackers.
That’s why companies need better tools and stronger defenses. “It’s not about building walls. It’s about preparing for a world without them,” Bradley said.
This is exactly where Illumio fits in — helping security teams stay ahead by seeing more, responding faster, and keeping threats from spreading.
“It’s not about building walls. It’s about preparing for a world without them.”
— Tony Bradley, Forbes
We’re living in a post-breach world — here's how to secure it
At RSAC 2025, Illumio founder and CEO Andrew Rubin sat down with Terry Sweeney from Dark Reading to unpack what it means to live in a post-breach world for the video and article, “RSAC 2025: Illumio Prepares for Cybersecurity in a ‘Post-Breach World’.”
“We are never again going to live in a world where breaches are not part of reality,” Rubin explained.
From hospitals to school districts to government agencies, he said, the frequency and severity of breaches have reached a point where we need to stop pretending they’re rare. “If you don’t admit the problem, you can’t possibly figure out how to solve it.”
Rubin made it clear that this mindset isn’t about giving up but about getting smarter. “We’re not claiming that we’re powerless,” he said. “But we also have to acknowledge that we’re not going to stop everything.”
That’s why Illumio focuses on containment, helping organizations survive and recover faster when breaches do happen. It’s a shift from trying to prevent every attack to building resilience.
“We need a strategy and a framework focused on how we survive and thrive when we miss,” he said.
The Illumio Breach Containment Platform is rooted in the security graph.
“The only technology that really is going to be capable of keeping up with the threat landscape is thinking about everything in terms of the security graph,” Rubin explained.

That means mapping how assets, systems, and users are connected, just like attackers do, so defenders can find “every needle in every haystack.”
AI, in Rubin’s view, will be a game-changer for both sides. But defenders have a real chance to win if they move fast. “Both the one who leverages it better and leverages it more will have the upper hand,” he said.
Illumio is using AI to scan the graph, identify threats faster, and reduce blast radius when breaches happen. “We’re embracing it as much as possible,” Rubin said, adding that combining AI with graph-based insights gives security teams a major edge.
Finally, Rubin tied it all back to Zero Trust. With Zero Trust creator John Kindervag serving as Illumio’s chief evangelist, Rubin reminded viewers: “Zero Trust is not a vendor and it certainly isn’t a product. Zero Trust is a strategy, an architecture, and a framework.”
“We need a strategy and a framework focused on how we survive and thrive when we miss.”
— Andrew Rubin, Illumio founder and CEO
In today’s post-breach world, Zero Trust isn’t just helpful. It’s essential.
“Nobody says give up on defense,” Rubin says. “What we say is we now need another set of tools to contain these things, stop them faster, and prevent them from becoming disasters.”
John Kindervag: a hacker who builds instead of breaks
.webp)
John Kindervag isn’t your typical hacker. He’s not breaking into systems for profit or chaos. Instead, he’s building bold new ideas from the ground up. As the creator of Zero Trust and now chief evangelist at Illumio, Kindervag continues to shape the cybersecurity industry.
In a recent interview with Kevin Townsend for SecurityWeek’s Hacker Conversations series, he shared how his hacker roots still influence the way he thinks — even if he’s hacking in a very different way today.
Kindervag’s philosophy is rooted in creation, not destruction. Townsend sees Kindervag aligning more with traditional definitions of hacking that pre-date the concept of breaking computers to steal things. Instead, early hackers were focused on remixing new ideas to make new ones.
Kindervag didn’t develop Zero Trust from nothing. Instead, he took traditional security ideas like “trust but verify” and transformed them into something new and powerful: “Always verify first, and only then trust.”
But Kindervag worries that today’s idea of hacking has lost its soul. “We’re not that cohesive unit of people looking out for each other anymore,” he said.
The old-school hacker community — once motivated by curiosity, learning, and a desire to make things better — is fading. With the loss of figures like Kevin Mitnick and Dan Kaminsky, he sees a shift from communal discovery to individual profit and notoriety. “I don’t know if that same motivation continues today.”
In the end, Kindervag reminds us that hacking is less about exploits and more about innovation. Whether it’s developing Unix or inventing Zero Trust, the best hacks change the way we think.
UK retail sector hit again with ransomware
Another week, another cyberattack — and this one’s hitting all major UK supermarkets.
Peter Green Chilled, a major chilled and frozen food distributor for top UK grocers like Tesco, Asda, and M&S, confirmed a ransomware attack that’s frozen its ability to process new orders. Connor Jones details the attack in The Register article, Ransomware attack on food distributor spells more pain for UK supermarkets.

Jones reports that the fallout has been thousands of pounds of fresh food stuck in limbo. And it will likely cost suppliers hundreds of thousands of pounds in perishable stock.
The attack reportedly began on May 14, with emails to customers going out the next day. While Peter Green says its transport activities are still running, the company has gone dark publicly — declining comment, blocking incoming calls, and bouncing external emails.
Meanwhile, supermarkets are scrambling and suppliers are taking the hit. Large suppliers and grocers will likely be able to weather the storm. But Jones said that smaller businesses don’t have the same cushion. In the meantime, customers aren’t able to purchase Peter Green’s food offerings.
This is the dangerous ripple effect of supply chain attacks. When a single player goes down, the impact spreads fast and wide. Especially in the grocery sector, cyberattacks can become a public emergency.
“This latest attack on Peter Green Chilled highlights a troubling trend,” said Raghu Nandakumara, senior director of industry solutions marketing at Illumio. “The UK retail sector is under siege from increasingly aggressive cybercriminals.”
And it’s not just about stolen data anymore. “We’re seeing a shift from data theft to outright operational disruption,” Nandakumara explained. Attackers are going after systems that keep the world turning, like food delivery, healthcare, and transportation, because the pressure to pay up skyrockets when real-world operations grind to a halt.
“Attackers are going after systems that keep the world turning.”
— Raghu Nandakumara, Illumio senior director of industry solutions marketing
What’s the solution? According to Nandakumara, it’s operational resilience. The old patch-and-pray strategy doesn’t work anymore (if it ever did). Retailers need controls that keep attackers from reaching their most critical systems in the first place.
This is where segmentation comes in. It’s no longer enough to just lock down your perimeter and hope that you will prevent all breaches. You must be prepared to contain inevitable breaches.
As the ransomware attackers’ playbook evolves, defenders need to move from reactive to proactive — because you don’t know when you or your supply chain will get breached next.
Contact us today to learn how Illumio can help you contain the breach.