SecurityWeek’s cybersecurity information roundup offers a concise compilation of noteworthy tales that may have slipped beneath the radar.
We offer a invaluable abstract of tales that will not warrant a whole article, however are nonetheless vital for a complete understanding of the cybersecurity panorama.
Every week, we curate and current a group of noteworthy developments, starting from the most recent vulnerability discoveries and rising assault methods to vital coverage modifications and trade experiences.
Listed below are this week’s tales:
ShinyHunters stole knowledge of Gucci, Balenciaga and Alexander McQueen prospects
The ShinyHunters group could have stolen the knowledge of tens of millions of consumers of luxurious manufacturers Gucci, Balenciaga and Alexander McQueen, BBC reported. Guardian firm Kering has confirmed struggling an information breach, however mentioned no monetary data was compromised. The hackers claimed to have stolen knowledge related to 7.4 million distinctive e mail addresses.
Goshen Medical Heart knowledge breach impacts 450,000
Goshen Medical Heart, a healthcare group in North Carolina, has disclosed a knowledge breach impacting greater than 450,000 individuals. The corporate has confirmed that hackers stole private and well being data months after the BianLian ransomware group listed the group on its leak web site. It’s unclear what occurred to the stolen knowledge because the BianLian group has not been lively since March.
Retina Group of Florida knowledge breach
One other vital healthcare knowledge breach was reported by ophthalmology observe Retina Group of Florida. The group detected an intrusion in November 2024 and its investigation confirmed that the knowledge of over 150,000 individuals could have been compromised because of the incident.
Crucial Chaos-Mesh vulnerabilities
JFrog found 4 vulnerabilities within the Chaos engineering platform Chaos-Mesh, together with three critical-severity flaws that may very well be exploited for code execution on any pod within the cluster. Named Chaotic Deputy, the safety defects are tracked as CVE-2025-59358, CVE-2025-59360, CVE-2025-59361 and CVE-2025-59359 and had been addressed in Chaos-Mesh model 2.7.3.
ShinyHunters claims theft of 1.5 billion information in Salesforce hack
The cybercrime group ShinyHunters claims to have stolen 1.5 billion information from 760 firms within the current Salesforce–Salesloft assault, Bleeping Pc reported. Many cybersecurity companies have confirmed being impacted, however the claims of a lot of these hacking teams have typically been exaggerated.
DeepSeek AI generates much less safe code for China dissident teams
Analysis performed by CrowdStrike exhibits that the code generated by the AI of Chinese language agency DeepSeek is much less safe if the request specifies that the code is for dissidents or different teams that could be thought-about delicate by the Chinese language authorities. If the request to DeepSeek specifies that the code is for the banned religious motion Falun Gong or the Islamic State, the AI could refuse to generate code. If it doesn’t refuse, the code is extra prone to include vulnerabilities, and so is within the case of code generated for Tibet and Taiwan. Code for industrial management programs is the almost certainly to include safety flaws.
Claroty publishes International State of CPS Safety report
Claroty has revealed a report titled ‘International State of CPS Safety 2025: Navigating Danger in an Unsure Financial Panorama’. Primarily based on a survey of 1,100 cybersecurity professionals, the report exhibits that 49% imagine shifting international financial insurance policies and geopolitical tensions are driving elevated danger throughout cyber-physical system (CPS) belongings and processes. Greater than three-quarters imagine rising laws will power them to overtake their present CPS safety methods.
Atlassian, Mozilla, WatchGuard, Nokia patches
Atlassian launched patches for 4 vulnerabilities in third-party parts utilized in Confluence, Jira, and Jira Service Administration Information Heart and Server. Mozilla rolled out Thunderbird and Firefox updates that resolve roughly a dozen bugs. WatchGuard introduced fixes for CVE-2025-9242, a critical-severity flaw in Fireware OS that might result in distant code execution, with out authentication. Nokia knowledgeable prospects about Nokia Container Service (NCS) and CloudBand Infrastructure Software program (CBIS) flaws permitting authentication bypass and distant code execution.
Eve Safety raises $3 million in seed funding
Austin, Texas-based Eve Safety introduced that it has raised $3 million in a seed funding spherical from LiveOak Ventures and Tau Ventures. The corporate additionally introduced the launch of its product, EveGuard, an agentic AI observability and coverage enforcement platform. The platform leverages Agent-in-the-Loop (AITL) know-how to make sure the safety of AI brokers interacting with an organization’s important enterprise programs.
Associated: In Different Information: $900k for XSS Bugs, HybridPetya Malware, Burger King Censors Analysis
Associated: In Different Information: Scammers Abuse Grok, US Manufacturing Assaults, Gmail Safety Claims Debunked
