SecurityWeek’s cybersecurity information roundup offers a concise compilation of noteworthy tales which may have slipped beneath the radar.
We offer a invaluable abstract of tales that won’t warrant a complete article, however are nonetheless necessary for a complete understanding of the cybersecurity panorama.
Every week, we curate and current a set of noteworthy developments, starting from the newest vulnerability discoveries and rising assault methods to vital coverage modifications and business stories.
Listed below are this week’s tales:
US Division of Warfare unveils new cybersecurity framework
The Division of Warfare has introduced a brand new Cybersecurity Threat Administration Assemble (CSRMC) to modernize its cyber defenses. The CSRMC is a five-phase, ten-tenet framework that replaces guide processes with a dynamic, automated method to make sure steady monitoring and real-time protection. The objective is to embed cybersecurity into each stage of system growth and operations for the technological superiority of warfighters towards evolving threats.
Dragos unveils main platform replace
ICS/OT cybersecurity agency Dragos has introduced Dragos Platform 3.0, a significant replace that delivers new capabilities to empower defenders to behave sooner and extra confidently. The up to date platform brings a brand new Insights Hub for consolidating alerts, streamlined workflows, AI-enhanced vulnerability processes, and smaller footprint deployment choices.
3 million impacted by hack at South Korean bank card firm
South Korean bank card firm Lotte Card was just lately focused in a hacker assault that resulted within the data of practically three million individuals being compromised. The stolen knowledge consists of data comparable to resident registration numbers, digital fee codes and, within the case of 280,000 prospects, extremely delicate card data that can be utilized for fraud.
LockBit 5.0
Following a legislation enforcement crackdown on the LockBit ransomware operation, cybercriminals just lately introduced the discharge of LockBit 5.0. Pattern Micro researchers have analyzed LockBit 5.0, together with the Home windows, Linux and ESXi variants of the ransomware. The safety agency famous that the brand new variants use randomized 16-character file extensions, are configured to keep away from Russian-language programs, and clear occasion logs after encryption.
Maryland Transit Administration focused by ransomware group
The Maryland Transit Administration (MTA) has disclosed a cybersecurity incident that concerned unauthorized entry to a few of its programs. The incident resulted in some on-line providers being disrupted and the MTA confirmed that some knowledge was stolen within the assault. The Rhysida ransomware group took credit score for the assault.
Vulnerability affecting OnePlus smartphones disclosed with out patch
Rapid7 has disclosed the technical particulars of a vulnerability affecting OnePlus smartphones after it was not capable of responsibly report its findings to the seller. The safety gap (CVE-2025-10184) impacts OxygenOS and it may enable a malicious app to learn SMS/MMS knowledge and metadata with none consumer interplay, doubtlessly exposing MFA codes. After Rapid7 printed a weblog publish describing its findings, OnePlus advised the safety agency that it’s investigating the problem.
Microsoft says AI detected AI-aided phishing marketing campaign
Microsoft says its AI-powered safety programs had been capable of detect and block a phishing marketing campaign that leveraged AI to obfuscate a payload in an effort to evade defenses. An evaluation of the malicious code by Microsoft’s Safety Copilot revealed that the code was “not one thing a human would sometimes write from scratch as a result of its complexity, verbosity, and lack of sensible utility.”
Over 270,000 Indian financial institution switch information uncovered
Researchers at UpGuard found an unprotected Amazon S3 storage bucket containing greater than 270,000 paperwork, every detailing a cash switch pertaining to one among 38 Indian banks. The uncovered data included checking account numbers, transaction quantities, names, telephone numbers, and e mail addresses. UpGuard has not been capable of decide the supply of the leak.
Co-op misplaced £206 million in gross sales as a result of cyberattack
Co-op reported this week that the latest cyberattack has price it £206 million ($275 million) in misplaced gross sales. The cyberattack resulted in a knowledge breach impacting the data of 6.5 million members. The disruptions attributable to the incident led to digital fee points and empty retailer cabinets. Marks & Spencer, which was focused in the identical assault, estimated in Might that the incident would price it £300 million (roughly $400 million).
Associated: In Different Information: 600k Hit by Healthcare Breaches, Main ShinyHunters Hacks, DeepSeek’s Coding Bias
Associated: In Different Information: $900k for XSS Bugs, HybridPetya Malware, Burger King Censors Analysis
