SecurityWeek’s cybersecurity information roundup gives a concise compilation of noteworthy tales that may have slipped underneath the radar.
We offer a useful abstract of tales that won’t warrant a whole article, however are nonetheless essential for a complete understanding of the cybersecurity panorama.
Every week, we curate and current a group of noteworthy developments, starting from the newest vulnerability discoveries and rising assault methods to vital coverage modifications and trade studies.
Listed below are this week’s tales:
PromptPwnd assault
Aikido Safety has uncovered a brand new immediate injection assault technique involving GitHub Actions and AI brokers. Dubbed, PromptPwnd, the assault includes embedding malicious prompts into software program growth subject our bodies, commit messages, and PR descriptions, that are then interpreted by AI brokers similar to Gemini CLI, Claude Code, OpenAI Codex, and GitHub AI Inference as directions. At the least 5 Fortune 500 firms are affected, Aikido stated. Google patched the difficulty in Gemini CLI inside days of being notified.
Pentagon CIO orders accelerated transfer to post-quantum cryptography
The US Division of Conflict has ordered all Pentagon elements to speed up their transition to post-quantum cryptography, warning that advances in quantum computing pose a rising threat to the safety of navy techniques, knowledge, and communications.
Researchers complain about smaller macOS bug bounties
Weeks after Apple introduced a major replace to its bug bounty program, with the highest reward growing to $2 million, researchers have complained that most funds for macOS vulnerabilities have decreased considerably. Based on macOS researcher Csaba Fitzl, the highest rewards for TCC bypasses are down from $30,000 to five,000, and for macOS sandbox escapes they decreased from $10,000 to $5,000. Apple has not responded to SecurityWeek’s request for remark.
US shuts down scheme to smuggle GPUs to China
The Justice Division introduced that three people residing within the US and Canada have been caught smuggling Nvidia GPUs designed for AI functions and high-performance computing to China. Exporting the GPUs to China is strictly prohibited. One of many suspects, who pleaded responsible, acquired $50 million from China as a part of the scheme. The opposite two suspects had been detained not too long ago. “These chips are the constructing blocks of AI superiority and are integral to trendy navy functions. The nation that controls these chips will management AI expertise; the nation that controls AI expertise will management the longer term,” stated US Lawyer Nicholas Ganjei.
Holly Ventures launches $33 million cybersecurity fund
Holly Ventures introduced the launch of a $33 million debut fund for early-stage cybersecurity startups within the US and Israel. Based by John Brennan, former senior accomplice at YL Ventures, Holly Ventures is backed by buyers from Bessemer Enterprise Companions, Ballistic Ventures, CRV, Wing Ventures, IVP, TCV, Notable Capital, Team8, BrightMind, Ten Eleven Ventures, and others. The corporate goals to supply not solely funding but in addition direct GP engagement, working assist, and a high-density community.
Routers are essentially the most attacked gadgets in OT environments
A honeypot evaluation carried out by Forescout has proven that industrial routers are essentially the most attacked gadgets in OT environments. Routers and different OT community perimeter gadgets captured two-thirds of assaults, whereas uncovered OT gadgets captured the remainder of the assaults. The evaluation has additionally targeted on the RondoDox and ShadowV2 botnets and the continued curiosity from hacktivists.
ENISA publishes cybersecurity investments report
ENISA has printed its NIS Investments 2025 report, which analyzes the cybersecurity investments of organizations within the European Union. The research discovered that over the previous 12 months organizations have maintained their investments at ranges similar to the prior 12 months. As well as, the research discovered that general cybersecurity spending has elevated modestly, and that the majority organizations have largely steady safety groups by way of dimension.
CISA updates cybersecurity efficiency objectives for crucial infrastructure
CISA has launched an up to date model of the Cross-Sector Cybersecurity Efficiency Objectives (CPG) to assist crucial infrastructure operators obtain a minimal safety baseline. CPG 2.0 incorporates classes realized, aligns with the newest NIST Cybersecurity Framework revisions, and addresses essentially the most impactful threats dealing with crucial infrastructure.
DroidLock Android ransomware
Zimperium has detailed DroidLock, an Android malware concentrating on Spanish customers. The malware spreads via phishing websites and it has ransomware capabilities. It will possibly lock the system’s display screen and permits cybercriminals to take full management of the compromised system.
Members of China’s Salt Hurricane hacking group had been Cisco Academy college students
Two people from China who had been extremely profitable college students within the Cisco Community Academy Cup in 2012 later grew to become key operators of the APT group Salt Hurricane, SentinelOne studies. The hackers’ early schooling on Cisco merchandise doubtless enabled them to orchestrate some of the expansive intelligence assortment operations of the final decade, concentrating on over 80 telecommunications firms globally.
Associated: In Different Information: HashJack AI Browser Assault, Charming Kitten Leak, Hacker Unmasked
Associated: In Different Information: X Fined €120 Million, Array Flaw Exploited, New Iranian Backdoor
