SecurityWeek’s cybersecurity information roundup supplies a concise compilation of noteworthy tales which may have slipped underneath the radar.
We offer a useful abstract of tales that will not warrant a whole article, however are nonetheless necessary for a complete understanding of the cybersecurity panorama.
Every week, we curate and current a group of noteworthy developments, starting from the most recent vulnerability discoveries and rising assault strategies to vital coverage adjustments and trade experiences.
Listed below are this week’s tales:
Russian man pleads responsible over Yanluowang ransomware assaults
Aleksei Olegovich Volkov, a 25-year-old Russian nationwide, has pleaded responsible to costs associated to his position as an preliminary entry dealer for the Yanluowang ransomware group in 2021 and 2022, CyberScoop reported. Prosecutors mentioned two of the group’s victims paid a complete of $1.5 million in ransoms. Volkov was arrested in Italy in 2024 and extradited to the USA, the place he faces as much as 53 years in jail.
Asahi brewer’s provide crippled by ransomware one month after assault
Japan’s largest brewer, Asahi, continues to undergo extreme disruption to its home order and logistics methods greater than a month after a ransomware assault by the Qilin group. The incident pressured the corporate to revert to handbook processing, chopping beer shipments to roughly 10% of standard volumes throughout Japan’s peak season, The Japan Instances reported. The extended disruption has allowed rivals to realize market share.Commercial. Scroll to proceed studying.
Synology patches vulnerability disclosed at Pwn2Own
Synology launched a patch for a vital distant code execution vulnerability in its BeeStation OS that was efficiently demonstrated on the Pwn2Own Eire 2025 competitors. The flaw is recognized as CVE-2025-12686. Researchers from Synacktiv had been awarded $40,000 for locating and exploiting the difficulty. QNAP has additionally launched patches for flaws disclosed at Pwn2Own.
Amazon begins personal AI bug bounty program
Amazon has launched a brand new personal AI bug bounty program to strengthen its basis fashions, together with Amazon Nova. The invite-only program goals to interact safety researchers and college consultants to search out and repair safety vulnerabilities, biases, and potential for dangerous actions like immediate injection and CBRN (Chemical, Organic, Radiological, and Nuclear) menace help. This initiative enhances Amazon’s present public bug bounty program and presents rewards starting from $200 to $25,000.
Home windows Kerberos delegation flaw permits full area management
Silverfort found a brand new Home windows Kerberos delegation vulnerability, tracked as CVE-2025-60704 and dubbed ‘CheckSum’, which impacts any group utilizing Energetic Listing with delegation enabled. The flaw permits an attacker who has gained preliminary entry to an atmosphere to impersonate arbitrary customers, escalate privileges, and finally acquire management over your complete area. Microsoft has issued an replace as a part of Patch Tuesday to handle the vulnerability, which carries a CVSS rating of seven.5.
Researchers uncover Sora 2 system immediate
Researchers from Mindgard efficiently extracted the hidden system immediate (the core inside directions) from OpenAI’s Sora 2 video technology mannequin. The group achieved this utilizing a method that concerned asking the mannequin to disclose its hidden directions via textual content, picture, video, and audio technology. Whereas textual content and image-based assaults produced solely fragments, audio technology (particularly with transcripts enabled) allowed the researchers to sew collectively an almost full system immediate.
Deepwatch lays off workers to spice up AI
Cybersecurity agency Deepwatch has laid off between 60 and 80 workers, representing roughly 1 / 4 of its whole workforce, TechCrunch reported. CEO John DiLullo said the restructuring is critical to “speed up our vital investments in AI and automation” and improve the corporate’s know-how capabilities.
Apple fixes Compressor code execution flaw
Apple launched the Compressor 4.11.1 replace for macOS Sequoia 15.6 and later to handle a vulnerability (CVE-2025-43515) that would enable an unauthenticated consumer on the identical community to execute arbitrary code. The safety subject was mitigated by modifying the software program to now refuse exterior connections by default.
Google experiences 1000x discount in Android reminiscence bugs with Rust
Google’s Android group reported that utilizing the Rust programming language has led to a 1000x discount within the density of reminiscence security vulnerabilities in comparison with C and C++ code. The shift to Rust has made the safe improvement path quicker, with Rust adjustments requiring 25% much less time in code evaluate and having a 4x decrease rollback price than C++.
EchoGram assault undermines AI guardrails
HiddenLayer researchers have uncovered EchoGram, a brand new assault method that undermines frequent AI protection mechanisms like textual content classification and ‘LLM-as-a-judge’ guardrails. The exploit makes use of particular token sequences to govern the defensive mannequin’s verdict, permitting malicious prompts to be permitted or inflicting false alarms. This systemic vulnerability impacts defenses utilized in main fashions like GPT-4, Gemini, and Claude.
Associated: In Different Information: Controversial Ransomware Report, Gootloader Returns, Extra AN0M Arrests
Associated: In Different Information: WhatsApp Passkey-Encrypted Backups, Russia Targets Meduza Malware, New Mastercard Answer
