SecurityWeek’s cybersecurity information roundup supplies a concise compilation of noteworthy tales that may have slipped below the radar.
We offer a beneficial abstract of tales that won’t warrant a complete article, however are nonetheless vital for a complete understanding of the cybersecurity panorama.
Every week, we curate and current a group of noteworthy developments, starting from the newest vulnerability discoveries and rising assault methods to vital coverage modifications and trade studies.
Listed here are this week’s tales:
BodySnatcher agentic AI hijacking
BodySnatcher (CVE-2025-12420) is an agentic AI hijacking vulnerability affecting ServiceNow, found by AppOmni and glued by ServiceNow in October 2025. Customers of on-line hosted companies want do nothing. On-premise customers ought to guarantee they use the newest ServiceNow element variations. AppOmni has revealed full particulars of the vulnerability.Commercial. Scroll to proceed studying.
Fortinet FortiSIEM vulnerability exploited
Defused Cyber reported {that a} Fortinet FortiSIEM vulnerability patched this week is being focused within the wild. The flaw is tracked as CVE-2025-64155 and it may be exploited by unauthenticated attackers for arbitrary code execution. Defused’s honeypots began recording exploitation makes an attempt on January 15. Technical particulars and a PoC exploit for CVE-2025-64155 have been launched by Horizon3, which reported the flaw to Fortinet.
Telegram IP publicity
Telegram has added a warning when customers click on on proxy hyperlinks in response to studies of a ‘vulnerability’ that may be leveraged to acquire a person’s IP handle. The strategy entails sending a hyperlink disguised as a username. When the sufferer clicks the hyperlink, they hook up with a specified proxy and expose their IP. Telegram identified that this situation just isn’t particular to its platform, however determined so as to add a warning to alert customers of disguised hyperlinks.
Russia accused of cyberattack on Poland energy system
In late December 2025, Poland’s energy grid confronted its largest cyberattack in years, which focused the communication between renewable power installations and distribution operators, Reuters [paywalled] reported. Polish officers said that the coordinated operation was efficiently repelled and didn’t trigger a blackout or compromise essential infrastructure. Officers stated Russian hackers have been the possible perpetrators behind the tried sabotage.
Venezuelan nationals prosecuted for ATM jackpotting
A bunch of 5 Venezuelan nationals has pleaded responsible or been sentenced for his or her involvement in a multi-state ATM jackpotting ring that used refined malware to steal hundreds of {dollars} throughout Georgia, Florida, and Kentucky. The group focused varied monetary establishments by exploiting machine vulnerabilities to set off money withdrawals, and all members now face jail time adopted by speedy deportation.
French telecom corporations fined €42 million
French information regulator CNIL imposed a document €42 million wonderful on telecom suppliers Free and Free Cellular for failing to guard the non-public information of 24 million subscribers throughout a 2024 cyberattack. The investigation revealed that the businesses maintained insufficient safety measures, comparable to weak VPN authentication, and unlawfully retained tens of millions of information belonging to former clients lengthy after their contracts had ended.
OT safety and 0 belief steering from CISA and NSA
CISA and the NSA launched new strategic frameworks to modernize the protection of essential infrastructure and nationwide safety methods. CISA’s steering introduces eight ‘Safe Connectivity Rules’ for OT, offering a roadmap for organizations to handle the dangers of connecting bodily industrial methods to digital networks. The NSA launched a collection of ‘Zero Belief Implementation Pointers’, providing sensible steps for transitioning from conventional perimeter defenses to a mannequin of steady authentication and monitoring.
Sean Plankey renominated for CISA director
President Donald Trump has renominated Sean Plankey for the position of director on the cybersecurity company CISA. Plankey is without doubt one of the dozens of nominees named by the White Home this week in a press launch. Plankey obtained the approval of a US Senate committee in July 2025, however has been blocked by Republican Senator Rick Scott over a Coast Guard contract.
Monroe College information breach impacts 320,000
New York-based Monroe College this week disclosed a year-old information breach impacting greater than 320,000 people. Hackers accessed the college’s methods in December 2024 and stole recordsdata containing private data.
Essential vulnerabilities uncovered transport tech agency’s methods to hacking
Researcher Eaton Zveare, finest identified for locating safety holes in platforms utilized by automotive corporations, not too long ago found essential vulnerabilities within the Bluvoyix platform of Bluspark International, which is utilized by a whole bunch of firms worldwide for ocean logistics and provide chain administration. The issues might have allowed a hacker to realize full management of the platform and entry buyer and cargo information. The vulnerabilities have now been patched, however it was not simple for the researcher to responsibly disclose his findings.
Protection Unicorns raises $136 million
Protection Unicorns secured $136 million in Collection B funding to scale its ‘software program spine’ designed for high-security, air-gapped army environments. The funding brings the corporate’s valuation to $1 billion. Its platform addresses essential cybersecurity gaps by enabling the safe deployment and steady replace of mission-critical purposes in disconnected subject settings (comparable to submarines and ahead working bases) the place conventional safety measures are unavailable.
Associated: In Different Information: Docker AI Assault, Google Sues Chinese language Cybercriminals, Coupang Hacked by Worker
Associated: In Different Information: 8,000 Ransomware Assaults, China Hacked US Gov Emails, IDHS Breach Impacts 700k
