SecurityWeek’s cybersecurity information roundup supplies a concise compilation of noteworthy tales that may have slipped beneath the radar.
We offer a beneficial abstract of tales that won’t warrant a complete article, however are nonetheless essential for a complete understanding of the cybersecurity panorama.
Every week, we curate and current a set of noteworthy developments, starting from the newest vulnerability discoveries and rising assault methods to vital coverage adjustments and trade studies.
Hacker helped drug cartel kill FBI sources
A hacker employed by drug lord El Chapo’s cartel retrieved knowledge from the FBI Assistant Authorized Attache’s (ALA T) telephone and compromised Mexico Metropolis’s digicam system to observe the ALA T and determine individuals they have been assembly with. “The cartel used that info to intimidate and, in some cases, kill potential sources or cooperating witnesses,” a Justice Division watchdog report (PDF) reveals.
Jail for disgruntled IT employee who hacked former employer
Mohammed Umar Taj, 31, of Hyrst Garth, Batley, UK, was sentenced to seven months and 14 days in jail for unlawfully accessing his former employer’s premises, altering login credentials, and altering entry credentials and multi-factor authentication configuration to disrupt the corporate’s operations.
Researchers achieve full management of automotive by intercepting CAN dataAdvertisement. Scroll to proceed studying.
Pen Check Companions researchers clarify how they tapped into the CAN bus of a 2016 Renault Clio utilizing low-cost wire splicers, and intercepted CAN knowledge to realize management of the automobile. After mapping steering, brake, and throttle indicators to a recreation controller, they basically turned the automotive right into a Mario Kart controller.
Important Sudo vulnerability lingered for 12 years in most Linux servers
Sudo, the privileged command-line instrument in Linux programs, this week patched a essential vulnerability that would enable attackers to execute root instructions even when they weren’t within the sudoers file. Tracked as CVE-2025-32463 (CVSS rating of 9.3), the difficulty was launched in sudo 1.9.14 and resolved in sudo 1.9.17p1. In line with Stratascale, legacy sudo variations aren’t affected.
Crylock ransomware developer will get seven years in jail
The Brussels prison courtroom sentenced the Russian developer of Crylock ransomware, who additionally led the malware’s deployment on 1000’s of computer systems, to seven years in jail. His former co-conspirator, a feminine concerned in promoting Crylock and negotiating with the victims, was sentenced to 5 years. Regulation enforcement seized over €60 million (~$70 million) in cryptocurrency representing unlawful proceeds from the ransomware operation.
DataBahn.ai raises $17 million in Sequence A funding
Safety-native knowledge pipeline platform DataBahn.ai has raised $17 million in a Sequence A funding spherical led by Forgepoint Capital. With $19 million raised up to now, the startup will deal with the event of its platform roadmap for agentic AI, to offer enterprises with elevated visibility and management over their knowledge pipelines.
Federal Swiss knowledge stolen in ransomware assault
A ransomware assault on well being promotion non-profit Radix has resulted in federal Swiss knowledge compromise, the nation’s authorities introduced. “Radix’s prospects embody numerous federal workplaces. The info has been printed on the darkish net and can now be analysed by the related workplaces,” the federal government mentioned. Radix instantly discontinued the impacted programs, and mentioned it might restore all knowledge from undamaged backups.
Two arrested in Spain for promoting private info of officers, journalists
Spain’s Nationwide Police introduced the arrest of two people concerned within the exfiltration and buying and selling of non-public info belonging to high-ranking state and authorities officers, and journalists. The 2 additionally provided credentials belonging to political events and accepted funds in cryptocurrency.
US sanctions bulletproof internet hosting supplier Aeza Group
The US Treasury sanctioned Russian bulletproof internet hosting companies supplier Aeza Group for supporting ransomware and different malware gangs, akin to BianLian ransomware, and the Lumma, Meduza, and RedLine infostealers. The US additionally designated Aeza Worldwide Ltd., the UK department of the corporate, together with its Russian subsidiaries, its CEO and 33% proprietor Arsenii Aleksandrovich Penzev, common director and 33% proprietor Yurii Meruzhanovich Bozoyan, technical director Vladimir Vyacheslavovich Gast, and 33% proprietor Igor Anatolyevich Knyazev.
Former ransomware negotiator beneath investigation
A former worker of cybersecurity consulting DigitalMint, which negotiates with hackers throughout cyberattacks and facilitates ransom funds, is beneath investigation for allegedly taking advantage of extortion funds. DigitalMint has confirmed the matter, saying it’s cooperating with the prison investigation into the previous worker’s alleged unauthorized conduct.
Associated: In Different Information: Norway Dam Hacked, $177M Knowledge Breach Settlement, UNFI Assault Replace
Associated: In Different Information: Viasat Hacked by China, Washington Publish Cyberattack, Crowhammer
