SecurityWeek’s cybersecurity information roundup offers a concise compilation of noteworthy tales that may have slipped beneath the radar.
We offer a helpful abstract of tales that won’t warrant a complete article, however are nonetheless essential for a complete understanding of the cybersecurity panorama.
Every week, we curate and current a set of noteworthy developments, starting from the newest vulnerability discoveries and rising assault methods to vital coverage adjustments and trade reviews.
Listed here are this week’s tales:
ShinyHunters stole information of Gucci, Balenciaga and Alexander McQueen prospects
The ShinyHunters group could have stolen the knowledge of hundreds of thousands of consumers of luxurious manufacturers Gucci, Balenciaga and Alexander McQueen, BBC reported. Dad or mum firm Kering has confirmed struggling an information breach, however mentioned no monetary info was compromised. The hackers claimed to have stolen information related to 7.4 million distinctive electronic mail addresses.
Goshen Medical Middle information breach impacts 450,000
Goshen Medical Middle, a healthcare group in North Carolina, has disclosed an information breach impacting greater than 450,000 folks. The corporate has confirmed that hackers stole private and well being info months after the BianLian ransomware group listed the group on its leak web site. It’s unclear what occurred to the stolen information because the BianLian group has not been lively since March. Commercial. Scroll to proceed studying.
Retina Group of Florida information breach
One other vital healthcare information breach was reported by ophthalmology observe Retina Group of Florida. The group detected an intrusion in November 2024 and its investigation confirmed that the knowledge of over 150,000 folks could have been compromised because of the incident.
Essential Chaos-Mesh vulnerabilities
JFrog found 4 vulnerabilities within the Chaos engineering platform Chaos-Mesh, together with three critical-severity flaws that may very well be exploited for code execution on any pod within the cluster. Named Chaotic Deputy, the safety defects are tracked as CVE-2025-59358, CVE-2025-59360, CVE-2025-59361 and CVE-2025-59359 and had been addressed in Chaos-Mesh model 2.7.3.
ShinyHunters claims theft of 1.5 billion information in Salesforce hack
The cybercrime group ShinyHunters claims to have stolen 1.5 billion information from 760 firms within the latest Salesforce–Salesloft assault, Bleeping Laptop reported. Many cybersecurity corporations have confirmed being impacted, however the claims of these kind of hacking teams have usually been exaggerated.
DeepSeek AI generates much less safe code for China dissident teams
Analysis performed by CrowdStrike exhibits that the code generated by the AI of Chinese language agency DeepSeek is much less safe if the request specifies that the code is for dissidents or different teams which may be thought of delicate by the Chinese language authorities. If the request to DeepSeek specifies that the code is for the banned non secular motion Falun Gong or the Islamic State, the AI could refuse to generate code. If it doesn’t refuse, the code is extra more likely to include vulnerabilities, and so is within the case of code generated for Tibet and Taiwan. Code for industrial management techniques is the most definitely to include safety flaws.
Claroty publishes International State of CPS Safety report
Claroty has revealed a report titled ‘International State of CPS Safety 2025: Navigating Danger in an Unsure Financial Panorama’. Primarily based on a survey of 1,100 cybersecurity professionals, the report exhibits that 49% imagine shifting world financial insurance policies and geopolitical tensions are driving elevated danger throughout cyber-physical system (CPS) belongings and processes. Greater than three-quarters imagine rising laws will pressure them to overtake their present CPS safety methods.
Atlassian, Mozilla, WatchGuard, Nokia patches
Atlassian launched patches for 4 vulnerabilities in third-party elements utilized in Confluence, Jira, and Jira Service Administration Information Middle and Server. Mozilla rolled out Thunderbird and Firefox updates that resolve roughly a dozen bugs. WatchGuard introduced fixes for CVE-2025-9242, a critical-severity flaw in Fireware OS that might result in distant code execution, with out authentication. Nokia knowledgeable prospects about Nokia Container Service (NCS) and CloudBand Infrastructure Software program (CBIS) flaws permitting authentication bypass and distant code execution.
Eve Safety raises $3 million in seed funding
Austin, Texas-based Eve Safety introduced that it has raised $3 million in a seed funding spherical from LiveOak Ventures and Tau Ventures. The corporate additionally introduced the launch of its product, EveGuard, an agentic AI observability and coverage enforcement platform. The platform leverages Agent-in-the-Loop (AITL) expertise to make sure the safety of AI brokers interacting with an organization’s vital enterprise techniques.
Associated: In Different Information: $900k for XSS Bugs, HybridPetya Malware, Burger King Censors Analysis
Associated: In Different Information: Scammers Abuse Grok, US Manufacturing Assaults, Gmail Safety Claims Debunked
