SecurityWeek’s cybersecurity information roundup offers a concise compilation of noteworthy tales that may have slipped underneath the radar.
We offer a worthwhile abstract of tales that will not warrant a whole article, however are nonetheless essential for a complete understanding of the cybersecurity panorama.
Every week, we curate and current a group of noteworthy developments, starting from the most recent vulnerability discoveries and rising assault methods to important coverage modifications and business reviews.
Listed below are this week’s tales:
Hackers promoting passports and ID playing cards stolen from Italian motels
Italy’s CERT-AGID company has revealed {that a} hacker has been providing to promote tens of hundreds of passports, ID playing cards and different identification paperwork allegedly stolen from motels in Italy. A hacker utilizing the web moniker ‘mydocs’ has been providing the information on a cybercrime discussion board for the previous week. The passport and ID card scans had been allegedly obtained in June and July from three Italian motels.
Russia behind federal courtroom submitting system hack
A sustained effort to infiltrate the US’ federal courtroom submitting system is believed to have concerned Russian hackers, the New York Occasions reported. It’s unclear precisely which risk group could also be accountable, however an investigation discovered that the hackers compromised sealed information, together with ones associated to instances involving folks with Russian and Japanese European names. Commercial. Scroll to proceed studying.
Scammers from Ghana extradited to US
A number of Ghanaian nationals accused of being concerned in romance and enterprise e-mail compromise (BEC) scams have been extradited to the US. They’re believed to have made greater than $100 million. A number of the suspects are accused of being leaders within the legal enterprise.
XZ Utils backdoor in Docker photos
A provide chain assault involving backdoored variations of the XZ Utils knowledge compression library made many headlines final 12 months. The backdoor was the results of an extended and complex operation, and the assault led to the backdoored model being distributed to main Linux distros. Binarly reported this week that 35 Docker photos obtainable on Docker Hub nonetheless ship the backdoor. These tainted base photos can unfold the backdoor into numerous downstream builds, Binarly warned.
Pennsylvania legal professional basic focused in cyberattack
The Pennsylvania workplace of the legal professional basic has been focused in a cyberattack that induced important disruptions. The Pennsylvania OAG introduced that its web site, e-mail accounts and cellphone strains had been offline because of the incident. It took a number of days to revive a lot of the impacted companies.
Zoom patches crucial vulnerability
Zoom this week knowledgeable clients about patches for 2 vulnerabilities. One in every of them is CVE-2025-49457, a crucial untrusted search path situation affecting Home windows purchasers. An unauthenticated attacker can exploit the vulnerability to escalate privileges through community entry. The second flaw is a medium-severity race situation in Home windows purchasers, permitting unauthenticated attackers to impression integrity by native entry.
F5 patches
F5 has revealed its August 2025 Quarterly Safety Notification, informing clients concerning the newest vulnerabilities patched in its merchandise. A number of of the failings have been assigned a ‘excessive severity’ ranking, together with ones affecting Massive-IP and F5 Entry for Android. Exploitation may result in site visitors interception, privilege escalation, and DoS assaults.
Dragos publishes ransomware and monetary danger reviews
Industrial cybersecurity agency Dragos has revealed its 2025 OT Safety Monetary Threat Report in collaboration with Marsh McLennan. The report reveals that the monetary danger related to OT cybersecurity occasions in a typical 12 months is $31.1 billion. The research additionally discovered that $12.7 billion of that’s linked on to enterprise interruption (BI) insurance coverage claims, and the businesses warned that international losses may attain as much as $329.5 billion, with $172.4 billion from OT-related BI claims in a extreme state of affairs. Dragos has additionally revealed its newest quarterly ransomware report.
Canada’s Home of Commons focused by hackers
Canada’s Home of Commons has been focused in a cyberattack that concerned exploitation of a current unspecified Microsoft product vulnerability. The attackers gained entry to worker info, CBC Information reported. The hackers additionally accessed a database storing info used for managing computer systems and cellular units.
Cyberattack threatened water provide of metropolis in Poland
A Polish official claimed {that a} current cyberattack may have resulted in a metropolis shedding its water provide, however the assault was thwarted, Reuters reported. It’s unclear who was behind the assault and which metropolis was focused. The water sector is often focused by risk actors, however attackers or victims exaggerating impression just isn’t extraordinary.
Associated: In Different Information: Nvidia Says No to Backdoors, Satellite tv for pc Hacking, Power Sector Evaluation
Associated: In Different Information: Microsoft Probes ToolShell Leak, Port Cybersecurity, Raspberry Pi ATM Hack
