SecurityWeek’s cybersecurity information roundup supplies a concise compilation of noteworthy tales that may have slipped below the radar.
We offer a priceless abstract of tales that won’t warrant a whole article, however are nonetheless necessary for a complete understanding of the cybersecurity panorama.
Every week, we curate and current a set of noteworthy developments, starting from the most recent vulnerability discoveries and rising assault methods to vital coverage modifications and trade experiences.
Listed here are this week’s tales:
Suspected Scattered Spider members plead not responsible to TfL assault
Thalha Jubair and Owen Flowers, the 2 suspected Scattered Spider members arrested earlier this 12 months within the UK, have pleaded not responsible to the costs accusing them of launching a disruptive cyberattack towards Transport for London (TfL). Jubair has additionally been charged within the US, the place he has been accused of hacking into networks, stealing and encrypting victims’ knowledge, and extorting them.
HashJack assault targets AI browsers
Researchers at Cato Networks have disclosed HashJack, a brand new oblique immediate injection assault focusing on AI browser assistants. HashJack entails malicious prompts being hidden after the ‘#’ image in respectable URLs. AI browser assistants in Comet, Edge, and Chrome execute the instructions after they course of the URL, doubtlessly resulting in phishing, knowledge exfiltration, malware supply, and misinformation. Impacted browser distributors have been notified and, apart from Google (which categorized it as a low-severity challenge), they’ve launched patches.Commercial. Scroll to proceed studying.
Leak reveals internal workings of Iranian APT Charming Kitten
Inner paperwork belonging to the Iranian risk group Charming Kitten (APT35) have been leaked final month on GitHub, revealing the actor’s internal workings. An evaluation carried out by DomainTools confirmed that the hackers function as a “regimented, quota-driven cyber operations unit working inside a bureaucratic navy chain of command”. Members are assigned to particular duties, and supervisors file month-to-month efficiency experiences that embrace info akin to phishing success fee, exploitation metrics, accomplished duties, and hours labored.
Scattered Lapsus$ Hunters member Rey recognized as teen from Jordan
Cybersecurity blogger Brian Krebs claims to have uncovered the actual id of ‘Rey’, a key member of the Scattered Lapsus$ Hunters cybercrime group. Krebs says Rey is 16-year-old Saif Al-Din Khader from Amman, Jordan. The teenager reportedly admitted that he’s Rey and claimed he’s making an attempt to retire from Scattered Lapsus$ Hunters whereas additionally collaborating with regulation enforcement in Europe, however Krebs was unable to confirm these claims.
TP-Hyperlink sues Netgear over false China hyperlink claims
TP-Hyperlink has filed a lawsuit towards Netgear in Delaware, accusing it of defamatory claims as a part of a smear marketing campaign falsely claiming that TP-Hyperlink has ties to the Chinese language authorities. Underlining that it’s integrated and headquartered in California, TP-Hyperlink claims that Netgear’s marketing campaign is creating an unfair benefit within the market and that the false assertions violate federal and state legal guidelines.
Comcast agrees to $1.5 million high quality over vendor knowledge breach
Telecommunications supplier Comcast has agreed (PDF) to pay a $1.5 million high quality to settle an FCC investigation into an information breach at one in every of its third-party companies suppliers. The incident occurred in February 2024 and concerned debt assortment company Monetary Enterprise and Shopper Options (FBCS). Roughly 238,000 Comcast clients have been impacted.
Excessive-severity Firefox vulnerability
Aisle has revealed technical particulars on CVE-2025-13016, a high-severity vulnerability in Firefox’s WebAssembly engine that would result in distant code execution. The susceptible code was added to the browser in April 2025 alongside its personal regression check, however remained unnoticed till October. It was patched in Firefox 145. “The susceptible code handed code assessment, included a check particularly designed to train the identical code path, and shipped in a number of Firefox releases,” Aisle notes.
Gainsight says solely a handful of consumers affected by Salesforce assault
The investigation into the assault that disrupted Gainsight-Salesforce integrations final week continues, however Gainsight continues to downplay the impression from the incident. After the corporate stated final week that solely three organizations have been impacted by the info breach, its CEO stated on Tuesday that solely “a handful of consumers” had their knowledge compromised. Google, then again, advised the media that roughly 200 Salesforce situations might need been affected.
ShadowV2 IoT botnet lively throughout AWS outage
ShadowV2, a Mirai-based botnet ensnaring susceptible IoT gadgets, primarily routers, was seen lively on the finish of October, throughout a large AWS outage that affected organizations in a number of nations worldwide. “To this point, the malware seems to have solely been lively through the time of the large-scale AWS outage. We consider this exercise was possible a check run carried out in preparation for future assaults,” Fortinet says. In September, Darktrace revealed that ShadowV2 was focusing on Docker daemons operating on internet-accessible AWS cloud situations.
Bloody Wolf APT expands operations throughout Central Asia
The Bloody Wolf APT is impersonating authorities businesses, primarily ministries of justice, in contemporary assaults towards entities in a broader set of nations in Central Asia, Group-IB experiences. Counting on spear-phishing, the hacking group was seen deploying the STRRAT malware and the respectable distant administration instrument NetSupport. Traditionally, it has been focusing on entities in Kazakhstan and Russia, however just lately expanded to Kyrgyzstan and Uzbekistan.
Associated: In Different Information: ATM Jackpotting, WhatsApp-NSO Lawsuit Continues, CISA Hiring
Associated: In Different Information: Deepwatch Layoffs, macOS Vulnerability, Amazon AI Bug Bounty
