SecurityWeek’s cybersecurity information roundup offers a concise compilation of noteworthy tales that may have slipped underneath the radar.
We offer a helpful abstract of tales that will not warrant a complete article, however are nonetheless essential for a complete understanding of the cybersecurity panorama.
Every week, we curate and current a set of noteworthy developments, starting from the newest vulnerability discoveries and rising assault strategies to vital coverage modifications and business stories.
Listed here are this week’s tales:
PromptPwnd assault
Aikido Safety has uncovered a brand new immediate injection assault methodology involving GitHub Actions and AI brokers. Dubbed, PromptPwnd, the assault entails embedding malicious prompts into software program growth situation our bodies, commit messages, and PR descriptions, that are then interpreted by AI brokers equivalent to Gemini CLI, Claude Code, OpenAI Codex, and GitHub AI Inference as directions. No less than 5 Fortune 500 corporations are affected, Aikido mentioned. Google patched the difficulty in Gemini CLI inside days of being notified.
Pentagon CIO orders accelerated transfer to post-quantum cryptography
The US Division of Warfare has ordered all Pentagon parts to speed up their transition to post-quantum cryptography, warning that advances in quantum computing pose a rising danger to the safety of army techniques, information, and communications.Commercial. Scroll to proceed studying.
Researchers complain about smaller macOS bug bounties
Weeks after Apple introduced a major replace to its bug bounty program, with the highest reward rising to $2 million, researchers have complained that most funds for macOS vulnerabilities have decreased considerably. In accordance with macOS researcher Csaba Fitzl, the highest rewards for TCC bypasses are down from $30,000 to five,000, and for macOS sandbox escapes they decreased from $10,000 to $5,000. Apple has not responded to SecurityWeek’s request for remark.
US shuts down scheme to smuggle GPUs to China
The Justice Division introduced that three people residing within the US and Canada have been caught smuggling Nvidia GPUs designed for AI functions and high-performance computing to China. Exporting the GPUs to China is strictly prohibited. One of many suspects, who pleaded responsible, acquired $50 million from China as a part of the scheme. The opposite two suspects have been detained lately. “These chips are the constructing blocks of AI superiority and are integral to fashionable army functions. The nation that controls these chips will management AI know-how; the nation that controls AI know-how will management the long run,” mentioned US Lawyer Nicholas Ganjei.
Holly Ventures launches $33 million cybersecurity fund
Holly Ventures introduced the launch of a $33 million debut fund for early-stage cybersecurity startups within the US and Israel. Based by John Brennan, former senior associate at YL Ventures, Holly Ventures is backed by traders from Bessemer Enterprise Companions, Ballistic Ventures, CRV, Wing Ventures, IVP, TCV, Notable Capital, Team8, BrightMind, Ten Eleven Ventures, and others. The corporate goals to supply not solely funding but additionally direct GP engagement, working assist, and a high-density community.
Routers are essentially the most attacked gadgets in OT environments
A honeypot evaluation carried out by Forescout has proven that industrial routers are essentially the most attacked gadgets in OT environments. Routers and different OT community perimeter gadgets captured two-thirds of assaults, whereas uncovered OT gadgets captured the remainder of the assaults. The evaluation has additionally centered on the RondoDox and ShadowV2 botnets and the continued curiosity from hacktivists.
ENISA publishes cybersecurity investments report
ENISA has revealed its NIS Investments 2025 report, which analyzes the cybersecurity investments of organizations within the European Union. The research discovered that over the previous 12 months organizations have maintained their investments at ranges corresponding to the prior 12 months. As well as, the research discovered that general cybersecurity spending has elevated modestly, and that almost all organizations have largely steady safety groups by way of dimension.
CISA updates cybersecurity efficiency targets for vital infrastructure
CISA has launched an up to date model of the Cross-Sector Cybersecurity Efficiency Targets (CPG) to assist vital infrastructure operators obtain a minimal safety baseline. CPG 2.0 incorporates classes realized, aligns with the newest NIST Cybersecurity Framework revisions, and addresses essentially the most impactful threats dealing with vital infrastructure.
DroidLock Android ransomware
Zimperium has detailed DroidLock, an Android malware concentrating on Spanish customers. The malware spreads via phishing websites and it has ransomware capabilities. It could actually lock the system’s display and permits cybercriminals to take full management of the compromised system.
Members of China’s Salt Hurricane hacking group have been Cisco Academy college students
Two people from China who have been extremely profitable college students within the Cisco Community Academy Cup in 2012 later grew to become key operators of the APT group Salt Hurricane, SentinelOne stories. The hackers’ early schooling on Cisco merchandise possible enabled them to orchestrate one of the expansive intelligence assortment operations of the final decade, concentrating on over 80 telecommunications corporations globally.
Associated: In Different Information: HashJack AI Browser Assault, Charming Kitten Leak, Hacker Unmasked
Associated: In Different Information: X Fined €120 Million, Array Flaw Exploited, New Iranian Backdoor
