SecurityWeek’s cybersecurity information roundup supplies a concise compilation of noteworthy tales which may have slipped underneath the radar.
We offer a helpful abstract of tales that won’t warrant a complete article, however are nonetheless necessary for a complete understanding of the cybersecurity panorama.
Every week, we curate and current a group of noteworthy developments, starting from the most recent vulnerability discoveries and rising assault strategies to important coverage modifications and trade reviews.
Listed below are this week’s tales:
US manufacturing firms focused in ZipLine marketing campaign
Manufacturing firms in the US have been focused in a complicated marketing campaign named ZipLine, which entails attackers utilizing legitimate-looking enterprise interactions to ship customized malware named MixShell, Checkpoint reported. The attackers arrange pretend domains within the title of authentic firms and exchanged emails with the sufferer for weeks earlier than delivering the malware.
Pentagon orders audit of code submitted by Chinese language engineers employed by Microsoft
After it got here to gentle that Microsoft had been utilizing Chinese language engineers to keep up US Protection Division methods — the international engineers had been supervised by so-called ‘digital escorts’ with the required safety clearances — the tech large introduced that it made some modifications and can not use China-based groups to offer technical help to the Pentagon over considerations of potential delicate information publicity. The DoD has now additionally introduced that the Microsoft program involving Chinese language coders has been terminated and that the federal government has requested an audit into the code of the Chinese language nationals. Commercial. Scroll to proceed studying.
CISA releases new instrument
CISA has introduced the provision of a brand new instrument designed to assist organizations with assessing assurance and provider dangers within the software program procurement course of. The net useful resource, named Software program Acquisition Information: Provider Response Internet Device, is free. It requires the consumer to offer details about the software program they’re buying, together with governance and attestation, software program provide chain, safe growth and deployment, and vulnerability administration practices.
Very important Imaging information breach hits 260,000
Diagnostic imaging heart Very important Imaging not too long ago disclosed a knowledge breach impacting the private and well being info of roughly 260,000 people. The intrusion was detected in February and the investigation is ongoing in an effort to find out precisely who’s impacted and what kind of information has been compromised.
Metropolis of Baltimore despatched $1.5 million to scammer
The Metropolis of Baltimore revealed that it was tricked into making two funds totaling roughly $1.5 million to a scammer. A report from town’s Workplace of the Inspector Common reveals that the fraudster gained entry to a Workday account, the place they modified a vendor’s checking account with one managed by the attacker. Greater than $720,000 of the $1.5 million had been retrieved by town, however it has not been in a position to recuperate the remaining from the fraudster’s financial institution.
Qantas executives lose pay over information breach
The CEO and a number of other high executives of Australian airline Qantas had been docked a complete of A$800,000 ($550,000) of their compensation bundle as a result of cybersecurity incident suffered not too long ago by the corporate. Qantas stated in July that over 5 million clients had been impacted by a knowledge breach believed to be the results of a Scattered Spider hack. Qantas CEO Vanessa Hudson misplaced A$250,000, whereas 5 govt managers misplaced a complete of A$550,000.
Google fined €325 million by France’s CNIL
The French information safety company (CNIL) fined Google €325 million ($380 million) on September 1, 2025, “for displaying commercials between Gmail customers’ emails with out their consent and for putting cookies when creating Google accounts, with out legitimate consent of French customers,” in contravention of GDPR and the EU’s ePrivacy Directive. A criticism was raised by Max Schrems’ NOYB group on August 24, 2022.
Google responds to Gmail safety claims
In response to reviews that it has issued a broad warning to Gmail customers a couple of main safety challenge, Google stated the claims are false. The corporate stated its protections handle to dam a overwhelming majority of phishing and malware supply makes an attempt geared toward Gmail customers.
Bridgestone focused in cyberattack
Tire large Bridgestone Americas has been focused in a cyberattack that impacted some manufacturing crops. The corporate’s investigation is ongoing, however it has not discovered any proof of buyer information being compromised. Bridgestone was beforehand focused in a ransomware assault, however no recognized risk group seems to have taken credit score for this newest incident.
Scammers abuse Grok
X’s gen-AI chatbot Grok has been abused by scammers to lure customers to their web sites. Guardio’s Nati Tal reported that scammers are bypassing X’s ban on hyperlinks in promoted posts by including the hyperlinks in a publish’s ‘From’ discipline. The scammers then reply to the publish asking Grok ‘the place is that this video from?’, which leads to the chatbot responding with a clickable hyperlink to the cybercriminals’ web site.
Associated: In Different Information: Iranian Ships Hacked, Verified Android Builders, AI Utilized in Assaults
Associated: In Different Information: McDonald’s Hack, 1,200 Arrested in Africa, DaVita Breach Grows to 2.7M
