SecurityWeek’s cybersecurity information roundup supplies a concise compilation of noteworthy tales that may have slipped underneath the radar.
We offer a precious abstract of tales that won’t warrant a complete article, however are nonetheless essential for a complete understanding of the cybersecurity panorama.
Every week, we curate and current a group of noteworthy developments, starting from the newest vulnerability discoveries and rising assault strategies to vital coverage adjustments and business stories.
Listed below are this week’s tales:
Innatera launches Pulsar microcontroller
Pulsar brings neuromorphic brain-inspired processing to edge gadgets. The brand new microcontroller delivers 100X decrease latency and 500X decrease vitality consumption than typical processors, rising battery life and offering native processing for the sensor gadgets used in all places from wearables, healthcare and sensible houses / places of work to vehicles and industrial techniques.
Australian hacker DR32 sentenced in US to time served
David Kee Crees, a 26 year-old Australian nationwide, was sentenced within the US to time served after being held in custody for no less than three years. Identified on-line as DR32, Abdilo, Notavirus, Surivaton, and Gray Hat Mafia’s Bitch, he allegedly hacked organizations within the US, bought supply code and knowledge, bought entry to hacked sources, and even provided stolen bank card data on the market. He was charged within the US in 2021 on 22 counts and pleaded responsible in January 2025 to 14 of them, DataBreaches.internet stories.Commercial. Scroll to proceed studying.
EU sanctions extra Russian entities over malicious cyber actions
The EU has introduced extra sanctions towards Russia over its “destabilising actions”. One of many sanctioned entities is Stark Industries, a hosting supplier whose homeowners are accused of appearing as “enablers of assorted Russian state-sponsored and affiliated actors to conduct destabilising actions together with, data manipulation interference and cyber-attacks towards the Union and third nations”.
Volkswagen app hacked
German carmaker Volkswagen just lately patched vulnerabilities in its My Volkswagen utility. The failings might have allowed an attacker to acquire different customers’ data, together with car location, engine well being, gas stats, tyre stress, and geofencing controls, in addition to private data similar to residence handle, cellphone quantity, e mail handle, driving license, and repair historical past. The researcher who discovered the safety holes has revealed a weblog put up detailing his findings. Contacted by SecurityWeek, Volkswagen mentioned the problems solely impacted the app utilized in India and identified that there was no proof of exploitation within the wild.
Immersive launches OT safety coaching answer
Cybersecurity coaching agency Immersive has launched a brand new OT safety answer that permits hands-on coaching to assist cybersecurity groups enhance their expertise for detecting and responding to cyber threats concentrating on operational environments. The corporate’s OT safety coaching suite supplies OT/ICS talent evaluation capabilities, reasonable scenario-based staff workout routines, and hands-on labs specializing in risk actors, malware, and risk intelligence.
US authorities knowledge stolen in TeleMessage hack
Messages exchanged by quite a few American officers have been intercepted by the hacker who breached the TeleMessage platform utilized by former Trump nationwide safety adviser Mike Waltz and greater than 60 different distinctive authorities customers, Reuters says. The info pertained to Secret Service members, customs officers, catastrophe responders, US diplomatic staffers, and no less than one White Home staffer.
Trojanized RVTools installer delivers Bumblebee malware
A trojanized model of the RVTools installer, distributed by way of a typosquatted area, was caught delivering Bumblebee malware to customers, Arctic Wolf stories. The area, mimicking the respectable device’s web site, makes use of the .org TLD as a substitute of .com. Stories of the malicious installer first appeared in mid-Might, and Robware has taken the device’s official web sites, specifically Robware.internet and RVTools.com, briefly offline, warning customers to not obtain RVTools from some other web site.
New steering on securing knowledge utilized in AI techniques
CISA, the NSA, and the FBI have launched new steering on securing the info used to coach and function AI techniques. The doc (PDF) examines knowledge safety dangers in AI techniques, incorporates suggestions on defending delicate, proprietary, or mission vital knowledge, and highlights how knowledge safety impacts the accuracy and integrity of AI outcomes.
GitLab Duo distant immediate injection vulnerability
A distant immediate injection vulnerability in AI-native GitLab assistant GitLab Duo might have allowed attackers to govern the code solutions exhibited to different customers to inject untrusted HTML into repositories, exfiltrate supply code from personal tasks, and steal undisclosed zero-day vulnerabilities, by means of the bot’s chat, Legit Safety says. GitLab has already mounted the safety defect.
Associated: In Different Information: Hackers Not Behind Blackout, CISO Docuseries, Dior Knowledge Breach
Associated: In Different Information: India-Pakistan Cyberattacks, Radware Vulnerabilities, xAI Leak
