Summary: SecurityWeek’s roundup highlights crucial yet underreported cybersecurity stories, including legislative initiatives, incidents of hacking, and vulnerabilities affecting major organizations. This week’s coverage includes new developments on cybersecurity legislation for open source, data breaches, ransomware, and innovative attack techniques. The summary encapsulates both systemic vulnerabilities and significant incidents impacting various sectors.
Affected: Various organizations including BeyondTrust, Matagorda County, MGM, and others.
Keypoints :
- Linux Foundation Europe and OpenSSF are launching a preparedness initiative for open source manufacturers regarding upcoming cybersecurity legislation.
- BeyondTrust revealed two zero-day vulnerabilities linked to a compromised API key affecting 17 customers, including a government entity.
- Matagorda County experienced a cyberattack resulting in malware deployment but no indication of personal data compromise.
- A hacker group falsely claimed to have compromised AWS; investigation revealed that data was obtained from a third-party source.
- North Korea’s Lazarus group targeted over 1,500 systems in a supply chain attack related to cryptocurrency between late 2024 and early 2025.
- A major travel service provider was found to have an API vulnerability that could expose millions of user accounts.
- MGM Resorts agreed to a million settlement over data breaches affecting U.S. customers.
- Halcyon analyzed the emerging Arcus Media ransomware group which has impacted over 50 victims since its inception.
- The Internet Systems Consortium released patches for critical BIND 9 DNS vulnerabilities.
- Google kept 2.36 million harmful apps off Google Play in 2024, enhancing security for Android users.
- SquareX Labs reported on Syncjacking, a new malicious tactic exploiting browser extensions to hijack user data.
Views: 0
简体中文
Nederlands
Français
Bahasa Indonesia
日本語
Português