SecurityWeek’s cybersecurity information weekly roundup affords a concise overview of vital developments that will not obtain full standalone protection however stay related to the broader menace panorama.
This curated abstract highlights key tales throughout vulnerability disclosures, rising assault strategies, coverage updates, business experiences, and different noteworthy occasions to assist readers keep a well-rounded consciousness of the evolving cybersecurity atmosphere.
Listed below are this week’s highlights:
Nameless-linked hacker Aubrey Cottle jailed over Texas GOP cyberattack
Aubrey Cottle, a Canadian hacker related to the hacktivist group Nameless, has been sentenced to 18 months in jail for his involvement in a cyberattack on the Texas Republican Occasion’s web site in September 2021. Cottle, 39, of Oshawa, Ontario, pleaded responsible to defacing the web site, exfiltrating knowledge from a Texas GOP server, and publishing the info on-line.
14 million impacted by KDDI knowledge breach
Japanese telecoms supplier KDDI has disclosed (PDF) a knowledge breach probably impacting the e-mail addresses and passwords of 14,22 million folks. The incident affected 5 ISP operators, together with BIGLOBE, Chubu Telecommunications C., JCOM Co., NIFTY Company, and STNet.
Push Safety focused in poisoned tenant assault
Three years after detailing the poisoned tenant assault, Push Safety was focused utilizing the method by way of OpenAI’s group invitation characteristic. A number of workers obtained an OpenAI invitation to affix Push Safety Inc. After they might be a part of the tenant, the attacker may spy on their actions or goal them with additional social engineering.
Rust-based PamStealer focusing on macOS
Jamf has detailed PamStealer, an data stealer focusing on macOS that validates the harvested credentials by way of Pluggable Authentication Modules (PAM) earlier than utilizing them. The malware is distributed as a compiled AppleScript file impersonating the open supply clipboard supervisor Maccy.
Russian hackers behind the 2025 Jaguar Land Rover hack
The cyberattack that severely disrupted Jaguar Land Rover’s operations in September 2025 was mounted by Russian hackers, The New York Instances says. Microsoft reportedly notified the automotive producer in regards to the hacking group, with Mandiant, Palo Alto Networks, and US and UK regulation enforcement companies additionally concerned within the investigation.
Pegasus spy ware focused a European Parliament member investigating it
Former member of the European Parliament Stelios Kouloglou was hacked with NSO Group’s Pegasus spy ware whereas he was investigating Pegasus abuse circumstances, as a part of the PEGA committee, Citizen Lab found. The focusing on has not been attributed to a particular authorities, and there’s no proof that the Greek Authorities was concerned.
Researcher drops dozens of zero-days in open supply tasks
A researcher referred to as Bikini has printed proof-of-concept (PoC) code focusing on dozens of zero-day vulnerabilities in a number of open supply tasks, together with FFmpeg, Gogs, Gitea, Ghidra, 7-Zip, OpenVPN, and VLC. 9 of the safety defects have been assigned a CVE identifier. The problems, the researcher says, had been surfaced by way of LLM fuzzing.
Professional-Russia affect operations are shifting
4 years into Russia’s invasion of Ukraine, pro-Russia affect operations are shifting from their single deal with Ukraine to pre-war aims, Google says. Covert pro-Russia affect operations are focusing on the US, European Union members, NATO, Russia’s neighbors, the Center East and Africa, and inner entities. They deal with international occasions, elections, the conflict in Ukraine, and rising geopolitical developments and occasions, and are more and more counting on generative AI.
Venezuelans sentenced within the US over ATM jackpotting
Two unlawful aliens from Venezuela, Carlos Javier Padron, 36, and Arnoldo Cabrera Torrealba, 37, have been sentenced to 78 months in jail within the US for his or her involvement in ATM jackpotting actions. As a part of a classy legal group, they constructed and deployed a variant of the Ploutus malware on ATMs throughout the US and used it to withdraw cash with out authorization. They had been additionally ordered to collectively pay $1.5 million in restitution. 96 different defendants have been charged over their roles within the operation.
Cisco and Synology patches
Cisco has launched fixes for seven ClamAV vulnerabilities impacting Safe Endpoint Connector for Home windows, Linux, and macOS, and Safe Endpoint Non-public Cloud, and for one flaw in Catalyst Heart. Synology resolved three safety defects in MailPlus Server, together with two essential bugs that would permit attackers to learn or write arbitrary information and trigger DoS circumstances.
Be a part of the AI Threat Summit | Ritz-Carlton, Half Moon Bay





![How creators and entrepreneurs are utilizing AI to hurry up & succeed [data]](https://blog.aimactgrow.com/wp-content/uploads/2025/06/Untitled20design-Apr-07-2023-08-24-35-4586-PM-120x86.png)



