SecurityWeek’s cybersecurity information roundup offers a concise compilation of noteworthy tales which may have slipped underneath the radar.
We offer a helpful abstract of tales that won’t warrant a whole article, however are nonetheless essential for a complete understanding of the cybersecurity panorama.
Every week, we curate and current a set of noteworthy developments, starting from the most recent vulnerability discoveries and rising assault strategies to important coverage adjustments and business reviews.
Listed below are this week’s tales:
ShinyHunters stole information of Gucci, Balenciaga and Alexander McQueen clients
The ShinyHunters group could have stolen the data of tens of millions of shoppers of luxurious manufacturers Gucci, Balenciaga and Alexander McQueen, BBC reported. Mum or dad firm Kering has confirmed struggling an information breach, however stated no monetary info was compromised. The hackers claimed to have stolen information related to 7.4 million distinctive electronic mail addresses.
Goshen Medical Middle information breach impacts 450,000
Goshen Medical Middle, a healthcare group in North Carolina, has disclosed a information breach impacting greater than 450,000 individuals. The corporate has confirmed that hackers stole private and well being info months after the BianLian ransomware group listed the group on its leak web site. It’s unclear what occurred to the stolen information because the BianLian group has not been energetic since March.
Retina Group of Florida information breach
One other important healthcare information breach was reported by ophthalmology apply Retina Group of Florida. The group detected an intrusion in November 2024 and its investigation confirmed that the data of over 150,000 individuals could have been compromised because of the incident.
Crucial Chaos-Mesh vulnerabilities
JFrog found 4 vulnerabilities within the Chaos engineering platform Chaos-Mesh, together with three critical-severity flaws that may very well be exploited for code execution on any pod within the cluster. Named Chaotic Deputy, the safety defects are tracked as CVE-2025-59358, CVE-2025-59360, CVE-2025-59361 and CVE-2025-59359 and had been addressed in Chaos-Mesh model 2.7.3.
ShinyHunters claims theft of 1.5 billion data in Salesforce hack
The cybercrime group ShinyHunters claims to have stolen 1.5 billion data from 760 corporations within the latest Salesforce–Salesloft assault, Bleeping Pc reported. Many cybersecurity corporations have confirmed being impacted, however the claims of most of these hacking teams have typically been exaggerated.
DeepSeek AI generates much less safe code for China dissident teams
Analysis performed by CrowdStrike exhibits that the code generated by the AI of Chinese language agency DeepSeek is much less safe if the request specifies that the code is for dissidents or different teams that could be thought of delicate by the Chinese language authorities. If the request to DeepSeek specifies that the code is for the banned religious motion Falun Gong or the Islamic State, the AI could refuse to generate code. If it doesn’t refuse, the code is extra more likely to comprise vulnerabilities, and so is within the case of code generated for Tibet and Taiwan. Code for industrial management methods is the almost definitely to comprise safety flaws.
Claroty publishes International State of CPS Safety report
Claroty has revealed a report titled ‘International State of CPS Safety 2025: Navigating Danger in an Unsure Financial Panorama’. Based mostly on a survey of 1,100 cybersecurity professionals, the report exhibits that 49% consider shifting world financial insurance policies and geopolitical tensions are driving elevated threat throughout cyber-physical system (CPS) property and processes. Greater than three-quarters consider rising rules will power them to overtake their present CPS safety methods.
Atlassian, Mozilla, WatchGuard, Nokia patches
Atlassian launched patches for 4 vulnerabilities in third-party elements utilized in Confluence, Jira, and Jira Service Administration Knowledge Middle and Server. Mozilla rolled out Thunderbird and Firefox updates that resolve roughly a dozen bugs. WatchGuard introduced fixes for CVE-2025-9242, a critical-severity flaw in Fireware OS that would result in distant code execution, with out authentication. Nokia knowledgeable clients about Nokia Container Service (NCS) and CloudBand Infrastructure Software program (CBIS) flaws permitting authentication bypass and distant code execution.
Eve Safety raises $3 million in seed funding
Austin, Texas-based Eve Safety introduced that it has raised $3 million in a seed funding spherical from LiveOak Ventures and Tau Ventures. The corporate additionally introduced the launch of its product, EveGuard, an agentic AI observability and coverage enforcement platform. The platform leverages Agent-in-the-Loop (AITL) expertise to make sure the safety of AI brokers interacting with an organization’s vital enterprise methods.
Associated: In Different Information: $900k for XSS Bugs, HybridPetya Malware, Burger King Censors Analysis
Associated: In Different Information: Scammers Abuse Grok, US Manufacturing Assaults, Gmail Safety Claims Debunked
