SecurityWeek’s cybersecurity information roundup supplies a concise compilation of noteworthy tales that may have slipped beneath the radar.
We offer a useful abstract of tales that won’t warrant a complete article, however are nonetheless necessary for a complete understanding of the cybersecurity panorama.
Every week, we curate and current a group of noteworthy developments, starting from the most recent vulnerability discoveries and rising assault methods to vital coverage adjustments and trade reviews.
Listed here are this week’s tales:
US Division of Conflict unveils new cybersecurity framework
The Division of Conflict has introduced a brand new Cybersecurity Threat Administration Assemble (CSRMC) to modernize its cyber defenses. The CSRMC is a five-phase, ten-tenet framework that replaces guide processes with a dynamic, automated method to make sure steady monitoring and real-time protection. The aim is to embed cybersecurity into each stage of system improvement and operations for the technological superiority of warfighters towards evolving threats.
Dragos unveils main platform replace
ICS/OT cybersecurity agency Dragos has introduced Dragos Platform 3.0, a significant replace that delivers new capabilities to empower defenders to behave quicker and extra confidently. The up to date platform brings a brand new Insights Hub for consolidating alerts, streamlined workflows, AI-enhanced vulnerability processes, and smaller footprint deployment choices.
3 million impacted by hack at South Korean bank card firm
South Korean bank card firm Lotte Card was just lately focused in a hacker assault that resulted within the info of practically three million individuals being compromised. The stolen knowledge consists of info reminiscent of resident registration numbers, digital fee codes and, within the case of 280,000 clients, extremely delicate card info that can be utilized for fraud.
LockBit 5.0
Following a legislation enforcement crackdown on the LockBit ransomware operation, cybercriminals just lately introduced the discharge of LockBit 5.0. Development Micro researchers have analyzed LockBit 5.0, together with the Home windows, Linux and ESXi variants of the ransomware. The safety agency famous that the brand new variants use randomized 16-character file extensions, are configured to keep away from Russian-language techniques, and clear occasion logs after encryption.
Maryland Transit Administration focused by ransomware group
The Maryland Transit Administration (MTA) has disclosed a cybersecurity incident that concerned unauthorized entry to a few of its techniques. The incident resulted in some on-line providers being disrupted and the MTA confirmed that some knowledge was stolen within the assault. The Rhysida ransomware group took credit score for the assault.
Vulnerability affecting OnePlus smartphones disclosed with out patch
Rapid7 has disclosed the technical particulars of a vulnerability affecting OnePlus smartphones after it was not in a position to responsibly report its findings to the seller. The safety gap (CVE-2025-10184) impacts OxygenOS and it may well enable a malicious app to learn SMS/MMS knowledge and metadata with none consumer interplay, probably exposing MFA codes. After Rapid7 printed a weblog submit describing its findings, OnePlus instructed the safety agency that it’s investigating the difficulty.
Microsoft says AI detected AI-aided phishing marketing campaign
Microsoft says its AI-powered safety techniques had been in a position to detect and block a phishing marketing campaign that leveraged AI to obfuscate a payload in an effort to evade defenses. An evaluation of the malicious code by Microsoft’s Safety Copilot revealed that the code was “not one thing a human would usually write from scratch on account of its complexity, verbosity, and lack of sensible utility.”
Over 270,000 Indian financial institution switch data uncovered
Researchers at UpGuard found an unprotected Amazon S3 storage bucket containing greater than 270,000 paperwork, every detailing a cash switch pertaining to one in every of 38 Indian banks. The uncovered info included checking account numbers, transaction quantities, names, telephone numbers, and e-mail addresses. UpGuard has not been in a position to decide the supply of the leak.
Co-op misplaced £206 million in gross sales on account of cyberattack
Co-op reported this week that the current cyberattack has price it £206 million ($275 million) in misplaced gross sales. The cyberattack resulted in a knowledge breach impacting the data of 6.5 million members. The disruptions brought on by the incident led to digital fee points and empty retailer cabinets. Marks & Spencer, which was focused in the identical assault, estimated in Might that the incident would price it £300 million (roughly $400 million).
Associated: In Different Information: 600k Hit by Healthcare Breaches, Main ShinyHunters Hacks, DeepSeek’s Coding Bias
Associated: In Different Information: $900k for XSS Bugs, HybridPetya Malware, Burger King Censors Analysis
