CyberSecurity Updates

Scattered Spider Hackers Plead Guilty on Day 1 of Trial

Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport for London, the entity responsible for the public transport network in the Greater London area. The duo were key members of a prolific cybercrime group known as Scattered Spider, and their guilty pleas came on the first day of what was expected to be a six-week trial. Owen Flowers (left) 18, and Thalha…

Read More

Canadian Electricity Provider London Hydro Discloses Data Breach

Canadian electricity provider London Hydro is investigating a data breach that potentially impacted the personal and account information of its customers. London Hydro is a local distribution company serving the City of London, Ontario. It serves roughly 170,000 residential, institutional, commercial, and industrial customers. On June 20, the electricity provider announced that hackers had broken into its systems and that customers’ data was likely accessed. “London Hydro and the appropriate authorities are currently investigating a…

Read More

Fortinet Responds to FortiBleed Campaign

Fortinet says the large-scale credential-harvesting campaign currently targeting its customers’ firewalls and VPNs does not exploit new vulnerabilities. As part of the campaign, tracked as FortiBleed, threat actors have compiled a database of over 86,000 confirmed working credentials for Fortinet devices in 194 countries. “Based on our initial analysis, we believe the activity involves threat actors reusing credentials from previous incidents and employing brute-force techniques against devices with weak password hygiene and no multi-factor authentication…

Read More

French President Urges US to Share Cutting-Edge AI and Democracies to Cooperate on Regulation

French President Emmanuel Macron on Wednesday urged the world’s wealthy democracies to work together on regulating advanced artificial intelligence systems, speaking at a high-level meeting that included top AI executives. OpenAI CEO Sam Altman issued a similar plea at the Group of Seven summit of major industrialized nations in France, saying an “international forum” is needed for countries to draw up AI guardrails. He said the task of AI safety should not be left to…

Read More

In Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS Continuum

SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: 10-year-old phpBB flaw enables session hijacking Researchers uncovered a critical authentication…

Read More

Killing me gently: Inside Gentlemen’s EDR killer framework

ESET researchers analyzed the robust EDR-killing toolset of the ransomware-as-a-service gang Gentlemen. Since the beginning of 2026, Gentlemen has emerged as one of the most active gangs in the ransomware ecosystem. The group distinguishes itself through a mature, operator-maintained set of endpoint detection and response (EDR) killers, i.e., tools for disrupting security software. Additionally, unlike most top-tier gangs, Gentlemen does not exhibit a strong US-centric victimology, instead targeting victims across Southeast Asia, South America, and…

Read More

Cisco to Acquire WideField Security to Boost Splunk’s Agentic SOC

Cisco on Thursday announced an agreement to acquire identity lifecycle security company WideField Security to strengthen the capabilities of Splunk’s Agentic SOC.  No financial details have been publicly disclosed. WideField raised more than $11 million in Series A funding last year.  WideField has developed technology that enables organizations to discover human and non-human identities, map exposures across accounts and roles, and assess hygiene gaps.  The company’s platform also enables users to detect misconfigurations in authentication…

Read More

‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm

For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to NetNut, a “residential proxy” provider operated by the publicly-traded Israeli firm Alarum Technologies Ltd [NASDAQ: ALAR]. Malicious streaming devices sold online that enroll the user’s home Internet address…

Read More

CISA Urges Hardening Fortinet Devices After Reports of Credential Exposure

CISA is aware of global reports that malicious cyber actors have targeted internet-accessible Fortinet devices across government and private sector organizations using compromised credentials. This activity, referred to as FortiBleed, involves the exposure of leaked credentials associated with approximately 74,000 Fortinet devices, including firewalls and virtual private network (VPN) gateways.   To defend against this malicious cyber activity, CISA urges impacted Fortinet customers with FortiGate appliances and associated secure sockets layer (SSL) VPN gateways to…

Read More

FishMonger’s arsenal upgraded: SprySOCKS for Windows

ESET researchers have discovered two as-yet undocumented Windows variants of SprySOCKS, a previously Linux-only backdoor reportedly used by FishMonger, the group believed to be operated by a Chinese contractor named I‑SOON. While we initially discovered the malware samples on VirusTotal, ESET telemetry shows real activity between 2023 and 2024, with several victims in Honduras, Taiwan, Thailand, and Pakistan, targeting mostly government organizations. The Windows variants discovered are internally marked as WIN_DRV and WIN_PLUS. Both come…

Read More