SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Microsoft stops using Chinese engineers
After it was reported that Microsoft had been using Chinese engineers to help maintain US Department of Defense systems — potentially exposing sensitive data to the Chinese government — the tech giant announced that it has made some changes and will no longer use China-based teams to provide technical assistance to the DoD. The Chinese engineers had been supervised to prevent sabotage and espionage, but their supervisors may have lacked the skills to identify malicious activities.
Organizations’ attack surface increasing
An analysis conducted by ReliaQuest shows that organizations have created more entry points for attackers. The company has looked at the data from the first half of 2025 and the second half of 2024 and found a 27% increase in exposed ports (35% increase in OT ports), and a 100% increase in vulnerabilities in public-facing systems. There has also been a significant growth in the accidental exposure of sensitive documents that could be useful to attackers.
Premium luggage service exposed user data
Airportr, a premium door-to-door luggage service, was impacted by vulnerabilities that could have been exploited to obtain user data, and to track or redirect luggages. The exposed information included the travel records of government officials in the US and Europe, Wired reported. The flaws were discovered by researchers at CyberX9, and Airportr has since patched them, noting that there is no evidence of malicious exploitation.
House hearing on evolution of cyber threats to critical infrastructure
Several industry experts have been invited to a House hearing on the evolution of cyber threats to critical infrastructure in the 15 years after the Stuxnet attack — the goal is for lawmakers to get a better understanding of how to boost the security of critical infrastructure and other OT systems. It came to light during the hearing that funding for the CyberSentry program of the Lawrence Livermore National Laboratory, which is tasked with analyzing data in search of dangerous cyber threats, has expired.
‘Security firm’ accused of monetizing data collected by malware
A ‘threat intelligence’ company named Farnsworth Intelligence has been accused of monetizing data collected by infostealer malware from compromised devices. 404 Media reported that Farnsworth Intelligence is advertising information obtained by malware as useful for debt collectors looking to track debtors, for divorce cases and other lawsuits, and for lists of competitors’ customers.
ExpressVPN vulnerability
ExpressVPN recently patched a vulnerability in its Windows app that in certain conditions caused traffic over TCP port 3389 to not be routed through the VPN tunnel as expected. The flaw did not impact encryption, but could have caused traffic from RDP connections to not be routed through ExpressVPN.
More countries hit by Louis Vuitton data breach
The list of countries impacted by the recent data breach at Louis Vuitton has increased. After Louis Vuitton customers in the UK, South Korea, and Turkey were notified of a cybersecurity incident impacting their information, now Australia, Hong Kong, Sweden and Italy have been added to the list. In Hong Kong, 419,000 customers are impacted. Bleeping Computer reported that members of the ShinyHunters extortion group may be behind the attack.
European hospital group AMEOS discloses data breach
AMEOS, a European private hospital group that serves Switzerland, Austria and Germany, has disclosed a data breach that may impact the information of patients, employees and partners. The organization has shut down some systems after detecting an intrusion. No known ransomware group appears to have taken credit for the attack.
Google Cloud Build vulnerability earns researcher $30,000
Researcher Adnan Khan says he recently earned a $30,000 bug bounty from Google after discovering a potentially serious vulnerability in the Google Cloud Build managed CI/CD platform. In a blog post, Khan described how he was able to exploit a TOCTOU vulnerability to bypass maintainer reviews when running pull request integration tests. “With this vulnerability, an attacker could create a PR, convince a maintainer to run tests, and then quickly update their code to steal secrets / abuse the build execution role privileges,” the researcher said.
Wiping commands planted in Amazon Q AI assistant
A hacker managed to compromise Amazon’s AI coding assistant, named Q. Specifically, the hacker submitted a pull request to one of the tool’s GitHub repositories and it was accepted, despite containing malicious commands instructing the AI agent to wipe users’ machines. Amazon has removed the code and said no customer resources were impacted. The hacker admitted that the commands wouldn’t actually wipe systems, but highlighted the access they had gained to the tool, 404 Media reported.
Related: In Other News: Law Firm Hacked by China, Symantec Flaw, Meta AI Hack, FIDO Key Bypass
Related: In Other News: Microsoft Finds AMD CPU Flaws, ZuRu macOS Malware Evolves, DoNot APT Targets Govs
