SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Germany considers paying Deutsche Telekom to remove Huawei tech
Germany’s government is considering offering financial support to Deutsche Telekom and others to accelerate the removal of Huawei components from its critical 5G and fiber networks, Bloomberg reported. This plan is part of a broader national security strategy to reduce the country’s reliance on Chinese vendors deemed high-risk.
Lawmakers warn stolen police logins are exposing Flock surveillance cameras to hackers
Lawmakers have voiced concerns after vulnerabilities were found in Flock surveillance camera systems due to compromised police department login credentials, TechCrunch reported. When law enforcement logins are leaked, threat actors can gain access to sensitive surveillance footage and data collected by the camera network. This exposure poses a significant risk to both public privacy and operational security for Flock’s widely deployed automated license plate reader technology.
AN0M backdoored messaging app continues to yield criminal arrests
The AN0M ‘secure’ messaging app, secretly run by the FBI and international law enforcement as a massive sting operation, is still generating new arrests four years after its initial takedown, The Register reported. The platform successfully tricked thousands of criminals into communicating on the app, allowing police to read millions of messages detailing illicit activities. The ongoing legal consequences confirm the long-term success of the operation, as authorities continue to process the vast amounts of intercepted data to prosecute organized crime groups.
Controversial ransomware report
A controversial new report, co-authored by a group linked to MIT, has drawn widespread condemnation from the cybersecurity community for claiming that AI powers 80% of all current ransomware attacks. Prominent security researchers and experts have publicly slammed the findings as sensationalized and lacking technical evidence to support the inflated statistics.
Rogue ransomware negotiators charged
A group of negotiators specializing in ransomware incidents has been charged with engaging in criminal activity against their own clients. The negotiators are accused of hacking into companies’ systems, stealing files, and deploying Alphv/BlackCat ransomware, allegedly receiving over $1 million from one victim.
F5 hack prompts guidance for OT leaders
Following the recent F5 hack, security firm Dragos has issued guidance directed at OT leaders. The advisory stresses that although F5’s BIG-IP devices typically sit on the perimeter, their use in remote access infrastructure creates a high-risk pivot point into OT environments. Industrial leaders are strongly advised to patch all affected devices immediately and review network segmentation to prevent attackers from moving into critical control systems.
New report details cyber risks targeting global manufacturing
The ‘Threat Labs Report: Manufacturing 2025’ from Netskope details the latest cybersecurity threats targeting organizations within the manufacturing industry. The report highlights trends like increased reliance on cloud-based infrastructure and sophisticated supply chain compromise techniques to disrupt production operations. Manufacturing leaders are urged to focus on enhancing cloud security, strengthening access controls, and deploying modern data loss prevention strategies.
Gootloader malware returns
The persistent Gootloader malware loader is reportedly back in circulation, employing renewed techniques to evade detection and deliver secondary malware payloads. The malware has been around since 2020. Huntress reported that after a period of reduced activity, the malware briefly resurged in March 2025 before going quiet again until recently.
