SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Capita fined £14 million by the UK’s ICO
The UK’s data protection regulator, the Information Commissioner’s Office (ICO), has fined Capita a total of £14 million for a data breach affecting 6.6 million people in March 2023. The ICO declared the scale and extent of the breach “could have been prevented had sufficient security measures been in place”.
CISA layoffs during shutdown
CISA staff received reduction-in-force notifications during the ongoing US government shutdown. Hundreds are reportedly impacted, including from the Capacity Building unit, which aids federal agencies to improve their cybersecurity, the Stakeholder Engagement Division, which is in charge of partnerships with international agencies, the Integrated Operations Division, which runs CISA’s watch center; and the Infrastructure Security Division’s Chemical Security unit. There were no layoffs at the Cybersecurity Division. Some CISA personnel have been reportedly moved to agencies such as Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP). “During the last administration, CISA was focused on censorship, branding and electioneering,” the DHS said. “This is part of getting CISA back on mission.”
Spyware maker NSO acquired
The controversial spyware maker NSO Group has been acquired by a group of American investors led by Hollywood producer Robert Simonds, transferring controlling ownership of the firm out of Israel. The deal has been reportedly valued at several tens of millions of dollars. The NSO Group’s ownership has changed several times in recent years, between Francisco Partners, Novalpina Capital, and NSO founders Shalev Hulio and Omri Lavie.
Microsoft Digital Defense Report 2025
Microsoft has published its 2025 Digital Defense Report. According to Microsoft data, the goal of 80% of the cyber incidents investigated last year was the theft of data. Critical organizations such as hospitals and local governments are prime targets due to the sensitive data they possess. Ransomware groups also know that such organizations are under significant pressure to quickly restore operations, which makes them more likely to pay a ransom. Microsoft also reported that state-sponsored threat actors have expanded their operations, and that 2025 saw an escalation in the use of AI by both attackers and defenders.
CrowdStrike patches Falcon Sensor vulnerabilities
CrowdStrike has patched two vulnerabilities in Falcon sensor for Windows. The flaws allow an attacker who previously achieved the ability to execute code on the host to delete arbitrary files. The issues have been assigned a ‘medium severity’ rating and there is no evidence of exploitation in the wild.
Wiz finds supply chain risk in VSCode extension marketplaces
Cloud security giant Wiz has uncovered a critical supply chain risk and secrets leak in the VSCode and OpenVSX extension marketplaces. Wiz found that the publishers of over 100 VSCode extensions leaked access tokens, which could have allowed an attacker to distribute malware to over 150,000 users. In addition, over 550 secrets were exposed across more than 500 VSCode extensions. Some of the secrets granted access to their owners’ accounts on services from OpenAI, Anthropic, AWS, Github, and MongoDB.
Senator asks Cisco about recent zero-day attacks
US Senator Bill Cassidy has sent a letter to Cisco in an effort to obtain more information on the impact of recent attacks exploiting two firewall zero-day vulnerabilities. The attacks were linked to China. Cassidy has asked Cisco whether it has identified any specific threats to individual customers, as well as about its communications with customers and federal agencies.
ICTBroadcast vulnerability exploited
A recently disclosed vulnerability in ICTBroadcast call center software (CVE-2025-2611) has been exploited in attacks, VulnCheck reported. The attack has been linked to an email campaign described by Fortinet earlier this year, where attackers delivered RATty malware. “The attackers’ end goal isn’t immediately clear, however, it appears that this is not an automated attack,” Jacob Baines, CTO at VulnCheck, told SecurityWeek. “The threat actors were attempting to generate reverse shells – not all of which worked – to conduct a hands-on keyboard operation. If these attackers are linked to the Fortinet group, which based on the overlapping indicators is difficult to dispute, it’s reasonable to suspect they are conducting some form of corporate or industrial espionage.”
Data breach at fashion retailer Mango
Spanish fashion retailer Mango has informed customers about a data breach involving a third-party marketing service provider. Mango told customers that hackers obtained their name, phone number, email address, and post code, but passwords and banking information were not compromised.
CybaVerse raises £5 million
CybaVerse, a UK-based firm that provides an all-in-one cybersecurity management platform for SMEs and MSPs, announced raising £5 million in a Series A funding round. The round was co-led by Pembroke VCT and Airbridge Equity Partners, with participation from Haatch. The new funding will accelerate CybaVerse’s sales and marketing efforts, expand its team, and support continued product development.
Related: In Other News: Gladinet Flaw Exploitation, Attacks on ICS Honeypot, ClayRat Spyware
Related: In Other News: PQC Adoption, New Android Spyware, FEMA Data Breach
