SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Trump administration could use private firms for cyber offensive
The Trump administration is developing a new national cyber strategy that proposes enlisting private companies to conduct offensive digital operations against foreign adversaries and cybercriminals, Bloomberg reported. This strategy, expected to be finalized in the coming weeks, aims to expand the US’s capabilities by allowing private firms to take a proactive role in disrupting state-sponsored threat groups and ransomware operations. While the plan offers new revenue streams for the tech industry, it also introduces significant legal and security risks.
China-made power equipment creates cybersecurity risks for US grid
A report from Strider warns that the US power grid is vulnerable to cyber disruption due to a widespread reliance on solar inverters and battery systems manufactured by Chinese firms. The concern is that China may be pre-positioning itself for access within US infrastructure. The report points out that many Chinese research publications simulate attacks and exploit vulnerabilities in the US electrical system.
Cloudflare publishes 2025 Radar Year in Review report
Cloudflare has published its 2025 Radar Year in Review report. Security-related findings include a significant growth in hypervolumetric DDoS attacks, more than 5% of all emails and nearly all of the emails coming from .lol and .christmas domains were malicious (or spam), 40% of global bot traffic came from the United States, and the ‘people and society’ sector was the most targeted.
RaccoonO365 suspect arrested in Nigeria
A few months after Microsoft and Cloudflare announced the takedown of infrastructure used by the RaccoonO365 phishing service, Nigerian police arrested a suspect. Okitipi Samuel, aka ‘RaccoonO365’ and ‘Moses Felix’, is believed to be the developer of the phishing infrastructure. Microsoft previously announced that the leader of the RaccoonO365 operation is believed to be Joshua Ogundipe, a programmer from Nigeria.
Venezuela accuses US of cyberattack on oil company
Venezuela’s state-run oil company PDVSA reported that it successfully repelled a cyberattack targeting its administrative systems, claiming that its operational and production capabilities remained unaffected. Reuters reported that PDVSA was targeted in a ransomware attack. Venezuelan officials blamed the United States for the incident, which comes amid a dramatic escalation between the two countries.
AI coding security study
A study conducted by BlackDuck shows that only 24% of organizations conduct comprehensive IP, license, security, and quality evaluations of AI-generated code. Based on a survey of hundreds of software security leaders and practitioners, the BlackDuck report also looks at dependency management, automated monitoring, SBOM validation, and compliance controls.
New Android banking trojan Frogblight
Kaspersky has published details on a relatively new Android banking trojan named Frogblight, which has been seen targeting users in Turkey. The malware is delivered disguised as Chrome or as an app designed for accessing court case files via a government site. Once it has infected a device, the malware attempts to collect banking credentials.
Google sues Chinese ‘Dracula’ cybercrime group
Google has filed a lawsuit against a Chinese-speaking cybercrime group named ‘Dracula’, which provides services for sending phishing text messages en masse, NBC News reported. The lawsuit enables Google to take down infrastructure associated with the operation. The tech giant’s complaint targets Yucheng Chang, who is believed to be the leader of the operation, along with two dozen other unnamed individuals. Google estimated that the cybercriminals have stolen nearly 900,000 credit card numbers through the operation.
Docker AI assistant attack
Docker recently patched a vulnerability in the Docker Desktop AI assistant named Ask Gordon. The flaw, discovered by Pillar Security in the beta version, could have been exploited by an attacker for prompt injection. Pillar researchers demonstrated that an attacker could have created a poisoned repository that contained malicious instructions for the AI, including to exfiltrate sensitive data.
Coupang confirms former employee behind hack
Ecommerce giant Coupang has confirmed that a recent data breach involving the personal information of more than 33 million customers is likely the work of a former employee. The company revealed in an SEC filing that the former employee may have obtained information such as name, email address, delivery address, phone number, and order history. There is no indication that the stolen data has been made public.
Related: In Other News: PromptPwnd Attack, macOS Bounty Complaints, Chinese Hackers Trained in Cisco Academy
Related: In Other News: X Fined €120 Million, Array Flaw Exploited, New Iranian Backdoor
