SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
€1.2 billion in GDPR fines
European authorities issued approximately €1.2 billion ($1.4 billion) in GDPR fines in 2025, with Ireland leading enforcement, accounting for a record €4.04 billion ($5.1 billion) in aggregate penalties since 2018, according to a DLA Piper study. The report also highlights a 22% surge in personal data breach notifications, which reached an all-time high of more than 440 average daily reports.
Mandiant releases Net-NTLMv1 rainbow tables
Google Cloud’s Mandiant has publicly released a comprehensive dataset of Net-NTLMv1 rainbow tables to highlight the critical insecurity of the legacy authentication protocol and accelerate its deprecation. This release demonstrates that an attacker using consumer-grade hardware can now recover password hashes in under 12 hours, underscoring the urgent need for organizations to migrate to more secure alternatives.
Interpol issues Red Notice for Black Basta leader
Interpol has issued a Red Notice for Oleg Evgenievich Nefedov, who law enforcement authorities have identified as the leader of the Black Basta ransomware gang. This designation follows a collaborative investigation by German and Ukrainian authorities that also led to raids against suspected affiliates.
Cloudflare WAF bypass
FearsOff researchers identified a vulnerability where Cloudflare’s WAF could be bypassed by targeting specific ACME challenge paths intended for certificate validation. The flaw, which has since been patched by Cloudflare, allowed attackers to reach origin servers directly, potentially exposing environment data or facilitating other attacks even when global block rules were active.
Cloud training applications exploited
Pentera researchers discovered that thousands of exposed cloud training applications, including ones hosted by Fortune 500 companies and security firms, are being actively exploited by attackers for crypto-mining and other unauthorized activities. These vulnerable environments frequently utilize overly permissive cloud roles, providing adversaries with a potential foothold to move laterally into broader corporate cloud infrastructure.
Canonical Snap Store abused for malware delivery
Security researcher Alan Pope reports that scammers are hijacking legitimate Canonical Snap Store publisher accounts by registering expired domains associated with those accounts to trigger password resets. Once in control, these attackers push malicious updates to established, trustworthy applications to deploy cryptocurrency wallet-draining malware.
Rockwell Automation security notice
Rockwell Automation has issued a high-severity advisory regarding multiple DoS vulnerabilities in its 1756-RM2 ControlLogix Redundancy Modules, which could cause devices to become unresponsive or experience nonrecoverable faults. No firmware updates are planned for the affected hardware and the company strongly recommends that customers upgrade to the newer 1756-RM3 modules to mitigate the risks.
Curl terminating bug bounty program
The open source project curl is terminating its bug bounty program at the end of January 2026 due to a surge in low-quality, AI-generated vulnerability reports. Lead maintainer Daniel Stenberg stated that the move aims to remove financial incentives for ‘AI slop’ that has overwhelmed the security team’s resources while failing to identify valid vulnerabilities.
300,000 affected by Minnesota Department of Human Services data breach
The Minnesota Department of Human Services has informed the public about a data breach involving its MnCHOICES system, which is used for long-term care services and support planning for people with disabilities or chronic needs. FEI Systems, the firm that manages MnCHOICES, discovered that a user associated with a provider had access to the demographic information of more than 300,000 people, as well as additional data for 1,200 of them. There is no evidence that the information has been misused.
Related: In Other News: 8,000 Ransomware Attacks, China Hacked US Gov Emails, IDHS Breach Impacts 700k
Related: In Other News: FortiSIEM Flaw Exploited, Sean Plankey Renominated, Russia’s Polish Grid Attack
