SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
iOS 26 deletes spyware infection evidence
Mobile security firm iVerify reported that Apple’s new iOS 26 is overwriting the ‘shutdown.log’ file on every device reboot. This file is critical as it can hold evidence of Pegasus and Predator spyware infections, and iOS 26 is deleting that potential evidence on every iPhone reboot. “This development poses a serious challenge for forensic investigators and individuals seeking to determine if their devices have been compromised at a time when spyware attacks are becoming more common,” iVerify noted.
Critical flaws remain unpatched in EfficientLab employee monitoring software
SEC Consult has discovered several vulnerabilities in EfficientLab’s WorkExaminer Professional employee monitoring software, including flaws that can allow an attacker on the network to take control of the system and collect screenshots or keystrokes. SEC Consult says the vulnerabilities have likely not been patched after the vendor told it that they are not in scope of its bug bounty program. The security firm did not receive any further response after informing EfficientLab that the goal was to get the vulnerabilities fixed, not to receive a bug bounty.
Scouting America launches AI and cybersecurity merit badges
This fall, new merit badges in artificial intelligence (AI) and cybersecurity allow Scouts to build future-ready skills with guidance through the Scouts BSA program. The AI badge is earned not only for the use of AI, but also for learning to spot deepfakes and critical thinking regarding the ethical questions surrounding AI. The cybersecurity badge is earned for learning to identify cyber threats and using security solutions.
CrowdStrike publishes APJ cybercrime report
CrowdStrike has released its 2025 APJ eCrime Landscape Report, which focuses on the Asia-Pacific and Japan region. The report details how anonymized underground markets such as Huione Guarantee processed over $27 billion in illegal trades, and how AI-enhanced ransomware groups such as KillSec and Funklocker are driving a sharp rise in Big Game Hunting ransomware campaigns.
Everest group takes credit for Collins Aerospace hack
The Everest ransomware group has listed Collins Aerospace on its website, threatening to leak stolen data unless a ransom is paid. The attack on Collins Aerospace caused significant disruptions at major airports in Europe. Everest claims to have stolen over 50 GB of information, including 1.5 million personal information records. The hackers claim they did not deploy file-encrypting malware on Collins systems. It was previously reported that the attack was linked to an obscure piece of ransomware named HardBit.
Maryland launches vulnerability disclosure program
Maryland has announced a statewide vulnerability disclosure program (VDP) to make it easier for security researchers to report vulnerabilities in systems owned, operated or managed by the state. Maryland also announced that its Information Sharing and Analysis Center (MD-ISAC) is now open to all state agencies, local governments, critical infrastructure, and industry partners.
Warlock ransomware and new ToolShell attacks linked to China
The Symantec and Carbon Black Threat Hunter Team has published separate reports on the Warlock ransomware and recent ToolShell attacks, both linked to China. In the case of the ToolShell attacks, the researchers have seen post-patch exploitation against a Middle East telecom firm, multiple African and South American government networks, and a US university. The threat actors behind the Warlock ransomware, which were also caught exploiting ToolShell, are also believed to be based in China and the researchers have found evidence that it may not be a new group, linking it to malicious activity dating as far back as 2019.
Ex-L3Harris cyber executive accused of selling secrets to Russia
The US Justice Department has unveiled charges against Peter Williams, a former executive of Trenchant, the cyber unit of defense contractor L3Harris, for allegedly stealing trade secrets and selling them to a Russian buyer for $1.3 million. The indictment does not name any of the companies from which data was stolen and it’s unclear who the buyer was.
Gamers targeted with red teaming tool and RAT
Netskope this week published two reports describing threats targeting gamers. According to the company, a red teaming tool named RedTiger has been used in attacks aimed at gamers and Discord accounts. RedTiger can steal information such as passwords, cookies, download and browsing history, files, cryptocurrency data, Discord data, payment information, and webcam captures. The second report describes a new Python RAT that poses as legitimate Minecraft software. It also enables attackers to steal sensitive information from gamers’ devices.
Vast amounts of data exposed to Shadow Escape attack
Operant AI researchers have discovered Shadow Escape, a stealthy zero-click attack that affects organizations using MCP with any AI assistant. Shadow Escape exploits the inherent trust in AI agent/MCP connections to secretly exfiltrate vast amounts of sensitive user data from within a network. Because it leverages standard MCP setups and default permissions, the potential scale of data exfiltration is estimated to be massive (in the trillions of records, according to Operant).
Related: In Other News: Gladinet Flaw Exploitation, Attacks on ICS Honeypot, ClayRat Spyware
Related: In Other News: CrowdStrike Vulnerabilities, CISA Layoffs, Mango Data Breach
