SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
AMD addresses new attacks disclosed by Microsoft
Researchers at Microsoft have developed a tool designed to stress-test microarchitectural isolation between security domains such as VMs, processes and kernel, in an effort to find isolation flaws. Their experiments led to the discovery of four new transient execution vulnerabilities in AMD processors, which can lead to the leakage of sensitive information. AMD has published an advisory listing impacting products, as well as the available firmware updates and mitigations.
US sanctions North Korean hacker for facilitating IT worker schemes
The US Treasury Department has announced sanctions against Song Kum Hyok, a North Korean national associated with the hacking group known as Andariel. Song is accused of facilitating fake IT worker schemes that help North Korea generate significant revenue. Song used the information of Americans to create aliases for North Korean IT workers seeking employment at US companies.
Docker Hub images expose hundreds of secrets
Firmware security firm Binarly has used a new version of its transparency platform to look for inadvertently exposed secrets. A scan of over 80,000 popular Docker Hub images led to the discovery of 644 unique secrets, including JWTs, generic credentials, and CI/CD tokens.
Fortinet OT security report
Fortinet has released its 2025 State of Operational Technology and Cybersecurity Report, which is based on a survey of over 550 OT professionals across several sectors. The report shows that OT cybersecurity responsibility has moved to the C-suite, with more than half of respondents saying that the CISO or CSO is now directly responsible for OT security, up from 16% in 2022. In addition, 80% of the other respondents said they plan on making the shift in the next year.
Cybersecurity funding increases to $4.2 billion in Q2 2025
Cybersecurity funding rose by 25%, to $4.2 billion in Q2 2025, compared to the same quarter of the previous year, according to cybersecurity recruitment firm Pinpoint Search Group. The $4.2 billion was raised over 100 funding rounds. Seed and Series A accounted for over half of the rounds, and eight investments exceeded $100 million. This year to date, security vendors have raised a total of $6.4 billion, 13% more than in the same period of 2024.
DoNot APT targets Southern European governments
Trellix has detailed the recent activities of an India-linked APT named DoNot (tracked by others as APT-C-35, Mint Tempest, Origami Elephant, SECTOR02, and Viceroy Tige) and its sophisticated attacks on government entities in Southern Europe. The hackers typically use custom-built Windows malware delivered through spear-phishing emails and malicious documents. The group’s objective appears to be cyberespionage.
Malicious Chrome and Edge extensions hit 2.3 million users
Koi Security has detailed a campaign, dubbed RedDirection, which involves 18 Chrome and Edge extensions hiding malicious functionality. The extensions were installed by 2.3 million users and provide legitimate functionality, but they secretly also hijack the user’s browser and track every website they visit, while maintaining a C&C backdoor. The extension that triggered the investigation only became malicious years after it was published.
ZuRu macOS malware continues to evolve
A piece of macOS malware named ZuRu, first seen in 2021 targeting Chinese users, continues to be improved by its developers. A recent sample discovered by SentinelOne leverages a new method to trojanize legitimate applications. The security firm has published an analysis of this ZuRu sample.
Russian arrested in France at request of US over ransomware attacks
Russian professional basketball player Daniil Kasatkin has been arrested in France at the request of the United States, which accuses him of being involved in ransomware attacks, specifically the negotiation of ransom payments. The ransomware group Kasatkin was allegedly involved with has not been named, but is said to have attacked roughly 900 companies. The FBI said recently that it’s aware of 900 organizations hit by the Play ransomware group. Kasatkin has denied the accusations. He visited France with his fiancé — he had just proposed to her prior to his arrest.
Google details Advanced Protection in Chrome for Android
Google has shared details on the Advanced Protection features in Chrome on the Android operating system. The Advanced Protection program, which recently came to Android to provide enhanced protection for journalists and other high-risk targets, ensures that Chrome on Android always uses secure connections, provides full site isolation to keep malicious sites away from legitimate sites, and reduces the attack surface by disabling JavaScript optimizations.
Related: In Other News: Norway Dam Hacked, $177M Data Breach Settlement, UNFI Attack Update
