SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
BreachForums is back — again
BreachForums appears to be back after it went offline in April. The popular cybercrime forum was shut down and resurrected several times over the past years. DataBreaches reported that several clones have appeared since April, but now the ‘official’ site seems to be back online, and it has preserved the original user database, reputation, credits, and posts. The site appears to have returned under new leadership — a user with the online moniker ‘N/A’ is the new owner.
Nozomi publishes OT/IoT cybersecurity report for H1 2025
Nozomi Networks has published its OT/IoT Cybersecurity Trends and Insights report for the first half of 2025. The report covers a significant increase in cyberattacks launched by Iranian hackers against US transportation and manufacturing organizations, the exposure of wireless networks to attacks, and botnet activity spikes driven by Mirai.
Port cybersecurity reports from NATO and Booz Allen
Reports on port cybersecurity have been published by NATO’s CCDCOE and Booz Allen. The NATO report focuses on state-sponsored cyber threats to critical maritime port infrastructure, pointing to attacks conducted in recent years against European and Mediterranean ports by Russian, Chinese and Iranian threat groups. Booz Allen collaborated with the McCrary Institute for Cyber and Critical Infrastructure Security on a report that focuses on the use of zero trust for the OT systems present in US ports.
Notice for Microsoft Authenticator users
Starting August 1, Microsoft Authenticator users will no longer be able to use password management and autofill features unless they use the Edge browser. The move is part of Microsoft’s strategy to boost the adoption of passkeys, which are more secure than passwords.
FBI seized $1.7 million of cryptocurrency from Chaos ransomware group
The US Justice Department announced that it’s seeking the forfeiture of more than $1.7 million worth of cryptocurrency seized by the FBI in mid-April 2025 from a member of the Chaos ransomware group known as ‘Hors’. The cryptocurrency is now valued at more than $2.4 million. The Chaos ransomware group is believed to be either a rebranding of the BlackSuit ransomware operation or operated by former BlackSuit members. The BlackSuit leak website was recently seized by law enforcement.
Microsoft investigating whether ToolShell exploit leaked via MAPP
Microsoft is investigating whether the recent SharePoint vulnerabilities dubbed ToolShell, which have been exploited to hack hundreds of servers, have been leaked through the Microsoft Active Protections Program (MAPP), which aims to provide an early warning system for vendors by notifying them 24 hours — in some cases five days — prior to public disclosure, Bloomberg reported. The first ToolShell attacks were attributed by Microsoft to Chinese state-sponsored threat actors and the tech giant is now trying to determine whether one of the more than a dozen Chinese companies enrolled in MAPP leaked information. The attacks impacted US government agencies, and Reuters reported that over 90 state and local governments have been targeted.
New cybersecurity guidelines in Germany
The German government is proposing new cybersecurity guidelines that will impact nearly 30,000 companies. The guidelines, which need to be approved by the national parliament, instruct companies to enhance their security through risk analysis, emergency plans, encryption, and backups. Companies will also have to report cyberattacks within 24 hours and provide an update on the incident after 72 hours.
China concerned about Nvidia chip backdoors
The Cyberspace Administration of China is concerned about potential backdoors in Nvidia chips. Earlier this year, the US government banned the sales of Nvidia’s H20 AI chips to China over fears that they may be used for military systems. The ban was recently reversed, but China now wants Nvidia to provide explanations and supporting materials over concerns that the chips could contain features that would allow the monitoring or disabling of Chinese systems.
Microsoft defenses against indirect prompt injection
Microsoft has shared some details on how it defends against indirect prompt injection attacks, in which threat actors use specially crafted data that LLMs misinterpret as instructions, potentially leading to user data exfiltration and the execution of unauthorized actions. Microsoft has implemented mechanisms designed to prevent the injection, detect the injection, and prevent impact.
Cybercriminals plant Raspberry Pi on bank network for ATM heist
A financially motivated threat actor tracked as UNC2891 was caught physically deploying a Raspberry Pi device inside a bank’s internal network as part of an attack aimed at ATMs. The attackers used a 4G modem to remotely access the device. Group-IB determined that the hackers wanted to gain access to the ATM switching server to deploy a rootkit that would allow them to conduct fraudulent ATM cash withdrawals, but their operation was disrupted before they could achieve their goal.
Related: In Other News: $30k Google Cloud Build Flaw, Louis Vuitton Breach Update, Attack Surface Growth
Related: In Other News: Law Firm Hacked by China, Symantec Flaw, Meta AI Hack, FIDO Key Bypass
