SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape.
This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment.
Here are this week’s highlights:
Hackers disrupt LA Metro systems
Los Angeles Metro locked down its internal administrative computers after its security team detected unauthorized access, knocking out real-time arrival displays at stations and causing problems for riders trying to load money onto TAP cards online. Trains and buses kept running throughout the incident, and the agency said customer and employee data was not compromised. It’s unclear whether they are related, but the ransomware group World Leaks claimed on its website to have targeted the City of Los Angeles.
FBI and CISA flag Russian campaign to hijack Signal and WhatsApp accounts
The FBI and CISA are warning that Russian intelligence operatives have been running a phishing campaign to break into Signal, WhatsApp, and other messaging apps — not by cracking encryption, but by tricking users into handing over account access. Thousands of accounts have already been compromised globally, with the attackers focusing on high-value targets like current and former US government officials, military personnel, politicians, and journalists. Once inside an account, attackers can read messages, impersonate victims, and use that trusted identity to launch further phishing against.
Breathalyzer firm hack stops drivers from starting their cars
Intoxalock, an Iowa-based company that makes court-mandated breathalyzer ignition devices, was hit by a cyberattack that took down its systems and left some drivers unable to start their cars. The attack disrupted the calibration process the devices depend on, and some drivers had no choice but to tow their cars to service centers. Intoxalock said it has since restored its systems and will cover costs tied to the outage.
Heritage Bank data stolen in file server breach
Heritage Bank disclosed that hackers copied files from an internal employee file-sharing server. The stolen data includes employees’ and customers’ private and confidential information, such as names, Social Security numbers, account numbers, dates of birth, and addresses. The bank says customer accounts and day-to-day operations were not affected.
ETH Zurich develops anti-deepfake chip
Researchers at ETH Zurich have built a sensor chip that stamps a cryptographic signature onto images, video, and audio the instant they are captured, making any later tampering immediately detectable. The signatures could be stored on a public blockchain, letting anyone verify whether a piece of media is genuine without relying on software detection tools that are constantly racing to keep up with better AI fakes. The chip is still a prototype, but the team has filed a patent and says it can be brought to market using existing manufacturing processes.
New State Department unit to tackle tech threats
The State Department has officially activated its Bureau of Emerging Threats, a new unit tasked with protecting US national security against cyberattacks, AI misuse, space-based threats, and other advanced technology risks from Iran, China, Russia, and North Korea. The bureau will be led by Anny Vu, who previously served as the Trump administration’s chargé d’affaires to China.
MorganFranklin Cyber rebrands as Arcova
MorganFranklin Cyber, a cybersecurity advisory and managed services firm that has operated under various names since 2018, has rebranded as Arcova. The new name follows a private equity-backed management buyout completed in early 2025 and the subsequent acquisition of Lynx Technology Partners, and is meant to signal a broader push into AI, resilience, and emerging technology consulting. Existing leadership, client relationships, and services remain unchanged under the new brand.
DHS shutdown leaves CISA on life support
CISA acting director Nick Andersen told a House committee this week that the DHS funding lapse has furloughed roughly 60% of the agency’s workforce, leaving the remaining staff to carry out only essential functions (without pay) while nation-state and criminal threats keep mounting. The agency currently has around 1,000 open positions, and the drain is accelerating: six members of a single threat hunting and incident response team handed in their resignations on the same day. Andersen warned that the situation is likely to cause lasting damage to CISA’s ability to recruit and retain cyber talent.
Google puts 2029 deadline on quantum-safe encryption switch
Google has moved up its timeline for transitioning to post-quantum cryptography, setting a 2029 target after faster-than-expected advances in quantum hardware and error correction. The company’s VP of Security Engineering, Heather Adkins, and senior cryptography engineer Sophie Schmieg warned that ‘harvest now, decrypt later’ attacks make waiting dangerous. Google is already rolling out quantum-resistant algorithms across Android, Chrome, and its cloud services, and is urging the wider industry to follow suit.
Scammers pose as Palo Alto Networks recruiters
Palo Alto Networks’ Unit 42 threat research team has been tracking a phishing campaign since August 2025 in which attackers impersonate the company’s recruiters to defraud senior-level professionals. Using LinkedIn data to craft personalized outreach, the scammers tell targets that their resume failed an automated screening process, then offer a paid ‘fix’ costing between $400 and $800. Palo Alto has confirmed it never charges candidates for any part of the hiring process, and is urging anyone who receives these emails to verify sender domains and report the suspicious contact immediately.
Related: In Other News: N8n Flaw Exploited, Slopoly Malware, Interpol Cybercrime Crackdown
Related: In Other News: New Android Safeguards, Operation Alice, UK Toughens Cyber Reporting
