SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports. 

Here are this week’s stories: 

US says Tencent working with Chinese military

The US Defense Department has added Chinese multimedia and gaming giant Tencent and battery maker CATL to a list of companies that work with China’s military. This does not equate to sanctions, but it can have a negative impact on the companies. Both Tencent and CATL have denied being involved with the Chinese military.

Argentina’s airport security payroll system hacked

The personal and financial information of Argentina’s airport security police (PSA) personnel was reportedly compromised following a cyberattack, and small amounts were deducted from employees’ salaries. The intrusion was the result of a vulnerability at Banco Nación, which processes PSA’s payroll, local media reports. 

Cisco, Microsoft, and Splunk patches

Cisco this week announced patches for two medium-severity vulnerabilities in ThousandEyes Endpoint Agent for macOS and Common Services Platform Collector, both remotely exploitable. 

Microsoft has released fixes for high-severity flaws in Azure SaaS Resources and Purview (no user action required), while Splunk has rolled out patches for Splunk App for SOAR and for third-party packages in the Splunk add-on for JBoss.

42,000 recruitment application records stolen from UN aviation agency

The United Nations’ civil aviation agency International Civil Aviation Organization (ICAO) this week confirmed that approximately 42,000 recruitment application data records appear to have been stolen from its recruitment database, after a threat actor known as Natohub leaked the information online. The information, dated April 2016 to July 2024, includes names, dates of birth, email addresses, and employment history.

Moxa vulnerabilities

Moxa recently informed customers about two potentially serious vulnerabilities affecting its routers and network security appliances. One of them, rated critical and tracked as CVE-2024-9140, can allow unauthenticated remote command execution, while the other, tracked as CVE-2024-9138 and rated high severity, allows privilege escalation. Lars Haulin, the researcher credited by Moxa for responsibly reporting the vulnerabilities, told SecurityWeek that there does appear to be a small number of impacted devices exposed to the internet, but noted that the flaws likely cannot be chained by a remote and unauthenticated attacker to fully compromise a device. The researcher also pointed out that impact is mitigated if proper segmentation is in place, as Moxa recommends.

BIOS vulnerabilities in Illumina DNA gene sequencer

Eclypsium warns that iSeq 100, a DNA gene sequencer from Illumina, is plagued by multiple BIOS vulnerabilities, due to the use of outdated firmware. Not only does the old BIOS version contain known vulnerabilities, but the device also boots in compatibility support mode, has firmware protections disabled, and does not use Secure Boot, the cybersecurity firm says. Illumina has since released patches and notified its customers of the security defects. 

Bank of America discloses third-party data breach

Bank of America is notifying 414 individuals that their names, addresses, phone numbers, passport numbers, Social Security numbers, and their mortgage load numbers might have been compromised in a data breach at an unnamed third-party provider. The financial institution is providing the impacted individuals with one year of identity theft protection and credit monitoring services. 

Green Bay Packers data breach

American football team Green Bay Packers is notifying 8,514 people that their names, addresses, email addresses, and credit card information was stolen using a web skimmer injected into its Pro Shop website. The malicious code lurked on the website between September 23 and October 23, 2024, and potential victims are being offered three years of credit monitoring and identity theft restoration services.

Thousands of backdoors hijacked by registering abandoned domains

Researchers at WatchTowr have hijacked more than 4,000 backdoors previously deployed by threat actors by taking over abandoned and expired infrastructure. Basically, the researchers were able to take control of the backdoors by registering abandoned domain names that the backdoors had been designed to use. 

2025 trucking cybersecurity trends report

The US’s National Motor Freight Traffic Association (NMFTA) has published its 2025 Trucking Cybersecurity Trends Report. The report covers new phishing methods, the increasing impact of AI, the rise of zero trust adoption, API security, cyber-enabled cargo theft, threats to IoT, and privacy regulations. 

Silk Typhoon behind US Treasury hack

The Biden administration is scrambling to issue a new executive order to boost cybersecurity in the US in the wake of a recent wave of hacks attributed to Chinese state-sponsored groups, Bloomberg reports. In the most recent incident, workstations within the Treasury Department were compromised by “a sophisticated Chinese hacking group known as Silk Typhoon,” Bloomberg says.

Related: In Other News: Volkswagen Data Leak, DoubleClickjacking, China Denies Hacking US Treasury

Related: In Other News: McDonald’s API Hacking, Netflix Fine, Malware Kills ICS Process