SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Cybersecurity legislation preparedness initiative for open source
Linux Foundation Europe and OpenSSF announced a joint-initiative to help open source manufacturers, maintainers, and stewards prepare for the implementation of cybersecurity legislation such as the EU Cyber Resilience Act (CRA). The effort will focus on formalizing cybersecurity specifications, offering compliance guidance, and implementing compliance processes and tooling.
BeyondTrust investigation into leaked API key
BeyondTrust announced it has completed its investigation into the December 2024 compromise of an API key for its Remote Support SaaS. The incident led to the discovery of two zero-day vulnerabilities in the Privileged Remote Access (PRA) and Remote Support (RS) enterprise solutions, and impacted 17 customers, including the US Department of the Treasury.
Advertisement. Scroll to continue reading.
Texas county discloses cyberattack
Matagorda County in Texas disclosed a cyberattack that led to malware being deployed on its network and resulted in the disruption of certain operations after the impacted systems were isolated. Various departments have been affected, but the county has no indication that personal information might have been compromised.
Hackers making exaggerated claims about hacking AWS
It’s not uncommon for some hacker groups to make exaggerated claims. One such group is called GDLockerSec and it recently claimed to have hacked the AWS cloud service. An investigation by threat intelligence firm Kella showed that there was no breach of AWS systems. The data may have been obtained from a third-party’s unprotected AWS S3 instance, but Kela found that it had already been publicly available on other platforms.
North Korea’s Operation Phantom Circuit
North Korean state-sponsored hacking group Lazarus has compromised over 1,500 systems between November 2024 and January 2025 as part of a campaign dubbed Operation Phantom Circuit. Hitting developers in Europe, India, and other countries, the campaign focused on the theft of credentials, tokens, and system information, on monitoring the victims, and on compromising the supply chain for cryptocurrency and authentication systems.
High-impact API vulnerability
An unnamed top-tier travel service used by airlines was affected by an API vulnerability that may have exposed the accounts of millions of users, Salt Security reported. The security hole could allow hackers to access accounts and perform various actions on victims’ behalf, including book hotels and car rentals, and cancel or modify bookings.
MGM to pay $45 million in data breach settlement
Hospitality and entertainment giant MGM has agreed to pay $45 million to settle lawsuits related to separate data breaches that occurred in 2019 and 2023. The settlement covers anyone in the United States who was impacted by the cybersecurity incidents.
Arcus Media ransomware
Halcyon has conducted an analysis of the Arcus Media ransomware group, which emerged in May 2024 and announced more than 50 victims within half a year. Halcyon’s analysis of Arcus Media focuses on the group’s techniques, including malware execution, privilege escalation and persistence; the termination of processes; and its unique encryption method.
BIND patches
The Internet Systems Consortium has announced patches for two vulnerabilities in the BIND 9 DNS software. Tracked as CVE-2024-12705 and CVE-2024-11187, the security defects could be exploited to cause excessive CPU resource consumption, essentially causing denial-of-service (DoS) conditions.
Google kept 2.36 million bad apps out of Google Play
Google says it prevented 2.36 million bad Android applications from being published to Google Play in 2024, when it banned over 158,000 bad developer accounts. Heavily relying on AI to identify malicious and policy-violating apps, and scanning over 200 billion pieces of software daily, Google prevented 1.3 million apps from obtaining access to sensitive user data, and caught 13 million malicious apps from outside Google Play.
Browser Syncjacking — taking over devices using browser extensions
SquareX Labs warns of Syncjacking, a new attack tactic in which a threat actor registers a Google Workspace account with multiple user profiles for a domain, then creates an innocuous browser extension and convinces users to install it. After a while, the extension connects to the domain and logs the victim into one of the created user profiles, providing the attacker with control over the browser. If the victim is tricked into completing the synchronization with the profile, the attacker has access to their browser data. Similarly, malicious extensions can be used to trick the victim into executing malware on their devices.
Related: In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
Related: In Other News: Lawsuits and Settlements, CrowdStrike Phish, MITRE’s D3FEND 1.0