SecurityWeek’s weekly cybersecurity news digest provides a quick rundown of significant events that might not get their own dedicated articles but are still important for understanding the wider threat environment.
This handpicked collection spotlights major stories covering newly revealed vulnerabilities, novel hacking techniques, changes in regulations, industry analyses, and other key happenings, helping you stay informed about the constantly shifting world of cybersecurity.
Here are the top stories from this week:
Hackers manipulate AI chatbot searches to steal computing resources
Microsoft has revealed that cybercriminals are using search engine optimization (SEO) and AI chatbot suggestions to fool people into downloading counterfeit software that mimics popular tools such as CrystalDiskInfo and PDFgear. After infecting a device, the hackers use ConnectWise ScreenConnect to maintain long-term remote access and run a special program that takes over standard Microsoft .NET processes. The stolen computing power is then used to operate cryptocurrency mining software designed specifically for powerful graphics cards (GPUs).
Grandoreiro banking trojan strikes again
Researchers at WatchGuard have spotted a fresh wave of Grandoreiro malware aimed at banks in Portugal and Latin America. The attack uses a technique called DLL side-loading, which tricks four legitimate programs into running the malicious code. Despite being active for ten years and facing police crackdowns, this malware remains a persistent threat.
Self-spreading Go-based ransomware takes over entire networks
Microsoft Threat Intelligence is monitoring a group called Storm-2697, which runs a ransomware service known as ‘The Gentlemen.’ They use a highly aggressive encryption program written in Go and hidden using a tool called Garble. This ransomware uses password-protected commands to set how fast it encrypts files and automatically spreads through a network by creating tasks with the highest system privileges. Recently, security firms Halcyon and Huntress have also taken a closer look at this specific ransomware strain.
Let’s Encrypt prepares for the quantum era with Merkle trees
To handle the huge increase in data size caused by new quantum-resistant security methods, Let’s Encrypt is switching to Merkle Tree Certificates to protect future web security. Instead of signing every certificate individually, this method groups many certificates under one signature, which makes the connection process (TLS handshake) much faster and includes automatic transparency logs. The organization plans to start testing these new quantum-safe certificates in late 2026, with a full launch expected in 2027.
US government warns of hacked fuel monitoring systems
CISA, the FBI, the NSA, and other American agencies are alerting critical infrastructure companies about hackers actively attacking internet-connected Automatic Tank Gauge (ATG) systems, which are used to remotely check liquid and fuel levels. Hackers are getting around security checks and running system commands to change settings, leading the government to strongly advise companies to immediately take these systems offline. Officials have recently connected attacks on ATGs at American gas stations to Iran.
Palantir executive considered for top CISA job
The Trump administration is reportedly looking at Shyam Sankar, the Chief Technology Officer of Palantir Technologies, as a potential new leader for CISA. If chosen, the experienced Palantir leader would take over the role at a time when the agency is dealing with major budget reductions. Tom Parker, a security services executive at IBM, has also been mentioned as a leading candidate for the position.
Malware leads to Ultrahuman data leak
Ultrahuman, an Indian health tech company, has admitted to a data breach that exposed contact information, purchase history, and health data for some of its users. The hacker got unauthorized, read-only access to an internal data system by using login details taken from an employee’s laptop that had been infected with malware. The company stated that no passwords or payment information was stolen.
Crypto-miner found hidden in Hola Browser
Sophos researchers found a hidden XMRig crypto-miner program inside an official version of the Hola Browser installer for Windows. Hola explained that this was due to a limited supply chain attack that affected only a small part of their software distribution, allowing the malicious code to go unnoticed.
AI attack study shows surge in automated hacking tools
A year-long study by Anthropic, which mapped AI-powered hacking attempts against the MITRE ATT&CK framework, shows a rapid rise in hackers using large language models (LLMs) for dangerous tasks like moving through networks and stealing login credentials. The company believes that a hacker’s danger level will soon depend on the automated systems they build to carry out complex attacks without human help.
Flawed IPv6 packet crashes Comodo firewalls
Security expert Marcus Hutchins has shared details and a proof-of-concept exploit for a flaw called ComoDoS in Comodo Internet Security. This unpatched weakness lets hackers crash Windows computers remotely by sending just one specially crafted network packet, completely ignoring any firewall settings. Hutchins said he tried to report the issue responsibly, but the company did not respond. SecurityWeek also could not reach Comodo for a statement.
Related: In Other News: Industrial Router Exploitation, CISA KEV Nomination Form, Gas Station Hacking
Related: In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws
