SecurityWeek’s weekly cybersecurity news digest provides a streamlined summary of significant developments that might not warrant individual articles but are still important for understanding the wider threat landscape.
This carefully selected collection covers major stories involving vulnerability disclosures, new attack techniques, policy changes, industry reports, and other notable events, helping readers stay informed about the constantly changing cybersecurity world.
This week’s key stories include:
Nvidia’s cloud gaming partner experiences data breach
Nvidia has verified that a breach of GeForce NOW user data happened through GFN.am, its regional Alliance partner running the service in Armenia, with no effect on Nvidia’s own systems. The breach, occurring between March 20 and 26, revealed personal information such as full names, email addresses, phone numbers, dates of birth, and usernames, though no passwords were exposed, and users who signed up after March 9 remain safe. A threat actor using the ShinyHunters name (thought to be an impersonator) took responsibility on a hacker forum and offered the complete database for $100,000 in cryptocurrency before the post was removed.
FCC extends deadline for foreign router security updates
Foreign-made routers and drones on the FCC’s Covered List — devices considered national security threats — will continue receiving security patches and firmware updates until at least January 1, 2029, extended from the earlier March 2027 deadline. The agency is also exploring making this waiver permanent.
OpenAI offers EU regulators access to its cybersecurity AI
OpenAI is negotiating with the European Commission to grant access to a cybersecurity-focused version of GPT-5.5 that can detect and exploit software vulnerabilities. This offer followed EU cybersecurity and AI officials spending weeks trying to access Anthropic’s similar model, Mythos, which has been restricted to only a few dozen organizations. ENISA, the EU’s cybersecurity agency, confirmed OpenAI reached out, and the Commission described the move as a step toward overseeing the model’s use and tackling potential security concerns.
Developers deceived by fake Claude Code installer
Ontinue has discovered an active infostealer operation using fake Claude Code installation pages, advertised through paid search results, to trick developers into executing harmful PowerShell commands. The malware employs a small native tool to exploit Chrome’s App-Bound Encryption through the IElevator2 COM interface, stealing decrypted cookies, saved passwords, and payment information from Chrome, Edge, Brave, and other Chromium-based browsers, before sending the data to attacker-controlled servers. The malware doesn’t belong to any known family and appears to be actively maintained.
Seedworm attacks South Korean electronics company
Iran-linked group Seedworm (also called MuddyWater) infiltrated a major South Korean electronics manufacturer in February 2026 as part of a wider operation targeting at least nine organizations across four continents, including government bodies, industrial manufacturers, financial services companies, and educational institutions. The attackers used DLL sideloading through legitimately signed Fortemedia and SentinelOne files to deliver malicious payloads.
Android 17 introduces AI-powered security features
Google’s Android 17 brings a comprehensive set of security improvements, including verified financial calls (automatically blocks spoofed calls pretending to be participating banks) and expanded Live Threat Detection, which now identifies suspicious activities like SMS forwarding and accessibility overlay abuse in real time. For theft protection, biometric authentication can now be required to unlock a device marked as lost, and default-on theft protections are being rolled out worldwide. The update also adds post-quantum cryptography, automatic OTP hiding from most apps, and Android OS verification to help users confirm they’re running a genuine build.
Big Tech resists Canada’s encryption legislation
Apple and Meta are fighting Bill C-22, a Canadian lawful-access bill they argue could compel tech companies to create encryption backdoors or install government surveillance tools on their systems. Meta cited the Salt Typhoon espionage operation as evidence that authorized backdoors can be misused, while Public Safety Canada maintains the bill wouldn’t require systemic vulnerabilities, though both companies warn the real danger lies in how the bill’s broad powers might be applied once passed.
Grego AI and Secludy reveal launch and funding
Secludy announced securing $4 million for its newly launched platform, built to help organizations in regulated industries safely leverage valuable data for AI. The platform creates synthetic data that replicates original datasets, allowing customers to train and test AI models without revealing sensitive customer information.
Grego AI came out of stealth mode with a platform that pushes existing AI models beyond their normal limits to discover critical software vulnerabilities. The company reported earning a $250,000 bug bounty for a vulnerability it found, and claims to have helped stop a $27 million attack. Grego AI informed SecurityWeek that it raised $2 million in funding.
Audi’s connected car system exposed owner information
A security researcher found multiple vulnerabilities in the myAudi connected car platform, discovering that anyone with a vehicle’s VIN can add it to their account as a guest and access sensitive data. Exposed details included the embedded SIM’s IMEI and ICCID identifiers, the GPS location of the main owner when they used a ‘honk & flash’ command, and vehicle lock status. CARIAD, the VW Group’s software division, has fixed one issue, but the researcher says the remaining findings are still being assessed. Audi has not replied to SecurityWeek’s request for comment.
Cisco releases open-source framework for AI-based vulnerability assessment
Cisco has published Foundry Security Spec, an open source framework for building agentic security assessment systems that use advanced AI models to detect and verify vulnerabilities in a structured, traceable manner. Instead of sharing internal code connected to Cisco’s own systems, the company is releasing the architecture (eight core agent roles, a finding lifecycle, and 130 functional requirements) so security teams can customize it to their own environments.
FBI warns after ShinyHunters compromises Canvas
ShinyHunters has taken responsibility for an attack on Instructure’s Canvas system, which disrupted service to educational institutions throughout the US, and the FBI is now cautioning that affected students and faculty could become targets for extortion and advanced spearphishing using stolen data. The group is known for massive data theft and aggressive pressure tactics to force victims into paying, including threatening calls, messages to family members, and swatting. The US government has asked Instructure to provide clarification after the company admitted it made an agreement with the hackers.
Related: In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner
Related: In Other News: Scattered Spider Hacker Arrested, SOC Effectiveness Metrics, NSA Tool Vulnerability
