SecurityWeek’s weekly digest of cybersecurity news provides a streamlined summary of significant developments that might not warrant individual articles but are still important for understanding the overall threat environment.
This carefully assembled recap spotlights major stories spanning vulnerability revelations, new attack techniques, regulatory changes, industry analyses, and other key events, helping readers stay broadly informed about the rapidly shifting cybersecurity landscape.
This week’s key stories:
IBM and AT&T face allegations of concealing breaches
A retired executive from IBM’s cybersecurity division has filed a lawsuit claiming that both IBM and AT&T hid a series of cyberattacks attributed to foreign governments. The whistleblower alleges the companies neglected to properly report numerous breaches to federal authorities over a period of years and instead gave misleading assurances about their security posture to retain lucrative government contracts, in breach of federal disclosure obligations.
Oxford University hit by CareerConnect data breach
The University of Oxford announced a data breach affecting the CareerConnect careers service. Attackers gained unauthorized access to the system, compromising names, email addresses, and encrypted passwords. The breach affects alumni, research staff, and employer accounts—though not students, who authenticate through Single Sign-On (SSO).
Google Threat Intelligence Group and Mandiant see staff cuts
Google Cloud has reportedly begun reducing headcount within its cybersecurity division, with members of the Mandiant unit and the Google Threat Intelligence Group (GTIG) among those affected. Google has not disclosed the precise number of employees impacted and has declined to respond to SecurityWeek’s inquiry on the matter.
Microsoft publishes AI-specific incident response playbook
Microsoft has unveiled a new operational playbook guiding security practitioners through the process of investigating incidents involving Microsoft 365 Copilot and Azure AI Services. The document delivers structured frameworks for tracking and analyzing potentially malicious behavior within these environments. The guide aims to help defenders tailor their conventional response workflows to the unique telemetry produced by modern AI systems.
CISA orders patching of actively exploited LiteLLM vulnerability
CISA has added CVE-2026-42271, a critical command injection flaw in the AI gateway framework BerriAI LiteLLM, to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of ongoing real-world attacks. Detailed information about the exploits leveraging the vulnerability has not been made available.
Regulators levy $400 million fine against Coupang over data leak
South Korea’s Personal Information Protection Commission (PIPC) has issued a record $400 million penalty against e-commerce firm Coupang in connection with extensive security shortcomings and data handling violations that compromised the personal data of more than 30 million customers. Audits uncovered critical weaknesses in access control policies and cryptographic key management. Coupang has stated it intends to challenge the penalty.
Nokia launches automated edge-based defense against proxy botnets
Nokia has rolled out Deepfield Genome Shield, an automated cybersecurity platform engineered to proactively counter enormous DDoS attacks powered by residential proxy botnets. The solution counters threats originating from an estimated 200 million compromised devices by disrupting command-and-control communications at the network’s edge.
ICS device exposure levels hold steady as attack surface grows
Bitsight’s 2026 Global State of ICS/OT Exposure report shows that internet-facing industrial control systems (ICS) have stabilized at approximately 170,000 monthly exposures. However, the overall risk is intensifying: modern ICS increasingly support non-traditional protocols like SSH, HTTP, and MQTT alongside older protocols, broadening the attack surface and increasing the difficulty of effective defense.
ENISA pivots toward collective EU cyber resilience
The European Union Agency for Cybersecurity (ENISA) is focusing its Cyber Europe 2026 exercise on strengthening cross-border response coordination throughout the region. The emphasis reflects an ongoing push to assess and enhance the cooperative resilience of EU member states when facing large-scale cyber threats. This strategic focus seeks to ensure European infrastructure can withstand and quickly recover from coordinated, cross-country digital attacks.
Global crackdown dismantles cryptocurrency laundering network
An international coalition of law enforcement agencies, backed by Europol and Eurojust, has taken down AudiA6, a major cryptocurrency laundering service that processed over $388 million on behalf of ransomware operators between 2022 and 2025. The takedown disrupted a large-scale operation that routed illicit digital assets through thousands of fraudulent exchange accounts created with stolen credentials. Authorities also seized the platform’s website infrastructure and successfully shuttered Dark2Web, an underground criminal forum operated by the same group to facilitate connections among threat actors worldwide.
Related: In Other News: Industrial Router Exploitation, CISA KEV Nomination Form, Gas Station Hacking
Related: In Other News: Anthropic Maps AI Threats, Unpatched Comodo Flaw, Palantir Chief Eyed for CISA
