SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
PromptPwnd attack
Aikido Security has uncovered a new prompt injection attack method involving GitHub Actions and AI agents. Dubbed, PromptPwnd, the attack involves embedding malicious prompts into software development issue bodies, commit messages, and PR descriptions, which are then interpreted by AI agents such as Gemini CLI, Claude Code, OpenAI Codex, and GitHub AI Inference as instructions. At least five Fortune 500 companies are affected, Aikido said. Google patched the issue in Gemini CLI within days of being notified.
Pentagon CIO orders accelerated move to post-quantum cryptography
The US Department of War has ordered all Pentagon components to accelerate their transition to post-quantum cryptography, warning that advances in quantum computing pose a growing risk to the security of military systems, data, and communications.
Researchers complain about smaller macOS bug bounties
Weeks after Apple announced a significant update to its bug bounty program, with the top reward increasing to $2 million, researchers have complained that maximum payments for macOS vulnerabilities have decreased significantly. According to macOS researcher Csaba Fitzl, the top rewards for TCC bypasses are down from $30,000 to 5,000, and for macOS sandbox escapes they decreased from $10,000 to $5,000. Apple has not responded to SecurityWeek’s request for comment.
US shuts down scheme to smuggle GPUs to China
The Justice Department announced that three individuals residing in the US and Canada have been caught smuggling Nvidia GPUs designed for AI applications and high-performance computing to China. Exporting the GPUs to China is strictly prohibited. One of the suspects, who pleaded guilty, received $50 million from China as part of the scheme. The other two suspects were detained recently. “These chips are the building blocks of AI superiority and are integral to modern military applications. The country that controls these chips will control AI technology; the country that controls AI technology will control the future,” said US Attorney Nicholas Ganjei.
Holly Ventures launches $33 million cybersecurity fund
Holly Ventures announced the launch of a $33 million debut fund for early-stage cybersecurity startups in the US and Israel. Founded by John Brennan, former senior partner at YL Ventures, Holly Ventures is backed by investors from Bessemer Venture Partners, Ballistic Ventures, CRV, Wing Ventures, IVP, TCV, Notable Capital, Team8, BrightMind, Ten Eleven Ventures, and others. The company aims to provide not only funding but also direct GP engagement, operating help, and a high-density network.
Routers are the most attacked devices in OT environments
A honeypot analysis conducted by Forescout has shown that industrial routers are the most attacked devices in OT environments. Routers and other OT network perimeter devices captured two-thirds of attacks, while exposed OT devices captured the rest of the attacks. The analysis has also focused on the RondoDox and ShadowV2 botnets and the continued interest from hacktivists.
ENISA publishes cybersecurity investments report
ENISA has published its NIS Investments 2025 report, which analyzes the cybersecurity investments of organizations in the European Union. The study found that over the past year organizations have maintained their investments at levels comparable to the prior year. In addition, the study found that overall cybersecurity spending has increased modestly, and that most organizations have largely stable security teams in terms of size.
CISA updates cybersecurity performance goals for critical infrastructure
CISA has released an updated version of the Cross-Sector Cybersecurity Performance Goals (CPG) to help critical infrastructure operators achieve a minimum security baseline. CPG 2.0 incorporates lessons learned, aligns with the most recent NIST Cybersecurity Framework revisions, and addresses the most impactful threats facing critical infrastructure.
DroidLock Android ransomware
Zimperium has detailed DroidLock, an Android malware targeting Spanish users. The malware spreads through phishing sites and it has ransomware capabilities. It can lock the device’s screen and enables cybercriminals to take complete control of the compromised device.
Members of China’s Salt Typhoon hacking group were Cisco Academy students
Two individuals from China who were highly successful students in the Cisco Network Academy Cup in 2012 later became key operators of the APT group Salt Typhoon, SentinelOne reports. The hackers’ early education on Cisco products likely enabled them to orchestrate one of the most expansive intelligence collection operations of the last decade, targeting over 80 telecommunications companies globally.
Related: In Other News: HashJack AI Browser Attack, Charming Kitten Leak, Hacker Unmasked
Related: In Other News: X Fined €120 Million, Array Flaw Exploited, New Iranian Backdoor
