SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape.
This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment.
Here are this week’s highlights:
Nvidia cloud gaming partner suffers data breach
Nvidia has confirmed that a breach of GeForce NOW user data occurred through GFN.am, its regional Alliance partner operating the service in Armenia, with no impact on Nvidia’s own infrastructure. The incident, which took place between March 20 and 26, exposed personal details including full names, email addresses, phone numbers, dates of birth, and usernames, but no passwords were compromised, and users who registered after March 9 are unaffected. A threat actor operating under the ShinyHunters name (believed to be an impersonator) claimed responsibility on a hacker forum and listed the full database for $100,000 in cryptocurrency before the post was taken down.
FCC buys time for foreign routers with extended update window
Foreign-made routers and drones on the FCC’s Covered List — devices deemed national security risks — will be allowed to receive security patches and firmware updates until at least January 1, 2029, up from the previous March 2027 cutoff. The agency is also considering making the waiver permanent.
OpenAI moves to give EU regulators a look at its cyber AI
OpenAI is in talks with the European Commission to provide access to a cyber-focused variant of GPT-5.5 that can identify and exploit software vulnerabilities. The offer came after EU cybersecurity and AI officials spent weeks unable to gain access to Anthropic’s comparable model, Mythos, which has been limited to a few dozen organizations. ENISA, the EU’s cybersecurity agency, confirmed OpenAI made contact, and the Commission called the move a step toward monitoring the model’s deployment and addressing potential security risks.
Developers targeted with fake Claude Code installer
Ontinue has uncovered an active infostealer campaign that uses fake Claude Code installation pages, promoted via sponsored search results, to trick developers into running malicious PowerShell commands. The payload uses a small native helper to abuse Chrome’s App-Bound Encryption via the IElevator2 COM interface, extracting decrypted cookies, saved passwords, and payment data from Chrome, Edge, Brave, and other Chromium-based browsers, before exfiltrating the data to attacker-controlled infrastructure. The malware doesn’t match any known family and is notably well-maintained.
Seedworm targets South Korean electronics manufacturer
Iran-linked group Seedworm (also known as MuddyWater) breached a major South Korean electronics manufacturer in February 2026 as part of a broader campaign hitting at least nine organizations across four continents, including government agencies, industrial manufacturers, financial services firms, and educational institutions. The attackers used DLL sideloading via legitimately signed Fortemedia and SentinelOne binaries to deploy malicious payloads.
Android 17 brings AI-driven defenses
Google’s Android 17 introduces a broad set of security upgrades, including verified financial calls (automatically drops spoofed calls impersonating participating banks) and expanded Live Threat Detection, which now flags suspicious behaviors like SMS forwarding and accessibility overlay abuse in real time. On the anti-theft front, biometric authentication can now be required to unlock a device marked as lost, and default-on theft protections are rolling out globally. The update also introduces post-quantum cryptography, automatic OTP hiding from most apps, and Android OS verification to help users confirm they’re running a legitimate build.
Big Tech pushes back on Canada’s encryption bill
Apple and Meta are opposing Bill C-22, a Canadian lawful-access bill they warn could force tech companies to build encryption backdoors or install government spyware on their systems. Meta pointed to the Salt Typhoon espionage campaign as proof that authorized backdoors can be exploited, while Public Safety Canada insists the bill would not require systemic vulnerabilities, though both tech companies say the real risk lies in how the bill’s broad powers could be interpreted once enacted.
Grego AI and Secludy announce launch and funding
Secludy announced raising $4 million for its newly launched platform, designed to help organizations in regulated industries safely use valuable data for AI. The platform generates synthetic data that mirrors original datasets, enabling customers to train and evaluate AI models without exposing sensitive customer information.
Grego AI emerged from stealth mode with a platform that pushes existing AI models beyond their expected capabilities to find critical software vulnerabilities. The company said it earned a $250,000 bug bounty for a vulnerability it uncovered, and claims to have helped prevent a $27 million attack. Grego AI told SecurityWeek that it raised $2 million in funding.
Audi’s connected car platform exposed owner data
A security researcher discovered several vulnerabilities in the myAudi connected car platform, finding that anyone who knows a vehicle’s VIN can add it to their account as a guest and access sensitive data. Exposed information included the embedded SIM’s IMEI and ICCID identifiers, the GPS location of the primary owner when they triggered a ‘honk & flash’ command, as well as vehicle lock status. CARIAD, the VW Group’s software arm, has patched one issue, but the researcher says the remaining findings are still under evaluation. Audi has not responded to SecurityWeek’s request for comment.
Cisco open-sources blueprint for AI-driven vulnerability evaluation
Cisco has released Foundry Security Spec, an open source specification for building agentic security evaluation systems that use frontier AI models to find and validate vulnerabilities in a structured, auditable way. Rather than sharing internal code tied to Cisco’s own infrastructure, the company is releasing the design (eight core agent roles, a finding lifecycle, and 130 functional requirements) so security teams can adapt it to their own environments.
FBI issues warning after ShinyHunters hacks Canvas
ShinyHunters has claimed responsibility for an attack on Instructure’s Canvas system, which disrupted service to educational institutions across the US, and the FBI is now warning that affected students and faculty could be targets for extortion and sophisticated spearphishing using stolen data. The group is known for large-scale data theft and aggressive pressure tactics to coerce victims into paying, including threatening calls, texts to family members, and swatting. The US government has asked Instructure to provide clarification after the company admitted it reached an agreement with the hackers.
Related: In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner
Related: In Other News: Scattered Spider Hacker Arrested, SOC Effectiveness Metrics, NSA Tool Vulnerability
