SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape.
This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment.
Here are this week’s highlights:
Russia used Cellebrite software to hack activist’s phone
An investigation by Citizen Lab confirmed that Russian authorities successfully used Cellebrite software to breach an iPhone belonging to opposition activist Andrey Pivovarov. Even though the surveillance vendor canceled its Russian contracts in 2021 prior to Pivovarov’s arrest, local agency documents prove that investigators used legacy setups to extract data from communication apps like Telegram and WhatsApp. Security researchers suspect that the harvested information was later weaponized by the state-backed threat group ColdRiver to launch targeted phishing campaigns against the activist’s associates.
Scattered Spiders hackers plead guilty
Two British men connected to the Scattered Spider group changed their pleas to guilty regarding the 2024 compromise of Transport for London. The intrusion disrupted automated fare refund systems and administrative networks, inflicting millions in remediation costs and operational losses. All 28,000 agency employees were forced to undergo mandatory in-person password resets to re-secure the environment.
Apple and Tesla secrets allegedly exposed in Tata Electronics hack
A major security incident at India-based Tata Electronics has culminated in the dark web leak of more than 630 GB of proprietary documentation. The extortion group World Leaks published the massive trove, which reportedly includes manufacturing specifications, component schematics, and confidential drawings belonging to major clients Apple and Tesla.
Android developer verification
A comprehensive Android developer identity verification framework is set to launch on September 30, 2026, across seven major app distribution platforms in select international markets before expanding globally next year. The security overhaul features new automated registration APIs alongside an advanced sideloading flow equipped with mandatory checkpoints to counter coercion scams. A new limited tier will allow hobbyists to distribute applications to a restricted number of devices.
Five Eyes issue urgent AI threat warning
The Five Eyes intelligence coalition has released a joint advisory warning that advanced artificial intelligence capabilities have compressed the threat timeline from years to months. By automating vulnerability research and exploit development, these frontier AI models democratize high-end offensive tools for lower-skilled cybercriminals and render traditional perimeter defenses obsolete. Executives and security leaders must transition to zero-trust architectures, accelerate patching protocols, and immediately decommission legacy infrastructure to withstand machine-speed intrusions.
White House intervenes to restrict rollout of OpenAI model
Federal officials have requested that OpenAI delay and tightly control the public deployment of its upcoming GPT-5.6 model due to national security concerns. Under this temporary arrangement, access during the initial preview phase will be vetted and approved on a client-by-client basis by government agencies. This intervention reflects intensifying state scrutiny over frontier models, following recent regulatory pressures that restricted Anthropic’s advanced AI.
macOS.Gaslight malware linked to North Korea
A sophisticated Rust-based backdoor targeting macOS has been found to incorporate adversarial prompt injection techniques designed to disrupt automated triage workflows. Attributed to North Korean threat actors, macOS.Gaslight embeds dozens of deceptive system error messages intended to trick LLM-assisted analysis tools into terminating their investigations. Beyond this novel defensive evasion mechanism, the malware features an interactive shell and data-harvesting capabilities.
CISA prepares for massive recruitment push under new leadership candidate
The Department of Homeland Security announced that a potential nominee has been selected to lead CISA, which has lacked a permanent director since January 2025. Once confirmed, the new leadership is slated to spearhead a recruitment drive for approximately 600 skilled professionals to rebuild a workforce recently depleted by federal downsizing.
Chinese company’s Mythos-like AI
The chief executive of blacklisted Chinese cybersecurity firm Qihoo 360 announced the creation of an advanced AI system named Tulongfeng. The company claims it can match the capabilities of prominent Western frontier systems such as Mythos and can be leveraged to breach corporate and government networks. The executive admitted that its AI itself might not be as powerful as Mythos, but Tulongfeng’s vulnerability-discovery capabilities are similar when paired with other Qihoo technologies.
Snyk layoffs
Snyk has laid off some of its employees as part of an organizational restructuring. The move includes aligning R&D around four areas and unifying them under one leader, “flattening leadership so decisions move faster”, and “unifying go-to-market”. The company has not disclosed the number of affected individuals, but Israeli media put the number at 90. Others reported that at least 200 employees have been terminated. According to its website, Snyk has more than 1,000 employees, but third-party sites report roughly 1,500 employees.
Related: In Other News: Google Security Layoffs, AudiA6 Takedown, $400 Million Coupang Fine
