This cybersecurity news roundup highlights recent vulnerabilities, data leaks, and cyberattacks affecting various organizations and systems worldwide. It covers topics from software flaws and espionage incidents to nation-state conflicts and legal actions. (Affected: multiple organizations and systems)
Keypoints :
- Radwareβs Cloud WAF vulnerabilities could have been exploited to bypass filtering, though they have been patched.
- An employee at xAI leaked an API key, exposing private language models used by Tesla, SpaceX, and X, which was accessible for two months.
- The FBI warns that outdated routers are being exploited to create malicious proxy services for concealment.
- Insecure messaging app TeleMessage used by a national security advisor was hacked, leading to a temporary service suspension during an investigation.
- PowerSchool data breach is being used for extortion of North American school boards after a ransomware attack and ransom payment.
- A serious vulnerability was found in Digigram PYKO-OUT AoIP devices, allowing remote access without passwords.
- GlobalX airline systems used for deportations were hacked, exposing flight and passenger data.
- Alexander Gurevich was arrested for the 2022 Nomad cryptocurrency bridge hack causing nearly $200 million in losses.
- A class action lawsuit against Delta Airlines over a cybersecurity incident involving CrowdStrike has been approved to proceed.
- Cyberattacks between India and Pakistan have increased, mainly involving DDoS and website defacements amid escalating conflict.