This week’s SecurityWeek roundup highlights notable developments—threat actors are increasingly using AI across attack stages while CISA, EPA and researchers flag persistent vulnerabilities in OT, water systems, and aviation supply chains. It also covers legal and policy actions, including a DoD employee indictment, Disney’s $2.75M CCPA fine, Trend Micro’s new attribution framework, and delayed U.S. restrictions on Chinese tech. #GoogleThreatIntelligenceGroup #CISA
Keypoints
- Adversaries are integrating AI into attacks, with model extraction attempts targeting models like Gemini.
- CISA warns that legacy OT systems and proprietary protocols impede strong authentication in operational networks.
- The EPA identified vulnerabilities at 277 community water systems that could be exploited by attackers.
- CloudSek found a supply-chain flaw exposing access to sensitive systems at roughly 200 airports worldwide.
- Regulatory and legal actions include a $2.75 million fine for Disney under CCPA and an indictment of a DoD employee accused of money laundering.