This SecurityWeek roundup highlights legislative, defensive, and investigative developments alongside multiple active threats and disclosures affecting cloud services, developer tools, and education systems. Notable stories include the W3LL phishing takedown, a spreading GlassWorm IDE dropper, active ShowDoc RCE exploitation, AWS RES fixes, and large data leaks tied to ShinyHunters. #GlassWorm #ShinyHunters
Keypoints
- Senators advanced the Satellite Cybersecurity Act to centralize best practices and commission a GAO study as many commercial satellite signals lack encryption.
- FBI Atlanta and Indonesian police dismantled the W3LL phishing kit infrastructure tied to over $20 million in attempted fraud and more than 25,000 compromised accounts.
- AWS patched RES vulnerabilities (CVE-2026-5707, CVE-2026-5708, CVE-2026-5709) that enabled command injection and privilege escalation.
- A new GlassWorm variant uses a Zig-compiled native dropper in a malicious OpenVSX extension to bypass sandboxing and spread across VS Code-based IDEs.
- ShinyHunters leaked 13.5 million McGraw Hill records and threatened Rockstar Games via a third-party breach, while ShowDoc’s critical RCE (CVE-2025-0520) is actively exploited.