SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Claude Skills used to execute ransomware
Cato Networks has used Skills, a new feature for Anthropic’s Claude AI assistant, to execute ransomware in a controlled environment. Antrophic says the code execution functionality works as intended for Skills. Cato argues that legitimate Skills could be weaponized via minor changes, and that they can propagate through public repositories and social engineering. However, the security firm admits that Claude displays clear approval prompts to the user.
Array vulnerability exploited in the wild
Japan’s JPCERT/CC has warned that a vulnerability affecting Array Networks’ AG secure access gateways has been exploited in attacks. The flaw, a command injection issue that does not have a CVE identifier, was patched in May 2025 with the release of ArrayOS AG 9.4.5.9. JPCERT has found evidence that the vulnerability has been exploited against users in Japan since August 2025. The impacted product is prevalent in Asia.
North Korea suspected of $30 million Upbit cryptocurrency heist
Upbit, a major South Korea-based cryptocurrency exchange, recently had roughly $30 million of cryptocurrency stolen. The heist is believed to be the work of the North Korean hacking group Lazarus. Back in 2019, hackers stole $49 million worth of Ethereum from Upbit.
Akamai patches HTTP request smuggling vulnerability
Akamai announced this week that it recently patched a vulnerability tracked as CVE-2025-66373 that could have exposed customers to HTTP request smuggling attacks. These types of attacks can typically be leveraged to steal credentials or other sensitive data, and to redirect users to arbitrary websites. HTTP request smuggling makes headlines every few years due to its potentially significant impact.
CISA staff told not to speak with reporters
A leaked internal email revealed that leadership at the cybersecurity agency CISA has asked staff not to talk to news reporters in an unauthorized capacity, according to Nextgov/FCW. “In today’s culture of information saturation, it is imperative that we ensure all official information communicated on behalf of CISA is current, accurate, unbiased, and authoritative. This includes any official information communicated to the media,” the email reads. It’s unclear whether the memo was triggered by a particular incident.
North Korean fake IT worker recruiters caught on camera
Researchers conducted a thorough investigation into North Korea’s fake IT worker scheme, detailing how legitimate developers are lured into renting their credentials and identities to secure remote jobs in companies that prohibit hiring from the country. The investigation, which included video calls with several North Korean recruiters, revealed that the recruiters asked for 24/7 access to the developer’s computer to facilitate the masquerade.
X fined €120 million over disinformation
The European Commission has fined the social media company X with €120 million ($139 million) over its alleged failures to handle disinformation. The fine was issued under the Digital Services Act (DSA), which requires companies to protect users against disinformation and influence operations or face fines of up to 6% of their turnover.
New MuddyViper backdoor used by Iranian cyberspies
The Iranian cyberespionage group named MuddyWater has developed a new backdoor dubbed MuddyViper by ESET. The security firm has observed attacks aimed at Israel, with at least one victim in Egypt. Unlike previous MuddyWater attacks, which were noisy and easy to detect, the new activity was more focused and sophisticated.
PickleScan vulnerabilities
JFrog has disclosed the details of three recently patched PickleScan vulnerabilities. PickleScan is a tool for scanning machine learning (ML) models to detect malicious content. The vulnerabilities found by JFrog could have been exploited to “evade PickleScan’s malware detection and potentially execute a large-scale supply chain attack by distributing malicious ML models that conceal undetectable malicious code”.
Related: In Other News: HashJack AI Browser Attack, Charming Kitten Leak, Hacker Unmasked
Related: In Other News: ATM Jackpotting, WhatsApp-NSO Lawsuit Continues, CISA Hiring
