SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape.
This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment.
Here are this week’s highlights:
IBM and AT&T accused of hack cover-ups
A former IBM cybersecurity executive has filed a lawsuit accusing IBM and AT&T of covering up repeated foreign government-linked hacks on their systems. According to the whistleblower, the companies failed to properly disclose multiple breaches to the US government over several years. He alleges they instead provided false assurances about their security posture to secure and maintain valuable federal contracts, in violation of legal requirements.
University of Oxford impacted by CareerConnect data breach
The University of Oxford disclosed a data breach related to the CareerConnect careers service. Hackers accessed the platform and compromised names, email addresses, and encrypted passwords. The incident impacts alumni, research staff, and employer user accounts, but not students, who rely on Single Sign-On (SSO) to log in.
Google Threat Intelligence Group and Mandiant layoffs
Google Cloud has reportedly initiated a round of layoffs impacting its cybersecurity division, specifically targeting members of the Mandiant team and the Google Threat Intelligence Group (GTIG). Google has not confirmed the exact number of affected employees, and it has not responded to SecurityWeek’s request for comment.
Microsoft issues incident response playbook for AI
Microsoft has released a new practitioner’s playbook detailing how to investigate security incidents involving Microsoft 365 Copilot and Azure AI Services. The document provides security teams with structured methodologies to track and analyze potentially malicious activity within these environments. The resource is designed to help defenders adapt their traditional response workflows to the unique telemetry of modern AI platforms.
CISA mandates patching for actively exploited LiteLLM flaw
CISA has added CVE-2026-42271, a critical command injection vulnerability in the AI gateway BerriAI LiteLLM, to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation in the wild. There does not appear to be any information on the attacks exploiting the vulnerability.
Regulators issue $400 million penalty over Coupang data leak
The South Korean Personal Information Protection Commission (PIPC) has imposed a record $400 million fine on Coupang due to widespread security failures and data handling violations that exposed the personal information of more than 30 million customers. Investigations revealed critical deficiencies in access controls and authentication key management. Coupang plans to appeal the fine.
Nokia debuts automated edge defense for proxy botnets
Nokia has introduced Deepfield Genome Shield, an automated security platform designed to proactively defend against massive DDoS attacks driven by residential proxy botnets. The system mitigates threats from an estimated 200 million compromised devices by disrupting botnet command-and-control communications directly at the network edge.
ICS device exposure remains flat as attack surface widens
Bitsight’s 2026 Global State of ICS/OT Exposure report indicates that internet-facing industrial control systems (ICS) have plateaued at roughly 170,000 monthly exposures. Despite this flat count, the overall risk profile is expanding because modern ICS increasingly support non-traditional protocols such as SSH, HTTP, and MQTT alongside legacy protocols, widening the attack surface and making defenders’ jobs more challenging.
ENISA shifts focus to collective EU resilience
The European Union Agency for Cybersecurity (ENISA) is centering its Cyber Europe 2026 exercise on enhancing collective response capabilities across the region. The focus highlights an ongoing effort to evaluate and strengthen the cooperative resilience of EU member states against large-scale cyber incidents. This strategic direction aims to ensure that European infrastructure can withstand and rapidly recover from coordinated, transnational digital threats.
Global operation takes down crypto laundering service
An international law enforcement coalition supported by Europol and Eurojust has dismantled AudiA6, a prominent cryptocurrency laundering network that laundered over $388 million for ransomware actors between 2022 and 2025. The operation disrupted an industrial-scale scheme that funneled illicit digital assets through thousands of fake exchange accounts opened with stolen identities. Additionally, authorities seized the platform’s web infrastructure and successfully shuttered Dark2Web, an underground cybercrime forum managed by the same operators to connect threat actors globally.
Related: In Other News: Industrial Router Exploitation, CISA KEV Nomination Form, Gas Station Hacking
Related: In Other News: Anthropic Maps AI Threats, Unpatched Comodo Flaw, Palantir Chief Eyed for CISA
