This Week in Cybersecurity
From Nation-State Infrastructure Attacks to AI Security Flaws: Critical Threats Reshaping the Cyber Landscape
Good Morning, Security Gang!
Here's your weekly recap of the biggest cybersecurity stories, helping you catch up on the most pressing incidents, trends, and action items in the industry.
📡 Luxembourg Telecom Infrastructure Brought Down in Huawei-Linked Cyberattack
Luxembourg experienced a telecom blackout affecting 4G/5G networks, internet, and mobile banking after a cyberattack exploiting Huawei routers within its telecom backbone. The government confirmed this was a targeted attack, and officials are now urging entities using Huawei routers to notify the country’s CSIRT. This incident sheds light on the security risks tied to foreign-made infrastructure.
✈ Aeroflot Denies Breach… But Flight Records Leak
Despite Aeroflot denying a cyber breach, leaked flight records connected to the airline’s CEO were found, exposing flight details from 2024-2025. Belarusian hacktivists, Cyber Partisans, claim responsibility, and they’ve had access for over a year.
🕵️♂️ Kremlin Espionage at the ISP Level
Russia’s Turla group used adversary-in-the-middle (AitM) attacks against foreign embassies in Moscow, intercepting internet traffic via local ISPs with their Apollo Shadow malware. This emphasizes the importance of hardened encryption protocols, particularly in hostile territories.
🇺🇦 Ukrainian Cyber Operation Exposes War Crimes
Ukrainian military intelligence hacked Russian servers in Crimea, uncovering documentation of nearly 20,000 Ukrainian children forcibly deported to Russian families. The operation was supported by Typer Corpus and represents cyber operations used for humanitarian justice.
💥 SharePoint Ransomware Wave Grows with ToolShell Exploits
A new ransomware variant, FourMD44R, exploits the ToolShell SharePoint vulnerability, with ties to Chinese state actors. This shows how cybercriminals are leveraging state-sponsored exploits for their own gain.
📞 Chinese APTs Target Southeast Asian Telecoms
Chinese state-aligned group, Liminal Panda, breached telecom operators in Southeast Asia, using advanced backdoors to siphon sensitive data. This marks an evolving trend of targeted cyber espionage on critical telecom infrastructure.
💻 Cursor IDE Vulnerability Affects Developers
A newly disclosed CVE in the AI-powered Cursor IDE allows unauthorized code execution, exposing codebases to risks. Developers relying on AI coding assistants must upgrade to version 1.3 to patch this vulnerability.
🧬 Illumina Fined $9.8M Over Software Vulnerabilities
Biotech firm Illumina was fined for selling vulnerable software to federal agencies, violating the False Claims Act. This signals a growing trend of holding vendors accountable for cybersecurity shortcomings in government contracts.
🧪 U.S. Senate Introduces Quantum Cybersecurity Migration Strategy
A bipartisan bill has been introduced to prepare federal systems for post-quantum encryption threats. This effort aims to ensure the nation’s cybersecurity resilience as quantum computing advancements progress.
🚨 Critical Vulnerabilities & Exploits
Active Zero-Days Under Attack
SonicWall Gen 7 Firewalls: Akira ransomware actively exploiting zero-day with 20+ confirmed attacks
Trend Micro Apex One: Remote code execution vulnerability being exploited in the wild
Adobe Experience Manager: Emergency patch for perfect 10.0 CVSS vulnerability with public exploit code
High-Impact Vulnerabilities
Microsoft Exchange Hybrid (CVE-2025-53786): Undetectable privilege escalation through token manipulation
Nvidia Triton Inference Server: Three vulnerabilities enabling full system compromise
CyberArk Conjur: Five critical flaws including unauthenticated RCE
Dell BIOS: Vulnerabilities affecting 100+ Latitude and Precision models
🤖 AI & Emerging Technology Threats
AI Security Vulnerabilities
Prompt Injection Attacks: Zenity revealed hijacking methods affecting Gemini, GPT, Copilot, and Salesforce Einstein
Cursor IDE: Trust model vulnerability allows hidden malicious code execution (MCP Poison)
Google BigSleep: AI discovers 20+ real-world vulnerabilities in open-source projects
Supply Chain & Infrastructure
China Questions Nvidia: Cybersecurity agency demands documentation over alleged backdoors in H20 AI chips
Linux Malware "Plague": PAM-based malware evading detection for 12+ months
Honeywell ICS Systems: Critical RCE flaws in Experion Process Knowledge System
💰 Industry & Financial Impacts
Record-Breaking Crypto Theft
The largest Bitcoin theft in history was uncovered: 127,000 BTC (now worth $14.5B) stolen from Chinese mining pool Lubian in December 2023. The funds remain completely dormant.
M&A Reshaping Cybersecurity
Major industry consolidation continues:
Palo Alto acquires CyberArk for $25 billion (despite negative earnings)
Vanta absorbs Riskey
Commvault acquires Satori Cyber
Axonius buys Cynerio
📈 Threat Intelligence & Trends
Evolving Attack Methods
Voice Phishing Surge: CrowdStrike predicts vishing attacks will double, with adversaries using AI to bypass MFA
BYOVD Tactics: Akira ransomware abusing legitimate Intel drivers to disable security tools
SharePoint Exploitation: FourMD44R ransomware leveraging ToolShell exploit chain
🧠 James Azar’s CISO Take
"We know Russians lie, we know Russian state media lies – that's what they do. They deny bad things to save face because that's a common trait of communism."
What strikes me most about this week's stories is how cybersecurity is being weaponized for both harm and justice. Luxembourg's complete reliance on Chinese Huawei equipment demonstrates how supply chain dependencies become national security vulnerabilities. When attackers can bring down an entire nation's communications by exploiting Chinese-manufactured equipment, it shows the urgent need for supply chain diversification.
"Twenty thousand Ukrainian children. As a father, it just boils my blood."
The Ukrainian cyber operation exposing Russian war crimes reminds us that cyber isn't just risk mitigation—it can be justice, protection, even salvation. But we're also seeing sophisticated multi-layered approaches from state actors targeting critical infrastructure and diplomatic communications, while consolidation in our industry raises questions about value versus hype, particularly with deals like the CyberArk acquisition.
✅ Action Items
🔐 Patch all SharePoint servers and rotate machine keys.
🧠 Reevaluate reliance on Huawei and Chinese-made telecom infrastructure.
🚨 Upgrade to Cursor IDE 1.3+ to fix code execution vulnerabilities.
💻 Secure AI development environments and IDE tools.
🔑 Assess supply chain risk and diversify infrastructure.
🧾 Review software vendor contracts for compliance under the False Claims Act.
🛡️ Weekly Security Posture Recommendations
Supply Chain Resilience: Diversify critical infrastructure dependencies away from single-nation suppliers
AI Governance: Implement controls for AI assistant usage with proper sandboxing and input validation
Voice Security: Update security awareness training to address vishing and social engineering evolution
Identity Hardening: Enforce phishing-resistant MFA across all cloud platforms and CRM systems
Incident Preparedness: Review emergency communication systems to ensure they don't rely on compromised infrastructure
Stay Cyber Safe, Security Gang! We'll be back Monday at 9 AM Eastern Live!