SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Threat actors increasingly integrate AI across attack stages
Google Threat Intelligence Group (GTIG) observed in Q4 2025 that adversaries are advancing their use of AI for malicious purposes, with notable activity in model extraction attacks, ongoing experimentation, and broader incorporation into operations. Distillation attempts rose as actors probed models like Gemini via APIs to extract capabilities. Google disrupted many such efforts.
CISA highlights persistent challenges in authenticating OT communications
CISA published a resource examining key obstacles that prevent secure authentication in operational technology (OT) environments. The document points out that legacy systems, proprietary protocols, and limited support for modern cryptographic methods make it difficult for personnel to implement strong authentication, often resulting in weak or absent identity verification during OT communications.
EPA finds vulnerabilities at 277 water systems
The US Environmental Protection Agency (EPA) announced new actions to strengthen defenses against cyberattacks targeting public drinking water systems. Vulnerabilities have been identified at 277 community water systems across the country that could be exploited by threat actors.
DoD employee indicted for acting as money mule in multimillion-dollar scam scheme
A Department of Defense employee, Samuel D. Marcus, has been indicted in federal court for allegedly serving as a money mule and laundering millions of dollars on behalf of Nigerian fraudsters. The charges stem from his role in receiving and transferring illicit funds obtained through romance scams, BEC, and other online frauds, using his personal bank accounts to move the money while concealing its criminal origins.
California imposes $2.75 million fine on Disney for CCPA violations
California regulators have fined Disney $2.75 million for multiple violations of the California Consumer Privacy Act (CCPA). The settlement stems from Disney’s failure to properly process consumer opt-out requests for the sale of personal information and to provide accurate privacy notices. Disney agreed to the penalty without admitting wrongdoing and committed to improving its compliance processes for handling consumer privacy rights under state law.
Trend Micro introduces threat attribution framework
Trend Micro has outlined a new threat attribution framework that applies consistent naming conventions and structured analysis to reduce speculation in cybersecurity reporting. The naming convention includes Earth for espionage, Water for financially motivated operations, Fire for destructive or disruptive actors, Wind for hacktivists, Aether for unknown motivation, and Void for mixed motivation. The framework was developed by TrendAI, the new name of Trend Micro’s enterprise business unit.
Trump administration delays key China tech restrictions
The Trump administration has paused a proposed ban on domestic sales of TP-Link routers, along with restrictions on China Telecom’s US operations, and data center equipment sales, Reuters reported [paywalled]. The delay is intended to avoid escalating tensions with Beijing before an April summit with Chinese President Xi Jinping. These security-related measures, aimed at limiting potential risks from Chinese vendors in critical network infrastructure, could be reinstated depending on diplomatic outcomes.
CISA highlights key 2025 achievements in critical infrastructure protection
CISA released its 2025 Year in Review, detailing efforts to enhance security and resilience across critical infrastructure sectors throughout the year. The report emphasizes progress in areas such as vulnerability management, incident response coordination, threat information sharing, and partnerships to address evolving cyber and physical risks.
Supply chain flaw exposes access to 200 airports worldwide
CloudSek researchers discovered a critical vulnerability in a widely used aviation software platform that granted unauthorized access to sensitive systems at approximately 200 airports across multiple countries. The issue stemmed from a supply chain compromise involving exposed credentials and misconfigured access controls in a third-party vendor’s application.
Related: In Other News: Record DDoS, Epstein’s Hacker, ESET Product Vulnerabilities
Related: In Other News: Paid for Being Jailed, Google’s $68M Settlement, CISA Chief’s ChatGPT Leak
