SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape.
This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment.
Here are this week’s highlights:
FBI investigates potential unauthorized access to internal networks
The FBI is investigating what it describes as suspicious activity indicating a possible breach of its computer systems. CNN reported that the incident is related to a network used to manage wiretaps and foreign intelligence surveillance warrants.
LeakBase administrator identified
A new analysis from Kela has linked the administrator of the recently seized LeakBase cybercrime forum to the alias Chucky, who also used monikers such as Beakdaz across underground platforms since at least 2013. The investigation tied these accounts through WebMoney registrations in Russia, leaked databases, and cross-referenced social media profiles. Law enforcement seized the forum’s domain and infrastructure on March 4, following arrests and actions against 37 active users, though no specific details confirm Chucky’s arrest or current status.
Avira antivirus vulnerabilities
Three vulnerabilities in Avira Internet Security (fixed in 1.1.114.3113) allow a low-privileged local user to achieve System-level code execution or arbitrary file deletion. All require local access for exploitation. Quarkslab reported the issues to Avira, but the disclosure process encountered difficulties due to the wording of the vendor’s vulnerability disclosure policy.
Google Gemini API keys expose risks in mobile apps after policy shift
Google’s Gemini API keys, once treated as non-secret credentials suitable for client-side use in mobile apps, now carry significant security implications due to a recent change in usage rules. The updated policy restricts key exposure in client applications, as Gemini models can access broader Google services and user data compared to previous APIs. Security researchers have found that keys embedded in mobile apps remain easily extractable, potentially enabling unauthorized access to cloud resources and incurring associated costs if mishandled.
Gaming cheat exposes North Korean cyber operative
A video game cheat led to the accidental exposure of a North Korean state actor’s personal data, Hudson Rock reported. While attempting to download a cheat for Grand Theft Auto V, the individual’s system was compromised by an information-stealing malware that exfiltrated internal credentials and location data. Forensic analysis of the stolen information allowed researchers to link the user to specific infrastructure used in state-sponsored cyber campaigns.
Hacked Iranian traffic cameras enabled precise strike on Ali Khamenei
The Financial Times [paywalled] has detailed a long-term intelligence operation led by Israel that culminated in the February 28 airstrikes killing Iranian Supreme Leader Ali Khamenei. A significant cyber aspect involved years-long infiltration of Tehran’s traffic camera network. Nearly all cameras were compromised, with their feeds routed to servers in Israel for persistent surveillance. This provided real-time and historical visibility into Khamenei’s movements, security details, and daily routines, enabling precise targeting adjustments. Iran is also known to have used hacked security cameras to adjust its missile strikes.
TriZetto Provider Solutions data breach affects 3.4 million people
TriZetto Provider Solutions, a healthcare technology company, has confirmed a data breach that impacted several of its customers. The incident involved unauthorized access to certain systems, potentially exposing protected health information and other sensitive data belonging to clients and their patients. The company recently informed the HHS that roughly 3.4 million individuals are affected by the incident.
US solider killed in Kuwait was cybersecurity expert
One of the six US soldiers killed in a drone strike at a command center in Kuwait was Major Jeffrey O’Brien, 45, of Iowa. O’Brien served in the Army Reserve for nearly 15 years, but for the past two years also worked as a manager of defensive cyber operations at cybersecurity company ProCircular. O’Brien was a member of the cybersecurity community for more than a decade based on his LinkedIn profile.
Man who allegedly stole $46M in cryptocurrency from US Marshals arrested
The FBI announced the arrest of a suspect in the Caribbean in connection with the theft of approximately $46 million in digital assets from the US Marshals Service. The joint operation between the FBI and international tactical units followed an investigation into unauthorized access to government-managed wallets holding seized cryptocurrency.
Transport for London data breach affects 10 million
The 2024 cyberattack against Transport for London exposed personal information belonging to a significantly larger group than originally estimated. The BBC reported that roughly 10 million individuals had their contact details and potentially other sensitive records accessed during the incident. Two suspects have been arrested in the UK, but they pleaded not guilty.
Related: In Other News: Ransomware Shuts US Clinics, ICS Vulnerability Surge, European Parliament Bans AI
Related: In Other News: ATT&CK Advisory Council, Russian Cyberattacks Aid Missile Strikes, Predator Bypasses iOS Indicators
