SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Radware cloud WAF vulnerabilities
CERT/CC reports that Radware’s Cloud Web Application Firewall (WAF) could have been bypassed using specially crafted HTTP requests. An attacker could have exploited the flaws to bypass filtering and send malicious inputs to the underlying web application. CERT/CC said the vulnerabilities have been patched, but Radware has not acknowledged the findings when they were initially disclosed by a researcher. Radware has also not responded to SecurityWeek’s request for comment.
xAI key leak exposed LLMs used by Tesla and SpaceX
An employee at xAI, Elon Musk’s AI company, inadvertently leaked an API key on GitHub. The key, which was accessible for roughly two months, could have been leveraged to query private xAI LLMs created specifically for other companies belonging to Musk, including Tesla, SpaceX, and X, Brian Krebs reported.
FBI warns of malicious proxy services exploiting EOL routers
The FBI issued an alert this week to warn individuals and organizations that threat actors are abusing routers that have reached end of life (EOL) for malicious proxy services. The agency said routers made before 2010 likely no longer receive security patches and can be compromised by threat actors. The devices are then used to create proxy services that enable attackers to hide their identity and location.
Insecure messaging application used by national security advisor
Mike Waltz, who was removed recently by President Trump from his post as national security advisor following his role in the Signalgate incident, was caught using an insecure chat application that is based on Signal. The app is named TeleMessage and it was recently hacked, with the attacker reportedly gaining access to unprotected chat logs. The developer launched an investigation into what it described as a “potential security incident” and temporarily suspended TeleMessage services.
PowerSchool hackers extorting school boards
Data stolen in a December 2024 attack on PowerSchool is now used to extort school boards across Canada and the US. Involving the platform’s SIS environment, the incident impacted millions, but PowerSchool paid a ransom to ensure stolen personal information was not shared publicly. According to the Toronto District School Board (TDSB), however, a threat actor still has the data and is now attempting to extort TDSB and other North American school boards into paying another ransom.
Serious vulnerability found in audio-over-IP product
A serious vulnerability has been found in the Digigram PYKO-OUT audio-over-IP (AoIP) product, specifically that in its default configuration it can be accessed remotely without requiring any login information or a password. CERT/CC published an advisory and the researcher who found the flaw, Souvik Kandar, described his findings in a blog post. Kandar told Securityweek that he found more than two dozen internet-exposed devices that are vulnerable to attacks.
Airline used by the Trump administration for deportations hacked
GlobalX, one of the airlines used by the Trump administration to deport people, has been targeted by hackers. 404 Media reported that the airline was hacked by Anonymous-affiliated hacktivists who managed to obtain flight records and passenger lists from the company’s systems.
Nomad cryptocurrency bridge hacker arrested
Alexander Gurevich, a Russian-Israeli citizen accused of being behind the 2022 hack targeting the Nomad cryptocurrency bridge, which resulted in losses totaling nearly $200 million, has been arrested in Israel. He could be extradited to the US, where he faces money laundering charges.
Class action lawsuit against Delta over CrowdStrike incident
A US federal judge has ruled that a class action lawsuit against Delta Air Lines by passengers impacted by the CrowdStrike-caused outage last year can proceed. The plaintiffs are unhappy with the compensation offered by Delta, which last year filed a lawsuit against CrowdStrike over the impact of the incident. CrowdStrike blamed Delta for the slow recovery of impacted systems.
India-Pakistan cyberattacks
There has been a surge in cyberattacks between India and Pakistan following the recent escalation in the conflict between the two countries. CyberKnow has been tracking 45 hacktivist groups — 10 from India and 35 from Pakistan — that have mainly launched DDoS attacks and conducted website defacements.
Related: In Other News: NullPoint Source Code Leak, $17,500 for iPhone Flaw, BreachForums Down
Related: In Other News: Prison for Disney Hacker, MITRE ATT&CK v17, Massive DDoS Botnet