SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
$150 million cryptocurrency heist linked to LastPass hack
Federal investigators have linked a January 2024 cryptocurrency heist that resulted in the theft of $150 million worth of assets from Chris Larsen, the co-founder of cryptocurrency platform Ripple, to the 2022 LastPass hack, Brian Krebs reported. Krebs previously reported that other six-figure cryptocurrency heists were also related to the LastPass breach. The LastPass hack resulted in password vault data getting stolen, but the password manager says it has not seen definitive proof that these heists are related to the 2022 breach.
ESP32 chip ‘backdoor’ claims disputed
Espressif, the manufacturer of ESP32, a microcontroller that enables WiFi and Bluetooth connectivity and is present in millions of IoT devices, has disputed claims of a backdoor in its products and shared some clarifications after researchers warned of security risks. Researchers at Tarlogic said they had found a ‘backdoor’ in ESP32 that could “allow hostile actors to conduct impersonation attacks and permanently infect sensitive devices such as mobile phones, computers, smart locks or medical equipment by bypassing code audit controls”. The researchers later renamed the findings from ‘backdoor’ to ‘hidden feature’. Espressif pointed out that the commands in question are not accessible remotely and they don’t pose a security risk on their own, but still promised to push updates to remove them.
Switzerland makes disclosure of critical infrastructure attacks mandatory
The Swiss National Cyber Security Centre (NCSC) revealed that starting with April 1, 2025, critical infrastructure organizations will be required to report cyberattacks to the NCSC within 24 hours of discovery.
Indian APT targets maritime and nuclear sectors
SideWinder, an India-linked APT that is also known as Rattlesnake and Razor Tiger, has been increasingly interested in maritime infrastructure and logistics companies, as well as nuclear power plants and other nuclear-related entities in South Asia, according to Kaspersky. The security firm reported seeing an updated SideWinder toolset and new infrastructure used to deliver malware and control hacked systems.
Credential security report
Credential security company Dashlane has released its State of Credential Security Report, which is based on a survey of 500 IT decision makers and 1,000 workers in the US. The survey found that 80% of leaders observed increased phishing volume and sophistication, and nearly as many feel that AI poses an increased threat to password security. Nearly 40% of employees have had to deal with phishing at work.
70% of secrets leaked in 2022 remain active
According to GitGuardian’s 2025 State of Secrets Sprawl report, nearly 24 million secrets (API keys, passwords, and authentication tokens) were leaked in public GitHub repositories last year, a 25% YoY increase. The company’s analysis found that 70% of secrets leaked in 2022 remain active today.
Alleged Garantex co-founder arrested
Aleksej Besciokov, a Lithuanian man believed to be the co-founder of Garantex, a major cryptocurrency exchange accused of facilitating money laundering and sanctions violations, has been arrested in India while vacationing with his family, Brian Krebs reported. The news came just days after the US DoJ announced the seizure of the online infrastructure used to run Garantex, as well as an indictment against Besciokov and another alleged co-founder, Russian national Aleksandr Mira Serda.
Apache Camel, Moxa, Palo Alto Networks vulnerabilities
Several vulnerabilities came to light this week. CVE-2025-27636 is an Apache Camel vulnerability that can lead to remote code execution. CVE-2024-12297 is a critical authentication bypass flaw affecting Moxa PT switches. In addition, Palo Alto Networks informed customers about several medium- and low-severity flaws that can lead to DoS, local privilege escalation, command execution, and file read.
MassJacker cryptojacking malware
CyberArk has analyzed MassJacker, a cryptojacking malware that allows cybercriminals to steal cryptocurrencies from the users of infected devices. The investigation led to the discovery of over 750,000 wallet addresses and over $300,000 in various cryptocurrencies belonging to threat actors.
Related: In Other News: EntrySign AMD Flaw, Massive Attack Targets ISPs, ENISA Report
Related: In Other News: Krispy Kreme Breach Cost, Pwn2Own Berlin, Disney Hack Story
