SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
DDoS botnet powered by 1.33 million devices
In the first quarter of 2025, Qrator spotted a DDoS botnet powered by 1.33 million devices. More than half of the devices were located in Brazil, making it easy to block attacks based on IP, but the company warned that the attackers can quickly switch to IPs from other regions. The botnet mainly targeted online casinos. The biggest botnet seen by Qrator last year was powered by only 227,000 compromised systems.
Microsoft paid out $1.6 million via Zero Day Quest 2025
Microsoft has awarded $1.6 million for vulnerability research as part of its Zero Day Quest 2025 live hacking competition, which focused on high-impact vulnerabilities in cloud and Copilot products. More than 600 vulnerability reports were submitted through the event.
Google Cloud patches ConfusedComposer vulnerability
Google Cloud recently patched ConfusedComposer, a vulnerability discovered by Tenable researchers in Google Cloud Composer. The vulnerability could have allowed an attacker with permission to edit a Cloud Composer environment to escalate privileges to the default Cloud Build service account.
MITRE releases ATT&CK v17
MITRE has announced ATT&CK v17. The latest version of the widely used knowledge base adds the ESXi platform. In the ‘defense’ category, new analytics, optimized collections, and elevated mitigations have been introduced. ‘Mobile’ now includes new software, techniques and mitigation implementations. In ‘CTI’, MITRE is tracking more groups, campaigns, and software that focus on state-sponsored and criminal operations targeting diverse environments with versatile tools aimed at both data theft and disruption.
Russian infrastructure used in North Korean operations
Trend Micro has discovered multiple Russian IP address ranges used for North Korean cybercrime activities. The security firm found that the Russian IP address ranges are assigned to two companies in Khasan (close to the North Korean border) and Khabarovsk (known for economic and cultural ties with North Korea). Trend believes that North Korea deployed IT workers who connect back to their home country through two IP addresses in the Russian IP ranges and two IP addresses in North Korea. These IT workers likely work from China, Russia and Pakistan, among others.
WhatsApp introduces Advanced Chat Privacy
WhatsApp developers have announced a new feature called Advanced Chat Privacy. This new setting prevents users in chats and groups from taking content outside of WhatsApp. When the setting is enabled, users can block others from exporting chats, auto-downloading media, and using messages for AI features.
Former Disney worker sentenced to prison for hacking
Michael Scheuer, a 40-year-old from Florida, has been sentenced to three years in prison for hacking servers at Walt Disney World. After he was fired from Disney, he broke into the company’s servers to cause disruptions and manipulate menus, including to change prices, add profanities, and wrongly declare some items as safe for people with allergies.
Critical Commvault vulnerability
WatchTowr has disclosed the details of a critical vulnerability found in Commvault’s Command Center. An unauthenticated attacker could exploit the security hole for remote code execution. Commvault said the flaw only impacted the 11.38 Innovation Release and it has been patched.
Microsoft details taxonomy of failure modes in AI agents
A new whitepaper from Microsoft outlines the taxonomy of failure modes in AI agents. Building on the work of Microsoft’s AI Red Team, the guidance is designed to help security and ML experts determine how AI systems can fail and design them with security and safety in mind.
Related: In Other News: Scattered Spider Still Active, EncryptHub Unmasked, Rydox Extraditions
Related: In Other News: 4chan Hacked, Android Auto-Reboot, Nemesis Admin Charged