SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape.
This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment.
Here are this week’s highlights:
Senate moves to fortify commercial satellite defenses
Bipartisan legislation from Senators Gary Peters and John Cornyn recently cleared a key committee hurdle to help satellite operators combat hackers and foreign adversaries. The Satellite Cybersecurity Act of 2025 directs the Department of Commerce to establish a central resource for security best practices and requires a GAO study of efforts to secure satellites against cyber threats. This push for stronger protections comes as research indicates that about half of all commercial satellite signals remain unencrypted despite carrying sensitive data.
Authorities dismantle W3LL phishing kit infrastructure
The FBI Atlanta Field Office and Indonesian National Police shuttered a sophisticated cybercrime operation that facilitated over $20 million in attempted fraud through a customized phishing-as-a-service platform. The primary developer, known as G.L., allegedly sold access to the W3LL phishing kit and managed a marketplace that facilitated the compromise of more than 25,000 accounts.
Meta equips top researchers with professional testing suites
Meta has partnered with PortSwigger to provide Burp Suite Pro licenses to security researchers who reach the HackerPlus Silver league on its bug bounty platform. The goal is to help researchers enhance their skills and hunt for vulnerabilities more efficiently and creatively.
AWS RES vulnerabilities enable command execution and privilege escalation
Multiple vulnerabilities in AWS Research and Engineering Studio (RES) allow authenticated users to execute arbitrary commands and escalate privileges. CVE-2026-5707 and CVE-2026-5709 stem from unsanitized input, enabling command injection on virtual desktop hosts and cluster-manager EC2 instances, while CVE-2026-5708 allows attackers to assume instance profile permissions via crafted API requests. AWS fixed the issues in version 2026.03.
GlassWorm dropper spreads across developer IDEs
A new GlassWorm variant uses a Zig-compiled native dropper embedded in a malicious OpenVSX extension posing as WakaTime, allowing it to bypass typical extension sandboxing and execute with full system access. After execution, it scans for VS Code-based IDEs (Visual Studio Code, Cursor, Windsurf, VSCodium, and Positron) and installs a second-stage payload across all detected environments.
ShinyHunters targets Rockstar Games
The threat actor group ShinyHunters is threatening to leak data allegedly exfiltrated from Rockstar Games by exploiting authentication tokens within the Anodot cloud cost-monitoring tool. According to the group, the breach provided unauthorized access to Rockstar’s Snowflake data warehouse instances. Rockstar Games has confirmed a “limited” exposure of non-material information via a third-party breach but maintains that core operations and player data remain unaffected.
Critical RCE in ShowDoc sees active exploitation
Threat actors are actively weaponizing a critical remote code execution vulnerability in ShowDoc, an IT documentation and collaboration platform that is popular in China, to deploy web shells. Tracked as CVE-2025-0520, the flaw stems from an unrestricted file upload mechanism that fails to properly validate extensions for unauthenticated users. A patch was released in version 2.8.7. Recent intelligence indicates that thousands of instances remain exposed to the internet.
Police arrest teenager following disruptive education network intrusion
The Police Service of Northern Ireland detained a 16-year-old in connection with a targeted cyberattack on the C2k educational system, which provides core IT services to nearly all schools in the region. The Education Authority confirmed that the breach compromised personal data at a small number of institutions.
EPA to boost cybersecurity budget to $19 million
The EPA’s FY 2027 budget proposal significantly increases funding for information security and water-specific cyber defenses to counter growing threats from malicious actors. A key initiative includes a request for new authority to fund cybersecurity grants within the existing Drinking Water Infrastructure Resilience Grant Program, specifically aimed at helping water systems harden their infrastructure. Total funding for the agency’s information security program is slated to double to $19.1 million.
ShinyHunters leak millions of McGraw Hill user records
The ShinyHunters extortion group leaked data tied to 13.5 million McGraw Hill accounts after exploiting a misconfigured Salesforce environment. The dataset, totaling over 100GB, includes email addresses, names, phone numbers, and physical addresses. McGraw Hill, which provides educational solutions, said its core systems and sensitive data were not compromised.
Chrome vulnerability earns researcher $90,000
Google patched 31 vulnerabilities in Chrome 147, including a critical heap buffer overflow in the ANGLE graphics component tracked as CVE-2026-6296, which earned researcher ‘Cinzinga’ a $90,000 reward. The update fixes multiple high-risk memory safety issues such as use-after-free and type confusion bugs across components like V8, PDFium, and media subsystems.
Related: In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack
Related: In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
