Senate Pushes Forward Satellite Cybersecurity Legislation
Bipartisan legislation co-sponsored by Senators Gary Peters and John Cornyn has cleared a significant committee milestone, marking progress toward stronger protections for the commercial satellite industry. The Satellite Cybersecurity Act of 2025 would direct the Department of Commerce to establish a centralized resource for security best practices and mandate a Government Accountability Office (GAO) study examining how effectively satellites are being protected against cyber threats and foreign adversaries.
The urgency behind this legislative effort is underscored by research suggesting that approximately half of all commercial satellite signals remain unencrypted, even when transmitting sensitive information — a glaring gap that adversarial actors could exploit.
FBI and Indonesian Police Dismantle W3LL Phishing-as-a-Service Operation
A coordinated law enforcement effort between the FBI Atlanta Field Office and the Indonesian National Police has resulted in the takedown of infrastructure supporting the W3LL phishing kit — a sophisticated, customized phishing-as-a-service platform. The primary developer, identified only as G.L., allegedly sold subscriptions to the kit and operated a marketplace that enabled the compromise of more than 25,000 accounts and facilitated over $20 million in attempted fraud.
Meta Partners with PortSwigger for Bug Bounty Researchers
Meta has announced a partnership with PortSwigger to supply Burp Suite Pro licenses to security researchers who attain the HackerPlus Silver league tier on its bug bounty platform. The initiative is designed to equip skilled researchers with professional-grade tooling, enabling them to find vulnerabilities more creatively and efficiently.
AWS Research and Engineering Studio Hit by Multiple Vulnerabilities
Three vulnerabilities discovered in AWS Research and Engineering Studio (RES) expose authenticated users to serious risks including arbitrary command execution and privilege escalation:
- CVE-2026-5707 and CVE-2026-5709: Both stem from unsanitized user input, enabling command injection on virtual desktop hosts and cluster-manager EC2 instances respectively.
- CVE-2026-5708: Permits attackers to assume instance profile permissions through crafted API requests.
AWS addressed all three vulnerabilities in version 2026.03 of the platform.
GlassWorm Dropper Targets Developer IDEs via Malicious Extension
A newly identified GlassWorm variant is spreading through a malicious extension on the OpenVSX marketplace disguised as the popular WakaTime plugin. Built with a Zig-compiled native dropper, the malware sidesteps standard extension sandboxing and gains full system-level execution. Once deployed, it scans for VS Code-compatible IDEs — including Visual Studio Code, Cursor, Windsurf, VSCodium, and Positron — and installs a second-stage payload across every detected environment.
ShinyHunters Claims Breach of Rockstar Games via Anodot Tool
The notorious threat actor group ShinyHunters is threatening to release data it claims to have stolen from Rockstar Games. The group alleges it gained unauthorized access to Rockstar's Snowflake data warehouse instances by exploiting authentication tokens embedded within the Anodot cloud cost-monitoring tool. Rockstar Games has publicly acknowledged a "limited" exposure of non-material information linked to a third-party breach, while affirming that core game operations and player data remain unaffected.
CVE-2025-0520: Active Exploitation of Critical ShowDoc RCE Flaw
Threat actors are actively exploiting a critical remote code execution vulnerability in ShowDoc, an IT documentation and collaboration platform widely used in China. Tracked as CVE-2025-0520, the flaw arises from an unrestricted file upload mechanism that fails to validate file extensions for unauthenticated users, enabling web shell deployment. A patch was released in version 2.8.7, yet recent intelligence indicates that thousands of instances remain exposed to the internet.
16-Year-Old Arrested in Northern Ireland for Education Network Attack
The Police Service of Northern Ireland has detained a 16-year-old in connection with a targeted cyberattack against the C2k educational network, which provides foundational IT services to nearly all schools across the region. The Education Authority confirmed that the breach resulted in the compromise of personal data at a limited number of educational institutions.
EPA Proposes Doubling Information Security Budget to $19.1 Million
The Environmental Protection Agency (EPA) has proposed a significant cybersecurity spending increase in its FY 2027 budget. The agency is seeking to double its information security program funding to $19.1 million, with particular focus on water-sector cyber defenses. A notable component of the proposal is a request for new authority to channel cybersecurity grants through the existing Drinking Water Infrastructure Resilience Grant Program, aimed at helping water utilities harden their systems against growing threats from malicious actors.
ShinyHunters Leaks 13.5 Million McGraw Hill Records
In a separate incident, ShinyHunters has leaked data tied to 13.5 million McGraw Hill accounts after exploiting a misconfigured Salesforce environment. The exposed dataset, which exceeds 100GB in total size, reportedly includes email addresses, names, phone numbers, and physical addresses. Educational solutions provider McGraw Hill stated that its core systems and sensitive data were not compromised in the incident.
Chrome 147 Update Patches 31 Flaws, Including $90,000 Critical Bug
Google has shipped Chrome 147, patching 31 vulnerabilities in total. The most financially rewarded fix addresses CVE-2026-6296, a critical heap buffer overflow in Chrome's ANGLE graphics component, which earned researcher 'Cinzinga' a bounty of $90,000. The update also resolves numerous high-severity memory safety issues — including use-after-free and type confusion bugs — across components such as V8, PDFium, and various media subsystems.
Source: SecurityWeek