information.killnetswitch’s cybersecurity information roundup offers a concise compilation of noteworthy tales which may have slipped below the radar.
We offer a invaluable abstract of tales that will not warrant a complete article, however are nonetheless necessary for a complete understanding of the cybersecurity panorama.
Every week, we curate and current a group of noteworthy developments, starting from the newest vulnerability discoveries and rising assault strategies to vital coverage modifications and trade experiences.
Listed here are this week’s tales:
ShinyHunters stole information of Gucci, Balenciaga and Alexander McQueen prospects
The ShinyHunters group might have stolen the knowledge of tens of millions of shoppers of luxurious manufacturers Gucci, Balenciaga and Alexander McQueen, BBC reported. Father or mother firm Kering has confirmed struggling a data breach, however stated no monetary info was compromised. The hackers claimed to have stolen information related to 7.4 million distinctive e mail addresses.
Goshen Medical Middle data breach impacts 450,000
Goshen Medical Middle, a healthcare group in North Carolina, has disclosed a data breach impacting greater than 450,000 individuals. The corporate has confirmed that hackers stole private and well being info months after the BianLian ransomware group listed the group on its leak web site. It’s unclear what occurred to the stolen information because the BianLian group has not been energetic since March.
Retina Group of Florida data breach
One other vital healthcare data breach was reported by ophthalmology follow Retina Group of Florida. The group detected an intrusion in November 2024 and its investigation confirmed that the knowledge of over 150,000 individuals might have been compromised on account of the incident.
Important Chaos-Mesh vulnerabilities
JFrog found 4 vulnerabilities within the Chaos engineering platform Chaos-Mesh, together with three critical-severity flaws that may very well be exploited for code execution on any pod within the cluster. Named Chaotic Deputy, the security defects are tracked as CVE-2025-59358, CVE-2025-59360, CVE-2025-59361 and CVE-2025-59359 and have been addressed in Chaos-Mesh model 2.7.3.
ShinyHunters claims theft of 1.5 billion data in Salesforce hack
The cybercrime group ShinyHunters claims to have stolen 1.5 billion data from 760 firms within the latest Salesforce–Salesloft assault, Bleeping Laptop reported. Many cybersecurity corporations have confirmed being impacted, however the claims of these kinds of hacking teams have typically been exaggerated.
DeepSeek AI generates much less safe code for China dissident teams
Analysis performed by CrowdStrike reveals that the code generated by the AI of Chinese language agency DeepSeek is much less safe if the request specifies that the code is for dissidents or different teams that could be thought-about delicate by the Chinese language authorities. If the request to DeepSeek specifies that the code is for the banned non secular motion Falun Gong or the Islamic State, the AI might refuse to generate code. If it doesn’t refuse, the code is extra more likely to include vulnerabilities, and so is within the case of code generated for Tibet and Taiwan. Code for industrial management techniques is the more than likely to include security flaws.
Claroty publishes International State of CPS Safety report
Claroty has printed a report titled ‘International State of CPS Safety 2025: Navigating Danger in an Unsure Financial Panorama’. Based mostly on a survey of 1,100 cybersecurity professionals, the report reveals that 49% imagine shifting world financial insurance policies and geopolitical tensions are driving elevated threat throughout cyber-physical system (CPS) belongings and processes. Greater than three-quarters imagine rising laws will pressure them to overtake their present CPS security methods.
Atlassian, Mozilla, WatchGuard, Nokia patches
Atlassian launched patches for 4 vulnerabilities in third-party elements utilized in Confluence, Jira, and Jira Service Administration Data Middle and Server. Mozilla rolled out Thunderbird and Firefox updates that resolve roughly a dozen bugs. WatchGuard introduced fixes for CVE-2025-9242, a critical-severity flaw in Fireware OS that would result in distant code execution, with out authentication. Nokia knowledgeable prospects about Nokia Container Service (NCS) and CloudBand Infrastructure Software program (CBIS) flaws permitting authentication bypass and distant code execution.
Eve Safety raises $3 million in seed funding
Austin, Texas-based Eve Safety introduced that it has raised $3 million in a seed funding spherical from LiveOak Ventures and Tau Ventures. The corporate additionally introduced the launch of its product, EveGuard, an agentic AI observability and coverage enforcement platform. The platform leverages Agent-in-the-Loop (AITL) know-how to make sure the security of AI brokers interacting with an organization’s important enterprise techniques.
