In Other News: DHS Database Hacked, Adobe Boosts Patch Cadence, Canada Disrupts Ransomware Ops
SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape.
This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment.
Here are this week’s highlights:
Armenian man pleads guilty in the US to ransomware attacks
Karen Serobovich Vardanyan, a 34-year-old Armenian national extradited to the United States last year for his role in Ruyk ransomware attacks, has pleaded guilty to conspiracy and computer fraud. Vardanyan (who appears to have been a ransomware affiliate) and his accomplices received more than $15 million in ransom payments, the DOJ said. The man has agreed to pay $1.1 million in restitution.
QuimaRAT targets Windows, macOS, Linux
A subscription-based remote access trojan (RAT) platform named QuimaRAT v2.0 is actively being advertised on dark web forums with multi-architecture binaries targeting Windows, macOS, and Linux. Built using Apache Maven, the modular malware implements virtualization checks and native library loading to execute fileless payloads and run dozens of embedded commands. Security researchers discovered that the threat actor operates under a malware-as-a-service (MaaS) framework, offering lifetime access for $1,200 alongside cheaper short-term tiers.
Canadian intelligence service disrupted ransomware operations
Canada’s Communications Security Establishment (CSE) disclosed that it actively hacked into the infrastructure of ransomware operations, drug traffickers, and extremist organizations over the past year. Operating under its foreign cyber operations mandate, the agency disrupted the command-and-control operations of these threat networks to mitigate global criminal campaigns. CSE said the operations successfully degraded the criminal syndicates’ technological capabilities.
Enterprise security firm rejects Anthropic’s trademark infringement claims
Abnormal AI publicly refuted a lawsuit brought by Anthropic that alleges trademark infringement, unfair competition, and intentional brand duplication designed to mislead enterprise customers. The security firm clarified that its slash-based wordmark was independently designed back in April 2021, prior to the commercialization of Claude AI.
Fraudsters unmasked behind deceptive offensive security firm
A clandestine exploit brokering startup operating under the moniker IRIS C2 was exposed as a front managed by fraudsters and convicted felons Jacob Wohl and Jack Burkman, according to an investigation by Brian Krebs. Registered under a company called Calvexa Group, the outfit publicly dangled million-dollar payouts on social media platforms to attract engineering talent and purchase zero-day vulnerabilities. The company claims to sell phone-hacking services to the government but does not appear to have any government contracts.
Writer AI vulnerability exposed data
A security researcher has uncovered a critical vulnerability dubbed WriteOut in Writer AI that allows a threat actor to completely bypass sandbox restrictions. The cross-tenant flaw allowed unauthorized users to break structural isolation controls, read proprietary workspace data, and systematically access information belonging to other corporate tenants. Writer AI has since deployed patches to permanently seal the sandbox escape path.
AssuranceAmerica data breach affects 7 million people
Hackers targeted US insurance company AssuranceAmerica and stole information belonging to nearly 7 million people, including names, contact information, and driver’s license numbers. The breach was discovered in March, and the company’s investigation was completed in June.
NSA brings back TAO
The NSA has officially revived its iconic Tailored Access Operations (TAO) nomenclature for its premier network exploitation unit, effectively reversing the changes of the 2016 NSA21 initiative. Led by Deputy Director Tim Kosiba, the structural shift consolidates exploit developers and operators under a unified command structure. The specialized unit is slated to occupy a dedicated campus facility next month.
FBI issues TeamPCP alert
The FBI published an alert outlining malicious operations orchestrated by a cybercrime syndicate known as TeamPCP. The threat group successfully trojanized critical development dependencies and DevOps security tools (including Trivy, KICS, LiteLLM, and the Telnyx Python SDK) to drop credential-harvesting implants like CanisterWorm and SandClock. The FBI warns that the group is using stolen cloud tokens and Kubernetes secrets to carry out extortion campaigns.
DHS database hacked
An unidentified threat actor breached the Homeland Security Information Network (HSIN), a sensitive but unclassified database used by federal, state, and private partners for interagency communication. A damage assessment by the DHS Office of Intelligence and Analysis revealed that the hackers targeted servers and SharePoint infrastructure. The department isolated the network and launched a forensic probe, but found no evidence that classified networks were impacted.
Adobe transitions to accelerated security update cadence
Adobe announced that it will begin publishing security bulletins and critical patch disclosures twice a month, on the second and fourth Tuesdays. The shift is a direct response to adversaries leveraging AI to rapidly discover vulnerabilities. By shortening the release window, the vendor aims to compress the time window available to attackers between initial public disclosure and active enterprise exploitation.
Related: In Other News: Chinese Mythos-Like AI, Tata Electronics Breach, Snyk Layoffs
Related: In Other News: Canadian Hacker Jailed, Open Source Zero-Days, Two Sentenced for ATM Jackpotting