Key Takeaways
- A new prompt injection attack method called PromptPwnd has been discovered, affecting at least five Fortune 500 companies.
- The US Department of War has ordered the acceleration of the transition to post-quantum cryptography due to the growing risk of quantum computing to military systems.
- Researchers have complained about smaller macOS bug bounties, with maximum payments decreasing significantly for certain vulnerabilities.
- A scheme to smuggle GPUs to China has been shut down, with three individuals caught and one receiving $50 million as part of the scheme.
- Holly Ventures has launched a $33 million cybersecurity fund for early-stage startups in the US and Israel.
Introduction to Cybersecurity News Roundup
SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar. The roundup offers a valuable summary of stories that may not warrant an entire article but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, the roundup curates and presents a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
PromptPwnd Attack and Its Implications
Aikido Security has uncovered a new prompt injection attack method involving GitHub Actions and AI agents, dubbed PromptPwnd. The attack involves embedding malicious prompts into software development issue bodies, commit messages, and PR descriptions, which are then interpreted by AI agents as instructions. At least five Fortune 500 companies are affected, and Google patched the issue in Gemini CLI within days of being notified. This attack highlights the growing concern of AI-powered attacks and the need for companies to be vigilant in their security measures.
Transition to Post-Quantum Cryptography
The US Department of War has ordered all Pentagon components to accelerate their transition to post-quantum cryptography, warning that advances in quantum computing pose a growing risk to the security of military systems, data, and communications. This move is a significant step towards ensuring the security of sensitive information and highlights the importance of staying ahead of emerging threats. The transition to post-quantum cryptography is a complex process, but it is essential to prevent potential security breaches.
macOS Bug Bounties and Researcher Concerns
Weeks after Apple announced a significant update to its bug bounty program, researchers have complained that maximum payments for macOS vulnerabilities have decreased significantly. According to macOS researcher Csaba Fitzl, the top rewards for TCC bypasses are down from $30,000 to $5,000, and for macOS sandbox escapes, they decreased from $10,000 to $5,000. Apple has not responded to SecurityWeek’s request for comment. This decrease in bug bounties has raised concerns among researchers, who feel that it may discourage them from reporting vulnerabilities and ultimately compromise the security of macOS.
GPU Smuggling Scheme and Its Consequences
The Justice Department announced that three individuals residing in the US and Canada have been caught smuggling Nvidia GPUs designed for AI applications and high-performance computing to China. Exporting the GPUs to China is strictly prohibited, and one of the suspects, who pleaded guilty, received $50 million as part of the scheme. The other two suspects were detained recently. This scheme highlights the importance of enforcing export controls and preventing the misuse of sensitive technology.
Holly Ventures Cybersecurity Fund
Holly Ventures announced the launch of a $33 million debut fund for early-stage cybersecurity startups in the US and Israel. Founded by John Brennan, former senior partner at YL Ventures, Holly Ventures is backed by investors from Bessemer Venture Partners, Ballistic Ventures, CRV, Wing Ventures, IVP, TCV, Notable Capital, Team8, BrightMind, Ten Eleven Ventures, and others. The company aims to provide not only funding but also direct GP engagement, operating help, and a high-density network. This fund is a significant investment in the cybersecurity industry and is expected to support innovative startups in the field.
Industrial Routers and OT Environments
A honeypot analysis conducted by Forescout has shown that industrial routers are the most attacked devices in OT environments. Routers and other OT network perimeter devices captured two-thirds of attacks, while exposed OT devices captured the rest of the attacks. The analysis has also focused on the RondoDox and ShadowV2 botnets and the continued interest from hacktivists. This highlights the importance of securing industrial routers and OT environments, which are critical infrastructure that requires robust security measures.
ENISA Cybersecurity Investments Report
ENISA has published its NIS Investments 2025 report, which analyzes the cybersecurity investments of organizations in the European Union. The study found that over the past year, organizations have maintained their investments at levels comparable to the prior year. In addition, the study found that overall cybersecurity spending has increased modestly, and that most organizations have largely stable security teams in terms of size. This report provides valuable insights into the state of cybersecurity investments in the EU and highlights the need for continued investment in cybersecurity measures.
CISA Cybersecurity Performance Goals
CISA has released an updated version of the Cross-Sector Cybersecurity Performance Goals (CPG) to help critical infrastructure operators achieve a minimum security baseline. CPG 2.0 incorporates lessons learned, aligns with the most recent NIST Cybersecurity Framework revisions, and addresses the most impactful threats facing critical infrastructure. This update is a significant step towards ensuring the security of critical infrastructure and highlights the importance of continuous improvement in cybersecurity measures.
DroidLock Android Ransomware
Zimperium has detailed DroidLock, an Android malware targeting Spanish users. The malware spreads through phishing sites and has ransomware capabilities, allowing cybercriminals to take complete control of the compromised device. This highlights the importance of being vigilant when using mobile devices and the need for robust security measures to prevent malware attacks.
Salt Typhoon Hacking Group
Members of China’s Salt Typhoon hacking group were Cisco Academy students, according to SentinelOne. The hackers’ early education on Cisco products likely enabled them to orchestrate one of the most expansive intelligence collection operations of the last decade, targeting over 80 telecommunications companies globally. This highlights the importance of monitoring and tracking the activities of hacking groups and the need for continuous improvement in cybersecurity measures.