In Other News: N8n Flaw Exploited, Slopoly Malware, Interpol Cybercrime Crackdown

SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: Google Cloud highlights faster cloud attacks in new threat report Google has released its Cloud Threat Horizons Report for the first half of 2026, drawing on data from the second half of 2025. The report shows threat actors now exploit software vulnerabilities more often than weak credentials for initial access, with the time from vulnerability disclosure to active attacks shrinking from weeks to days. Data theft remains the primary goal in most incidents, often achieved through identity compromise, vishing, or token theft, while living-off-the-land techniques and AI-assisted methods help attackers remain hidden and move quickly. Polish police identify seven minors selling DDoS tools Polish cybercrime investigators have identified seven minors, aged 12 to 16 at the time of the offenses, who distributed online software designed for launching DDoS attacks. The group targeted various popular websites, including auction platforms, sales sites, IT-related domains, hosting providers, and accommodation booking services. They operated as a coordinated team for profit and were fully aware of the illegal nature of their activities. US indicts third BlackCat ransomware negotiator US prosecutors have charged a third individual with acting as a negotiator for the BlackCat/Alphv ransomware gang. The defendant, Angelo Martino, worked as a ransomware negotiator for DigitalMint. Two other cybersecurity experts pleaded guilty to their role in the scheme a few months ago.  US defense contractor suspected of creating Coruna exploits US military contractor L3Harris is believed to have developed at least some of the Coruna iOS exploits. The exploits were reportedly created by the contractor for legitimate US government purposes but ended up in the hands of Russian actors. The exploit leak may be related to the case of a former executive at L3Harris division Trenchant, who was recently jailed for selling Android and iOS exploits to Russia. Apple this week updated older iOS versions to address the Coruna exploits.  Telus Digital data breach Telus Digital has confirmed a cybersecurity incident after ShinyHunters hackers claimed to have stolen around 1 petabyte of information from the company’s systems. Telus stated that it is actively investigating the breach, but did not share further details on the exact data involved or how the attackers gained access. N8n vulnerability exploited CISA has added a vulnerability in the open source workflow automation tool n8n to its Known Exploited Vulnerabilities catalog. The flaw, tracked as CVE-2025-68613, allows remote code execution. Several critical n8n vulnerabilities were disclosed in recent months, but CVE-2025-68613 appears to be the first that has been exploited in the wild. There does not appear to be any public information about the attacks. New CrackArmor vulnerabilities in Linux AppArmor allow root privileges Researchers from Qualys uncovered nine vulnerabilities in the Linux security module AppArmor (collectively called CrackArmor) that could allow an unprivileged local user to escalate privileges and gain root access. The flaws exploit a “confused deputy” scenario, enabling attackers to manipulate security profiles through trusted tools such as Sudo or Postfix and bypass kernel protections. The issues, which date back to 2017, potentially expose millions of enterprise Linux deployments. Critical Veeam product vulnerabilities Veeam has released an advisory regarding several critical and high-severity vulnerabilities affecting its Backup & Replication product. The vulnerabilities can be exploited to bypass security features, escalate privileges, and remotely execute code. There is no evidence of in-the-wild exploitation, but it’s not uncommon for threat actors to target Veeam product vulnerabilities in their attacks. Global cybercrime crackdown  An international law enforcement effort coordinated by Interpol dismantled more than 45,000 malicious IP addresses and servers used for phishing, malware, ransomware, and online fraud campaigns. The operation, known as Operation Synergia III and conducted between July 2025 and January 2026, involved authorities from 72 countries and resulted in 94 arrests, with another 110 suspects under investigation. Cybersecurity firms including Group-IB supported the effort by providing threat intelligence to help identify criminal infrastructure and coordinate global takedowns. AI-generated Slopoly malware found by IBM IBM security researchers have come across a new piece of malware dubbed Slopoly, which they believe was likely generated by AI. The malware was used in the later stages of an attack by a financially motivated cybercrime group named Hive0163, which is known for the use of the Interlock ransomware. “Although still relatively unspectacular, AI-generated malware such as Slopoly shows how easily threat actors can weaponize AI to develop new malware frameworks in a fraction of the time it used to take,” the IBM researchers said.  Related: In Other News: ATT&CK Advisory Council, Russian Cyberattacks Aid Missile Strikes, Predator Bypasses iOS Indicators Related: In Other News: FBI Hacked, US Security Pro Killed in Iran War, Hijacked Cameras Used in Khamenei Strike WRITTEN BY SecurityWeek News More from SecurityWeek News Webinar Today: Securing Fragile OT in an Exposed World In Other News: FBI Hacked, US Security Pro Killed in Iran War, Hijacked Cameras Used in Khamenei Strike Webinar Today: Designing an OT SOC for Safety, Reliability, and Business Continuity Fig Security Launches With $38 Million to Bolster SecOps Resilience In Other News: ATT&CK Advisory Council, Russian Cyberattacks Aid Missile Strikes, Predator Bypasses iOS Indicators In Other News: Ransomware Shuts US Clinics, ICS Vulnerability Surge, European Parliament Bans AI Venice Security Emerges From Stealth With $33M Funding for Privileged Access Management VulnCheck Raises $25 Million in Series B Funding to Scale Vulnerability Intelligence Latest News Oracle EBS Hack: Only 4 Corporate Giants Still Silent on Potential Impact Security Firm Executive Targeted in Sophisticated Phishing Attack China-Linked Hackers Hit Asian Militaries in Patient Espionage Operation Threat Actor Targeting VPN Users in New Credential Theft Campaign ForceMemo: Python Repositories Compromised in GlassWorm Aftermath Hacking Attempt Reported at Poland’s Nuclear Research Center Loblaw Data Breach Impacts Customer Information Critical HPE AOS-CX Vulnerability Allows Admin Password Resets Trending Webinar: Securing Fragile OT In An Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Virtual Event: Supply Chain Security And Third-Party Risk Summit March 18, 2026 Join the event where top security experts unpack the biggest software supply chain risks. Register People on the Move The US Senate has confirmed Army Lt. Gen. Joshua Rudd to lead NSA and CYBERCOM. Business software company Rippling has appointed Adrian Ludwig as CSO. Orca Security has named Rachel Nislick as Chief Marketing Officer. More People On The Move Expert Insights The Human IOC: Why Security Professionals Struggle With Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How To 10x Your Vulnerability Management Program In The Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose A Critical Flaw In Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Four Risks Boards Cannot Treat As Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) How To Eliminate The Technical Debt Of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Flipboard Reddit Whatsapp Email