In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws

SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: Nvidia cloud gaming partner suffers data breach Nvidia has confirmed that a breach of GeForce NOW user data occurred through GFN.am, its regional Alliance partner operating the service in Armenia, with no impact on Nvidia’s own infrastructure. The incident, which took place between March 20 and 26, exposed personal details including full names, email addresses, phone numbers, dates of birth, and usernames, but no passwords were compromised, and users who registered after March 9 are unaffected. A threat actor operating under the ShinyHunters name (believed to be an impersonator) claimed responsibility on a hacker forum and listed the full database for $100,000 in cryptocurrency before the post was taken down. FCC buys time for foreign routers with extended update window Foreign-made routers and drones on the FCC’s Covered List — devices deemed national security risks — will be allowed to receive security patches and firmware updates until at least January 1, 2029, up from the previous March 2027 cutoff. The agency is also considering making the waiver permanent. OpenAI moves to give EU regulators a look at its cyber AI OpenAI is in talks with the European Commission to provide access to a cyber-focused variant of GPT-5.5 that can identify and exploit software vulnerabilities. The offer came after EU cybersecurity and AI officials spent weeks unable to gain access to Anthropic’s comparable model, Mythos, which has been limited to a few dozen organizations. ENISA, the EU’s cybersecurity agency, confirmed OpenAI made contact, and the Commission called the move a step toward monitoring the model’s deployment and addressing potential security risks. Developers targeted with fake Claude Code installer Ontinue has uncovered an active infostealer campaign that uses fake Claude Code installation pages, promoted via sponsored search results, to trick developers into running malicious PowerShell commands. The payload uses a small native helper to abuse Chrome’s App-Bound Encryption via the IElevator2 COM interface, extracting decrypted cookies, saved passwords, and payment data from Chrome, Edge, Brave, and other Chromium-based browsers, before exfiltrating the data to attacker-controlled infrastructure. The malware doesn’t match any known family and is notably well-maintained. Seedworm targets South Korean electronics manufacturer Iran-linked group Seedworm (also known as MuddyWater) breached a major South Korean electronics manufacturer in February 2026 as part of a broader campaign hitting at least nine organizations across four continents, including government agencies, industrial manufacturers, financial services firms, and educational institutions. The attackers used DLL sideloading via legitimately signed Fortemedia and SentinelOne binaries to deploy malicious payloads.  Android 17 brings AI-driven defenses  Google’s Android 17 introduces a broad set of security upgrades, including verified financial calls (automatically drops spoofed calls impersonating participating banks) and expanded Live Threat Detection, which now flags suspicious behaviors like SMS forwarding and accessibility overlay abuse in real time. On the anti-theft front, biometric authentication can now be required to unlock a device marked as lost, and default-on theft protections are rolling out globally. The update also introduces post-quantum cryptography, automatic OTP hiding from most apps, and Android OS verification to help users confirm they’re running a legitimate build. Big Tech pushes back on Canada’s encryption bill Apple and Meta are opposing Bill C-22, a Canadian lawful-access bill they warn could force tech companies to build encryption backdoors or install government spyware on their systems. Meta pointed to the Salt Typhoon espionage campaign as proof that authorized backdoors can be exploited, while Public Safety Canada insists the bill would not require systemic vulnerabilities, though both tech companies say the real risk lies in how the bill’s broad powers could be interpreted once enacted. Grego AI and Secludy announce launch and funding Secludy announced raising $4 million for its newly launched platform, designed to help organizations in regulated industries safely use valuable data for AI. The platform generates synthetic data that mirrors original datasets, enabling customers to train and evaluate AI models without exposing sensitive customer information. Grego AI emerged from stealth mode with a platform that pushes existing AI models beyond their expected capabilities to find critical software vulnerabilities. The company said it earned a $250,000 bug bounty for a vulnerability it uncovered, and claims to have helped prevent a $27 million attack. Grego AI told SecurityWeek that it raised $2 million in funding. Audi’s connected car platform exposed owner data  A security researcher discovered several vulnerabilities in the myAudi connected car platform, finding that anyone who knows a vehicle’s VIN can add it to their account as a guest and access sensitive data. Exposed information included the embedded SIM’s IMEI and ICCID identifiers, the GPS location of the primary owner when they triggered a ‘honk & flash’ command, as well as vehicle lock status. CARIAD, the VW Group’s software arm, has patched one issue, but the researcher says the remaining findings are still under evaluation. Audi has not responded to SecurityWeek’s request for comment. Cisco open-sources blueprint for AI-driven vulnerability evaluation Cisco has released Foundry Security Spec, an open source specification for building agentic security evaluation systems that use frontier AI models to find and validate vulnerabilities in a structured, auditable way. Rather than sharing internal code tied to Cisco’s own infrastructure, the company is releasing the design (eight core agent roles, a finding lifecycle, and 130 functional requirements) so security teams can adapt it to their own environments.  FBI issues warning after ShinyHunters hacks Canvas ShinyHunters has claimed responsibility for an attack on Instructure’s Canvas system, which disrupted service to educational institutions across the US, and the FBI is now warning that affected students and faculty could be targets for extortion and sophisticated spearphishing using stolen data. The group is known for large-scale data theft and aggressive pressure tactics to coerce victims into paying, including threatening calls, texts to family members, and swatting. The US government has asked Instructure to provide clarification after the company admitted it reached an agreement with the hackers.  Related: In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner Related: In Other News: Scattered Spider Hacker Arrested, SOC Effectiveness Metrics, NSA Tool Vulnerability WRITTEN BY SecurityWeek News More from SecurityWeek News Webinar Today: ROI for Cyber-Physical Security Programs Exaforce Raises $125 Million for Agentic SOC Platform In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner Webinar Today: Securing Identity Across Humans, Machines and AI Autonomous Offensive Security Firm XBOW Raises $35 Million In Other News: Scattered Spider Hacker Arrested, SOC Effectiveness Metrics, NSA Tool Vulnerability  Webinar Today: A Step-by-Step Approach to AI Governance In Other News: Unauthorized Mythos Access, Plankey CISA Nomination Ends, New Display Security Device Latest News Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild American Lending Center Data Breach Affects 123,000 Individuals OpenAI Hit by TanStack Supply Chain Attack TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code Chrome 148 Update Patches Critical Vulnerabilities Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026 Enhancing Data Center Security Without Sacrificing Performance New Linux Kernel Vulnerability Fragnesia Allows Root Privilege Escalation Trending Webinar: Third-Party Risk In Practice June 4, 2026 Organizations are investing heavily in third-party risk management, but breaches, delays, and blind spots continue to persist. Join this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice. Register Virtual Event: Threat Detection And Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the Move Tim Byrd has been appointed Chief Information Security Officer at First Citizens Bank. IRONSCALES has named Steve McKenzie as Chief Operating Officer. Silvio Pappalardo has joined AuthMind as Chief Revenue Officer. More People On The Move Expert Insights Enhancing Data Center Security Without Sacrificing Performance For AI data centers, where the stakes are the highest and performance constraints are the tightest, security and performance are no longer a zero-sum game. (Nadir Izrael) Is The SOC Obsolete, And We Just Haven’t Admitted It Yet? Many AI-first enterprises have already embraced sovereign architectures for general AI initiatives; cybersecurity—and the SOC—should be next. (Danelle Au) The Mythos Moment: Enterprises Must Fight Agents With Agents Only with the right platform and an agentic, AI-driven defense, will enterprises be able to protect themselves in the agentic era. (Etay Maor) Why Cybersecurity Must Rethink Defense In The Age Of Autonomous Agents From autonomous code generation to decision-making systems that initiate actions without human intervention, the industry is entering a new phase. (Torsten George) Government Can’t Win The Cyber War Without The Private Sector Securing national resilience now depends on faster, deeper partnerships with the private sector. (Steve Durbin) Flipboard Reddit Whatsapp Email