In Other News: Chinese Mythos-Like AI, Tata Electronics Breach, Snyk Layoffs

SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: Russia used Cellebrite software to hack activist’s phone An investigation by Citizen Lab confirmed that Russian authorities successfully used Cellebrite software to breach an iPhone belonging to opposition activist Andrey Pivovarov. Even though the surveillance vendor canceled its Russian contracts in 2021 prior to Pivovarov’s arrest, local agency documents prove that investigators used legacy setups to extract data from communication apps like Telegram and WhatsApp. Security researchers suspect that the harvested information was later weaponized by the state-backed threat group ColdRiver to launch targeted phishing campaigns against the activist’s associates. Scattered Spiders hackers plead guilty Two British men connected to the Scattered Spider group changed their pleas to guilty regarding the 2024 compromise of Transport for London. The intrusion disrupted automated fare refund systems and administrative networks, inflicting millions in remediation costs and operational losses. All 28,000 agency employees were forced to undergo mandatory in-person password resets to re-secure the environment. Apple and Tesla secrets allegedly exposed in Tata Electronics hack A major security incident at India-based Tata Electronics has culminated in the dark web leak of more than 630 GB of proprietary documentation. The extortion group World Leaks published the massive trove, which reportedly includes manufacturing specifications, component schematics, and confidential drawings belonging to major clients Apple and Tesla.  Android developer verification A comprehensive Android developer identity verification framework is set to launch on September 30, 2026, across seven major app distribution platforms in select international markets before expanding globally next year. The security overhaul features new automated registration APIs alongside an advanced sideloading flow equipped with mandatory checkpoints to counter coercion scams. A new limited tier will allow hobbyists to distribute applications to a restricted number of devices. Five Eyes issue urgent AI threat warning The Five Eyes intelligence coalition has released a joint advisory warning that advanced artificial intelligence capabilities have compressed the threat timeline from years to months. By automating vulnerability research and exploit development, these frontier AI models democratize high-end offensive tools for lower-skilled cybercriminals and render traditional perimeter defenses obsolete. Executives and security leaders must transition to zero-trust architectures, accelerate patching protocols, and immediately decommission legacy infrastructure to withstand machine-speed intrusions. White House intervenes to restrict rollout of OpenAI model Federal officials have requested that OpenAI delay and tightly control the public deployment of its upcoming GPT-5.6 model due to national security concerns. Under this temporary arrangement, access during the initial preview phase will be vetted and approved on a client-by-client basis by government agencies. This intervention reflects intensifying state scrutiny over frontier models, following recent regulatory pressures that restricted Anthropic’s advanced AI.  macOS.Gaslight malware linked to North Korea A sophisticated Rust-based backdoor targeting macOS has been found to incorporate adversarial prompt injection techniques designed to disrupt automated triage workflows. Attributed to North Korean threat actors, macOS.Gaslight embeds dozens of deceptive system error messages intended to trick LLM-assisted analysis tools into terminating their investigations. Beyond this novel defensive evasion mechanism, the malware features an interactive shell and data-harvesting capabilities. CISA prepares for massive recruitment push under new leadership candidate The Department of Homeland Security announced that a potential nominee has been selected to lead CISA, which has lacked a permanent director since January 2025. Once confirmed, the new leadership is slated to spearhead a recruitment drive for approximately 600 skilled professionals to rebuild a workforce recently depleted by federal downsizing.  Chinese company’s Mythos-like AI The chief executive of blacklisted Chinese cybersecurity firm Qihoo 360 announced the creation of an advanced AI system named Tulongfeng. The company claims it can match the capabilities of prominent Western frontier systems such as Mythos and can be leveraged to breach corporate and government networks. The executive admitted that its AI itself might not be as powerful as Mythos, but Tulongfeng’s vulnerability-discovery capabilities are similar when paired with other Qihoo technologies.  Snyk layoffs Snyk has laid off some of its employees as part of an organizational restructuring. The move includes aligning R&D around four areas and unifying them under one leader, “flattening leadership so decisions move faster”, and “unifying go-to-market”. The company has not disclosed the number of affected individuals, but Israeli media put the number at 90. Others reported that at least 200 employees have been terminated. According to its website, Snyk has more than 1,000 employees, but third-party sites report roughly 1,500 employees. Related: In Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS Continuum Related: In Other News: Google Security Layoffs, AudiA6 Takedown, $400 Million Coupang Fine WRITTEN BY SecurityWeek News More from SecurityWeek News Philip Martin Joins Uber as Chief Information Security Officer Webinar Today: Modern Exposure Validation in the AI Era In Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS Continuum Webinar Today: How Modern Breaches Bypass MFA and Evade Detection Endpoint Security Startup Ent Emerges From Stealth With $100 Million Seed Round In Other News: Google Security Layoffs, AudiA6 Takedown, $400 Million Coupang Fine CISO Forum Webinar Today: 2026 Mid-Year Review A Security Raises $37 Million for Autonomous Offensive Security Platform Latest News Amazon Q Flaw Enabled Cloud Credential Theft via Malicious Repositories More Klue Breach Victims Identified as Hackers Get Hacked Nebulock Raises $25 Million for AI-Native Contextual Security Linux Foundation Unveils New Open Source Security Project Akrites $3 Million Reportedly Stolen in Polymarket Hack Russian APT Deploys ‘StockStay’ Backdoor Against Ukrainian Targets First-Ever Exploitation of PTC Windchill Vulnerability Discovered in the Wild New Enterprise-Ready MCP Specification Brings New Security Challenges Trending Webinar: Why Email Security Keeps Failing (And What Has To Change) July 8, 2026 Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more. Register Virtual Event: 2026 Cloud Security Summit July 16, 2026 This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments. Register People on the Move Mark Carter has been appointed Chief Information Security Officer at Socure. Spektrum Labs has named Mark Cravotta Chief Operating Officer. Philip Martin has joined Uber as Chief Information Security Officer. More People On The Move Expert Insights When Information Becomes The Attack Surface – Understanding AI Agent Traps From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI. (Etay Maor) What The Latest ShinyHunters Breaches Reveal About Modern Cyberattacks Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage. (Torsten George) No Exploits Required Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures. (Tod Beardsley) After AI Reaches Production: 12 Ways Security Teams Can Take Control Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production. (Joshua Goldfarb) Everybody Is Vibe Coding But Nobody Told The Security Team AI-driven development is not something organizations can or should block. But it must be governed. (Danelle Au) Flipboard Reddit Whatsapp Email