In Other News: New Android Safeguards, Operation Alice, UK Toughens Cyber Reporting

SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: Sears Home Services AI chatbot databases left unprotected Cybersecurity researcher Jeremiah Fowler discovered three unprotected, unencrypted databases exposing nearly 3.7 million customer service records tied to Sears Home Services, including logs from its AI chatbot Samantha. The leaked data included over 54,000 complete chat logs, nearly 1.4 million audio recordings of customer calls, and more than 200,000 spreadsheet logs, along with personal details like names, addresses, phone numbers, and service appointment information. Fowler notified Transformco, the parent company of Sears, and the databases were secured shortly after. Nine vulnerabilities found in KVM devices Eclypsium researchers uncovered nine vulnerabilities across four budget IP-KVM vendors: GL-iNet, Angeet/Yeeso, Sipeed, and JetKVM. The most severe flaw, found in the Angeet/Yeeso ES3, allows an attacker to remotely write arbitrary files and execute OS commands without any credentials. Because KVM devices provide keyboard, video, and mouse control at the BIOS level, a successful attacker could inject keystrokes, boot from removable media, disable Secure Boot, and bypass any OS-level security tool. JetKVM and Sipeed have issued patches, but GL-iNet has no planned fix for two of its flaws, and Angeet/Yeeso has yet to commit to a timeline. Scammers use fake GitHub accounts to steal crypto from OpenClaw developers Attackers created fake GitHub accounts, opened issue threads in attacker-controlled repositories, and tagged dozens of developers, claiming they had won $5,000 worth of CLAW tokens redeemable through a linked site, which turned out to be a near-identical clone of openclaw.ai rigged with a wallet-draining ‘Connect your wallet’ button. The fake accounts were created just days before the campaign launched and deleted within hours of going live, and no confirmed victims have been reported so far, according to Ox Security. Claudy Day Claude vulnerabilities Oasis Security discovered three vulnerabilities in Claude that, when chained together in an attack they dubbed Claudy Day, allow an attacker to silently hijack a user’s chat session and exfiltrate sensitive data with a single click. The attack works by embedding hidden instructions in a crafted claude.ai URL, wrapping it in an open redirect on claude.com to make it appear legitimate, and then running it as a Google ad — meaning a victim only needs to click what looks like a normal search result. Anthropic has patched the prompt injection flaw following responsible disclosure, but fixes for the remaining two vulnerabilities are still in progress. Malware uses security software as cover to hunt for missile documents Symantec and Carbon Black researchers have uncovered a stealthy new infostealer called Speagle that piggybacks on Cobra DocGuard (a document encryption platform made by Chinese firm EsafeNet). The malware only activates on machines with Cobra DocGuard installed, collecting browser history, autofill data, and system information, and at least one variant specifically searches for files that reference Chinese ballistic missiles. Researchers have attributed the campaign to a previously unknown threat actor they’re calling Runningcrab, and believe it is likely the work of either a state-sponsored group or a hired contractor, though the exact infection method remains unknown. Ransomware group The Gentlemen  Group-IB published a detailed breakdown of The Gentlemen, a roughly 20-member ransomware-as-a-service group that came to light after one of its operators publicly accused the Qilin ransomware group of withholding $48,000 in unpaid affiliate commissions. The group primarily gains access through CVE-2024-55591, a critical FortiOS/FortiProxy authentication bypass flaw, and maintains a database of around 14,700 already-compromised FortiGate devices. Once inside a network, they use the bring-your-own-vulnerable-driver (BYOVD) technique to kill security tools at the kernel level before encrypting and exfiltrating victim data. UK financial regulator sets new rules for reporting cyber incidents The FCA has finalised new rules requiring financial firms to report serious cyber incidents within 24 hours of determining they meet reporting thresholds, with payment service providers facing an even tighter four-hour deadline. The regulator cited growing concern over the frequency and sophistication of attacks on the financial sector, noting that in 2025 over 40% of cyber incidents reported to the FCA involved a third party, prompting new requirements for firms to maintain and annually submit a register of their material third-party arrangements. The rules take effect in March 2027. Operation Alice takes down 373,000 dark web domains  A 10-day international operation led by German authorities and supported by Europol shut down more than 373,000 dark web domains run by a 35-year-old man based in China, who had been operating a sprawling network of fraudulent platforms since at least 2021. The sites advertised child abuse material and cybercrime-as-a-service offerings, but delivered nothing after victims paid, netting the operator an estimated €345,000 from around 10,000 people. Authorities from 23 countries participated in the operation, and have since identified 440 customers whose purchases are now under active investigation. Google adds scam-resistant safeguards to Android sideloading process Google has detailed a new ‘advanced flow’ for Android that allows users to install apps from unverified developers while building in deliberate friction to protect against social engineering scams. The process requires enabling developer mode, confirming no one is coaching the user, restarting the device to cut off any active remote access, and waiting a full day before completing biometric or PIN verification — steps specifically designed to break the manufactured urgency that scammers rely on. The feature will roll out in August. Related: In Other News: N8n Flaw Exploited, Slopoly Malware, Interpol Cybercrime Crackdown Related: In Other News: FBI Hacked, US Security Pro Killed in Iran War, Hijacked Cameras Used in Khamenei Strike WRITTEN BY SecurityWeek News More from SecurityWeek News Privacy Platform Cloaked Raises $375M to Expand Enterprise Reach Autonomous Offensive Security Firm XBOW Raises $120M at $1B+ Valuation Cloud Security Startup Native Exits Stealth With $42 Million in Funding Virtual Summit Today: Supply Chain & Third-Party Risk Summit Surf AI Raises $57 Million for Agentic Security Operations Platform In Other News: N8n Flaw Exploited, Slopoly Malware, Interpol Cybercrime Crackdown Webinar Today: Securing Fragile OT in an Exposed World In Other News: FBI Hacked, US Security Pro Killed in Iran War, Hijacked Cameras Used in Khamenei Strike Latest News 3 Men Charged With Conspiring to Smuggle US Artificial Intelligence to China Eclypsium Raises $25 Million for Device Supply Chain Security US Confirms Handala Link to Iran Government Amid Takedown of Hackers’ Sites Cape Raises $100 Million for Protection Against Cellular Security Threats Navia Data Breach Impacts 2.7 Million Thousands of Magento Sites Hit in Ongoing Defacement Campaign Allure Security Raises $17 Million for Online Brand Protection Critical Langflow Vulnerability Exploited Hours After Public Disclosure Trending Webinar: Securing Fragile OT In An Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the Move eSentire has named James C. Foster as Chief Executive Officer. Green Impact Exchange has appointed John Visneski as Chief Information Security Officer. Kai has named Alfredo Hickman as Chief Information Security Officer. More People On The Move Expert Insights The Human IOC: Why Security Professionals Struggle With Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How To 10x Your Vulnerability Management Program In The Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose A Critical Flaw In Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Four Risks Boards Cannot Treat As Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) How To Eliminate The Technical Debt Of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Flipboard Reddit Whatsapp Email