THIS week's cybersecurity roundup includes critical updates such as: a 10-year-old phpBB flaw allowing session hijacking, Velvet Ant's stealth operations in air-gapped infrastructures, vulnerabilities in Chrome extensions impacting over 10 million users, and AWS's introduction of an AI-powered tool, Continuum. A supply chain attack compromised 1.2 million WordPress sites, while imposter scams reportedly cost Americans $3.5 billion in 2025.
The US DOT concluded its investigation into Delta's response to a CrowdStrike outage without penalties. Additionally, malicious plugins in JetBrains Marketplace are stealing AI keys, and Apple released firmware updates to fix an unauthenticated mic access issue in Beats devices. The report also highlights significant botnet activities linked to an Israeli proxy provider and unauthorized access vulnerabilities in GCP Config Connector.