SECURITYWEEK’S roundup notes that the FBI is examining suspicious activity suggesting a breach of its computer systems, reported by CNN, while Avira has disclosed three vulnerabilities in Avira Internet Security that permit local privilege escalation and were reported to Avira by Quarkslab. It also highlights that Google Gemini API keys embedded in mobile apps remain at risk after a policy change, with researchers warning that these keys can still be extracted and used to access cloud resources.
The brief also says a North Korean state actor’s personal data was exposed due to a game cheat, with forensic analysis linking the user to infrastructure used in state-sponsored campaigns. According to the Financial Times, a long-running intelligence operation infiltrated Tehran’s traffic camera network, with feeds redirected to servers in Israel to aid surveillance and enable precise targeting, a development linked to an airstrike that killed Iran’s Supreme Leader Ali Khamenei.
The piece closes by noting a separate data breach affecting 3.4 million people at TriZetto Provider Solutions, and mentions the ongoing impact of the 2024 Transport for London attack, which affected about 10 million individuals.