SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape.
This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment.
Here are this week’s highlights:
Hackers disrupt LA Metro systems
Los Angeles Metro locked down its internal administrative computers after its security team detected unauthorized access, knocking out real-time arrival displays at stations and causing problems for riders trying to load money onto TAP cards online. Trains and buses kept running throughout the incident, and the agency said customer and employee data was not compromised. It’s unclear whether they are related, but the ransomware group World Leaks claimed on its website to have targeted the City of Los Angeles.
FBI and CISA flag Russian campaign to hijack Signal and WhatsApp accounts
The FBI and CISA are warning that Russian intelligence operatives have been running a phishing campaign to break into Signal, WhatsApp, and other messaging apps — not by cracking encryption, but by tricking users into handing over account access. Thousands of accounts have already been compromised globally, with the attackers focusing on high-value targets like current and former US government officials, military personnel, politicians, and journalists. Once inside an account, attackers can read messages, impersonate victims, and use that trusted identity to launch further phishing against.
Breathalyzer firm hack stops drivers from starting their cars
Intoxalock, an Iowa-based company that makes court-mandated breathalyzer ignition devices, was hit by a cyberattack that took down its systems and left some drivers unable to start their cars. The attack disrupted the calibration process the devices depend on, and some drivers had no choice but to tow their cars to service centers. Intoxalock said it has since restored its systems and will cover costs tied to the outage.
Heritage Bank data stolen in file server breach
Heritage Bank disclosed that hackers copied files from an internal employee file-sharing server. The stolen data includes employees’ and customers’ private and confidential information, such as names, Social Security numbers, account numbers, dates of birth, and addresses. The bank says customer accounts and day-to-day operations were not affected.
ETH Zurich develops anti-deepfake chip
Researchers at ETH Zurich have built a sensor chip that stamps a cryptographic signature onto images, video, and audio the instant they are captured, making any later tampering immediately detectable. The signatures could be stored on a public blockchain, letting anyone verify whether a piece of media is genuine without relying on software detection tools that are constantly racing to keep up with better AI fakes. The chip is still a prototype, but the team has filed a patent and says it can be brought to market using existing manufacturing processes.
New State Department unit to tackle tech threats
The State Department has officially activated its Bureau of Emerging Threats, a new unit tasked with protecting US national security against cyberattacks, AI misuse, space-based threats, and other advanced technology risks from Iran, China, Russia, and North Korea. The bureau will be led by Anny Vu, who previously served as the Trump administration’s chargé d’affaires to China.
MorganFranklin Cyber rebrands as Arcova
MorganFranklin Cyber, a cybersecurity advisory and managed services firm that has operated under various names since 2018, has rebranded as Arcova. The new name follows a private equity-backed management buyout completed in early 2025 and the subsequent acquisition of Lynx Technology Partners, and is meant to signal a broader push into AI, resilience, and emerging technology consulting. Existing leadership, client relationships, and services remain unchanged under the new brand.
DHS shutdown leaves CISA on life support
CISA acting director Nick Andersen told a House committee this week that the DHS funding lapse has furloughed roughly 60% of the agency’s workforce, leaving the remaining staff to carry out only essential functions (without pay) while nation-state and criminal threats keep mounting. The agency currently has around 1,000 open positions, and the drain is accelerating: six members of a single threat hunting and incident response team handed in their resignations on the same day. Andersen warned that the situation is likely to cause lasting damage to CISA’s ability to recruit and retain cyber talent.
Google puts 2029 deadline on quantum-safe encryption switch
Google has moved up its timeline for transitioning to post-quantum cryptography, setting a 2029 target after faster-than-expected advances in quantum hardware and error correction. The company’s VP of Security Engineering, Heather Adkins, and senior cryptography engineer Sophie Schmieg warned that ‘harvest now, decrypt later’ attacks make waiting dangerous. Google is already rolling out quantum-resistant algorithms across Android, Chrome, and its cloud services, and is urging the wider industry to follow suit.
Scammers pose as Palo Alto Networks recruiters
Palo Alto Networks’ Unit 42 threat research team has been tracking a phishing campaign since August 2025 in which attackers impersonate the company’s recruiters to defraud senior-level professionals. Using LinkedIn data to craft personalized outreach, the scammers tell targets that their resume failed an automated screening process, then offer a paid ‘fix’ costing between $400 and $800. Palo Alto has confirmed it never charges candidates for any part of the hiring process, and is urging anyone who receives these emails to verify sender domains and report the suspicious contact immediately.
Related: In Other News: N8n Flaw Exploited, Slopoly Malware, Interpol Cybercrime Crackdown
Related: In Other News: New Android Safeguards, Operation Alice, UK Toughens Cyber Reporting
Facts Only
Los Angeles Metro: unauthorized access, real-time arrival displays affected, TAP card online loading problems, trains and buses continued running, no customer or employee data compromised, ransomware group World Leaks claimed targeting City of Los Angeles (SecurityWeek)
Phishing campaign: Russian intelligence operatives, Signal, WhatsApp, messaging apps, thousands of accounts compromised globally, high-value targets like current and former US government officials, military personnel, politicians, journalists targeted (FBI, CISA)
Intoxalock: cyberattack, systems down, calibration process disrupted, some drivers unable to start cars, service center tow visits required, restored systems, will cover costs tied to the outage (SecurityWeek)
Heritage Bank: file server breach, confidential customer and employee data stolen, names, Social Security numbers, account numbers, dates of birth, addresses, no impact on customer accounts or day-to-day operations (SecurityWeek)
ETH Zurich sensor chip: images, video, audio cryptographic signatures, tampering detection, public blockchain storage, patent filed, marketable using existing manufacturing processes (SecurityWeek)
State Department Bureau of Emerging Threats activation (SecurityWeek)
MorganFranklin Cyber rebranded as Arcova (SecurityWeek)
DHS funding lapse: CISA workforce furloughed, essential functions carried out without pay, 1,000 open positions, recruitment and retention concerns (SecurityWeek)
Google quantum-safe encryption switch deadline: 2029 (SecurityWeek)
Palo Alto Networks phishing campaign: senior-level professionals impersonated, recruiters offering paid 'fixes' for failed automated screening process, $400-$800 scam cost (SecurityWeek)
Executive Summary
Full Take
The article reports on several significant cybersecurity events and updates. In one instance, a ransomware attack disrupted the Los Angeles Metro's internal systems, causing temporary issues with real-time arrival displays and online TAP card loading. Thousands of messaging app accounts have reportedly been compromised in a Russian phishing campaign that tricks users into handing over account access, focusing on high-value targets like current and former US government officials, military personnel, politicians, and journalists. This attack highlights the ongoing risks of targeted cyberattacks against individuals and organizations, especially those with sensitive information or influence.
In another event, Intoxalock, an Iowa-based breathalyzer firm, was hit by a cyberattack that left some drivers unable to start their cars due to disrupted calibration processes. This incident underscores the growing threat of cyberattacks against critical infrastructure and the potential impact on everyday life.
The article also reports on a file server breach at Heritage Bank, resulting in the theft of confidential customer and employee data. The bank assures customers that their accounts and day-to-day operations were not affected, but this incident raises concerns about the security of personal information stored by financial institutions.
Researchers at ETH Zurich have developed a sensor chip capable of stamping cryptographic signatures onto images, video, and audio, making any later tampering immediately detectable. This technology could potentially mitigate the spread of deepfakes and disinformation, but it remains to be seen how quickly it can be implemented and adopted on a large scale.
The State Department has activated its Bureau of Emerging Threats to combat cyberattacks and advanced technology risks from nation-states such as Iran, China, Russia, and North Korea. This move signifies a growing recognition of the importance of addressing these threats at a strategic level.
MorganFranklin Cyber rebranded as Arcova following a private equity-backed management buyout and acquisition. The new name signals a broader push into AI, resilience, and emerging technology consulting, reflecting the evolving landscape of cybersecurity services.
The shutdown of the Department of Homeland Security has left the Cybersecurity and Infrastructure Security Agency (CISA) understaffed, affecting its ability to respond to threats. This situation underscores the importance of stable and adequate funding for cybersecurity agencies to effectively protect critical infrastructure and respond to emerging threats.
Google has moved up its timeline for transitioning to post-quantum cryptography due to advances in quantum hardware and error correction. This move demonstrates the growing recognition of the potential threat posed by quantum computers to traditional encryption methods and the need for new solutions.
A phishing campaign impersonating Palo Alto Networks recruiters has defrauded senior-level professionals since August 2025, offering paid 'fixes' for failed automated screening processes. This incident underscores the ongoing threat of targeted social engineering attacks and the importance of maintaining vigilance against such tactics.
Questions to consider: What other measures could be taken to protect critical infrastructure from cyberattacks? How can individuals better protect themselves against targeted phishing attacks? What role should government agencies play in promoting the adoption of new encryption technologies like those developed by ETH Zurich?
Sentinel — Human
This text is likely to be written by a human journalist. The writing style exhibits sentence length variance, idiosyncratic emphasis, and does not follow template patterns commonly associated with AI-generated content.
