In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested

Summary

SecurityWeek's weekly roundup covers multiple security incidents including Senate passage of the Satellite Cybersecurity Act, FBI dismantling of the W3LL phishing-as-a-service platform, critical vulnerabilities in AWS RES and ShowDoc with active exploitation, and a $90K Chrome vulnerability. Additional stories include GlassWorm malware targeting developer IDEs, ShinyHunters breaches at Rockstar Games and McGraw Hill, and a teenage suspect arrested for attacking Northern Ireland's education network.

Full text

SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: Senate moves to fortify commercial satellite defenses Bipartisan legislation from Senators Gary Peters and John Cornyn recently cleared a key committee hurdle to help satellite operators combat hackers and foreign adversaries. The Satellite Cybersecurity Act of 2025 directs the Department of Commerce to establish a central resource for security best practices and requires a GAO study of efforts to secure satellites against cyber threats. This push for stronger protections comes as research indicates that about half of all commercial satellite signals remain unencrypted despite carrying sensitive data. Advertisement. Scroll to continue reading. Authorities dismantle W3LL phishing kit infrastructure The FBI Atlanta Field Office and Indonesian National Police shuttered a sophisticated cybercrime operation that facilitated over $20 million in attempted fraud through a customized phishing-as-a-service platform. The primary developer, known as G.L., allegedly sold access to the W3LL phishing kit and managed a marketplace that facilitated the compromise of more than 25,000 accounts. Meta equips top researchers with professional testing suites Meta has partnered with PortSwigger to provide Burp Suite Pro licenses to security researchers who reach the HackerPlus Silver league on its bug bounty platform. The goal is to help researchers enhance their skills and hunt for vulnerabilities more efficiently and creatively. AWS RES vulnerabilities enable command execution and privilege escalation Multiple vulnerabilities in AWS Research and Engineering Studio (RES) allow authenticated users to execute arbitrary commands and escalate privileges. CVE-2026-5707 and CVE-2026-5709 stem from unsanitized input, enabling command injection on virtual desktop hosts and cluster-manager EC2 instances, while CVE-2026-5708 allows attackers to assume instance profile permissions via crafted API requests. AWS fixed the issues in version 2026.03. GlassWorm dropper spreads across developer IDEs A new GlassWorm variant uses a Zig-compiled native dropper embedded in a malicious OpenVSX extension posing as WakaTime, allowing it to bypass typical extension sandboxing and execute with full system access. After execution, it scans for VS Code-based IDEs (Visual Studio Code, Cursor, Windsurf, VSCodium, and Positron) and installs a second-stage payload across all detected environments. ShinyHunters targets Rockstar Games The threat actor group ShinyHunters is threatening to leak data allegedly exfiltrated from Rockstar Games by exploiting authentication tokens within the Anodot cloud cost-monitoring tool. According to the group, the breach provided unauthorized access to Rockstar’s Snowflake data warehouse instances. Rockstar Games has confirmed a “limited” exposure of non-material information via a third-party breach but maintains that core operations and player data remain unaffected. Critical RCE in ShowDoc sees active exploitation Threat actors are actively weaponizing a critical remote code execution vulnerability in ShowDoc, an IT documentation and collaboration platform that is popular in China, to deploy web shells. Tracked as CVE-2025-0520, the flaw stems from an unrestricted file upload mechanism that fails to properly validate extensions for unauthenticated users. A patch was released in version 2.8.7. Recent intelligence indicates that thousands of instances remain exposed to the internet. Police arrest teenager following disruptive education network intrusion The Police Service of Northern Ireland detained a 16-year-old in connection with a targeted cyberattack on the C2k educational system, which provides core IT services to nearly all schools in the region. The Education Authority confirmed that the breach compromised personal data at a small number of institutions. EPA to boost cybersecurity budget to $19 million The EPA’s FY 2027 budget proposal significantly increases funding for information security and water-specific cyber defenses to counter growing threats from malicious actors. A key initiative includes a request for new authority to fund cybersecurity grants within the existing Drinking Water Infrastructure Resilience Grant Program, specifically aimed at helping water systems harden their infrastructure. Total funding for the agency’s information security program is slated to double to $19.1 million. ShinyHunters leak millions of McGraw Hill user records The ShinyHunters extortion group leaked data tied to 13.5 million McGraw Hill accounts after exploiting a misconfigured Salesforce environment. The dataset, totaling over 100GB, includes email addresses, names, phone numbers, and physical addresses. McGraw Hill, which provides educational solutions, said its core systems and sensitive data were not compromised. Chrome vulnerability earns researcher $90,000 Google patched 31 vulnerabilities in Chrome 147, including a critical heap buffer overflow in the ANGLE graphics component tracked as CVE-2026-6296, which earned researcher ‘Cinzinga’ a $90,000 reward. The update fixes multiple high-risk memory safety issues such as use-after-free and type confusion bugs across components like V8, PDFium, and media subsystems. Related: In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack Related: In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware Written By SecurityWeek News More from SecurityWeek News In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer HackIndustry Reactions to Iran Hacking ICS in Critical Infrastructure: Feedback FridayWebinar Today: Why Automated Pentesting Alone Is Not EnoughIn Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by RansomwareVariance Raises $21.5M for Compliance Investigation Platform Powered by AI AgentsWebinar Today: Agentic AI vs. Identity’s Last Mile ProblemIn Other News: Palo Alto Recruiter Scam, Anti-Deepfake Chip, Google Sets 2029 Quantum DeadlineRSAC 2026 Conference Announcements Summary (Days 3-4) Latest News Cloudsmith Raises $72 Million in Series C FundingChinese Cybersecurity Firm’s AI Hacking Claims Draw Comparisons to Claude MythosRilian Raises $17.5 Million for AI-Native Security OrchestrationThe Behavioral Shift: Why Trusted Relationships Are the Newest Attack SurfaceLuxury Cosmetics Giant Rituals Discloses Data BreachAI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers Apple Patches iOS Flaw Allowing Recovery of Deleted ChatsRecent Microsoft Defender Vulnerability Exploited as Zero-Day Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: A Step-by-Step Approach to AI Governance April 28, 2026 With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment. Register Virtual Event: Threat Detection and Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the MoveAnti-ransomware platform Halcyon has named Kirstjen Nielsen and Chris Inglis as Strategic Advisors.ThreatModeler has appointed Kevin Gallagher as Chief Executive Officer.Thomas Bain has been appointed Chief Marketing O

Indicators of Compromise

• cve — CVE-2026-5707
• cve — CVE-2026-5708
• cve — CVE-2026-5709
• cve — CVE-2025-0520
• cve — CVE-2026-6296

Entities