In Other News: Scammers Abuse Grok, US Manufacturing Attacks, Gmail Security Claims Debunked – Source: www.securityweek.com

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports. 

Here are this week’s stories:

US manufacturing companies targeted in ZipLine campaign

Manufacturing companies in the United States have been targeted in a sophisticated campaign named ZipLine, which involves attackers using legitimate-looking business interactions to deliver custom malware named MixShell, Checkpoint reported. The attackers set up fake domains in the name of legitimate companies and exchanged emails with the victim for weeks before delivering the malware.

Pentagon orders audit of code submitted by Chinese engineers hired by Microsoft 

After it came to light that Microsoft had been using Chinese engineers to maintain US Defense Department systems — the foreign engineers had been supervised by so-called ‘digital escorts’ with the required security clearances — the tech giant announced that it made some changes and will no longer use China-based teams to provide technical assistance to the Pentagon over concerns of potential sensitive data exposure. The DoD has now also announced that the Microsoft program involving Chinese coders has been terminated and that the government has requested an audit into the code of the Chinese nationals.  

CISA releases new tool

CISA has announced the availability of a new tool designed to help organizations with assessing assurance and supplier risks in the software procurement process. The online resource, named Software Acquisition Guide: Supplier Response Web Tool, is free. It requires the user to provide information about the software they are acquiring, including governance and attestation, software supply chain, secure development and deployment, and vulnerability management practices. 

Vital Imaging data breach hits 260,000

Diagnostic imaging center Vital Imaging recently disclosed a data breach impacting the personal and health information of roughly 260,000 individuals. The intrusion was detected in February and the investigation is ongoing in an effort to determine exactly who is impacted and what type of data has been compromised.

City of Baltimore sent $1.5 million to scammer

The City of Baltimore revealed that it was tricked into making two payments totaling roughly $1.5 million to a scammer. A report from the city’s Office of the Inspector General shows that the fraudster gained access to a Workday account, where they changed a vendor’s bank account with one controlled by the attacker. More than $720,000 of the $1.5 million were retrieved by the city, but it has not been able to recover the rest from the fraudster’s bank.

Qantas executives lose pay over data breach

The CEO and several top executives of Australian airline Qantas were docked a total of A$800,000 ($550,000) in their compensation package due to the cybersecurity incident suffered recently by the company. Qantas said in July that over 5 million customers had been impacted by a data breach believed to be the result of a Scattered Spider hack. Qantas CEO Vanessa Hudson lost A$250,000, while five executive managers lost a total of A$550,000.

Google fined €325 million by France’s CNIL

The French data protection agency (CNIL) fined Google €325 million ($380 million) on September 1, 2025, “for displaying advertisements between Gmail users’ emails without their consent and for placing cookies when creating Google accounts, without valid consent of French users,” in contravention of GDPR and the EU’s ePrivacy Directive. A complaint was raised by Max Schrems’ NOYB organization on August 24, 2022.

Google responds to Gmail security claims

In response to reports that it has issued a broad warning to Gmail users about a major security issue, Google said the claims are false. The company said its protections manage to block a vast majority of phishing and malware delivery attempts aimed at Gmail users.

Bridgestone targeted in cyberattack

Tire giant Bridgestone Americas has been targeted in a cyberattack that impacted some manufacturing plants. The company’s investigation is ongoing, but it has not found any evidence of customer data being compromised. Bridgestone was previously targeted in a ransomware attack, but no known threat group appears to have taken credit for this latest incident. 

Scammers abuse Grok 

X’s gen-AI chatbot Grok has been abused by scammers to lure users to their websites. Guardio’s Nati Tal reported that scammers are bypassing X’s ban on links in promoted posts by adding the links in a post’s ‘From’ field. The scammers then reply to the post asking Grok ‘where is this video from?’, which results in the chatbot responding with a clickable link to the cybercriminals’ website. 

Related: In Other News: Iranian Ships Hacked, Verified Android Developers, AI Used in Attacks

Related: In Other News: McDonald’s Hack, 1,200 Arrested in Africa, DaVita Breach Grows to 2.7M