In Other News: Volkswagen App Hacked, DR32 Sentenced, New OT Security Solution – Source: www.securityweek.com

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports. 

Here are this week’s stories:

Innatera launches Pulsar microcontroller

Pulsar brings neuromorphic brain-inspired processing to edge devices. The new microcontroller delivers 100X lower latency and 500X lower energy consumption than conventional processors, increasing battery life and providing local processing for the sensor devices used everywhere from wearables, healthcare and smart homes / offices to cars and industrial systems.

Australian hacker DR32 sentenced in US to time served

David Kee Crees, a 26 year-old Australian national, was sentenced in the US to time served after being held in custody for at least three years. Known online as DR32, Abdilo, Notavirus, Surivaton, and Grey Hat Mafia’s Bitch, he allegedly hacked organizations in the US, sold source code and data, sold access to hacked resources, and even offered stolen credit card information for sale. He was charged in the US in 2021 on 22 counts and pleaded guilty in January 2025 to 14 of them, DataBreaches.net reports.

EU sanctions more Russian entities over malicious cyber activities

The EU has announced more sanctions against Russia over its “destabilising actions”. One of the sanctioned entities is Stark Industries, a web hosting provider whose owners are accused of acting as “enablers of various Russian state-sponsored and affiliated actors to conduct destabilising activities including, information manipulation interference and cyber-attacks against the Union and third countries”.

Volkswagen app hacked

German carmaker Volkswagen recently patched vulnerabilities in its My Volkswagen application. The flaws could have allowed an attacker to obtain other users’ information, including vehicle location, engine health, fuel stats, tyre pressure, and geofencing controls, as well as personal information such as home address, phone number, email address, driving license, and service history. The researcher who found the security holes has published a blog post detailing his findings. Contacted by SecurityWeek, Volkswagen said the issues only impacted the app used in India and pointed out that there was no evidence of exploitation in the wild.

Immersive launches OT security training solution 

Cybersecurity training firm Immersive has launched a new OT security solution that enables hands-on training to help cybersecurity teams improve their skills for detecting and responding to cyber threats targeting operational environments. The company’s OT security training suite provides OT/ICS skill assessment capabilities, realistic scenario-based team exercises, and hands-on labs focusing on threat actors, malware, and threat intelligence.

US government data stolen in TeleMessage hack

Messages exchanged by numerous American officials were intercepted by the hacker who breached the TeleMessage platform used by former Trump national security adviser Mike Waltz and more than 60 other unique government users, Reuters says. The data pertained to Secret Service members, customs officials, disaster responders, US diplomatic staffers, and at least one White House staffer.

Trojanized RVTools installer delivers Bumblebee malware

A trojanized version of the RVTools installer, distributed via a typosquatted domain, was caught delivering Bumblebee malware to users, Arctic Wolf reports. The domain, mimicking the legitimate tool’s site, uses the .org TLD instead of .com. Reports of the malicious installer first appeared in mid-May, and Robware has taken the tool’s official websites, namely Robware.net and RVTools.com, temporarily offline, warning users not to download RVTools from any other website. 

New guidance on securing data used in AI systems

CISA, the NSA, and the FBI have released new guidance on securing the data used to train and operate AI systems. The document (PDF) examines data security risks in AI systems, contains recommendations on protecting sensitive, proprietary, or mission critical data, and highlights how data security impacts the accuracy and integrity of AI outcomes.

GitLab Duo remote prompt injection vulnerability

A remote prompt injection vulnerability in AI-native GitLab assistant GitLab Duo could have allowed attackers to manipulate the code suggestions displayed to other users to inject untrusted HTML into repositories, exfiltrate source code from private projects, and steal undisclosed zero-day vulnerabilities, through the bot’s chat, Legit Security says. GitLab has already fixed the security defect.

Related: In Other News: Hackers Not Behind Blackout, CISO Docuseries, Dior Data Breach

Related: In Other News: India-Pakistan Cyberattacks, Radware Vulnerabilities, xAI Leak