{"id":214520,"date":"2026-05-15T10:52:00","date_gmt":"2026-05-15T14:52:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/15\/in-other-news-big-tech-vs-canada-encryption-bill-ciscos-free-ai-security-spec-audi-app-flaws\/"},"modified":"2026-05-15T13:40:08","modified_gmt":"2026-05-15T17:40:08","slug":"in-other-news-big-tech-vs-canada-encryption-bill-ciscos-free-ai-security-spec-audi-app-flaws","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/15\/in-other-news-big-tech-vs-canada-encryption-bill-ciscos-free-ai-security-spec-audi-app-flaws\/","title":{"rendered":"In Other News: Big Tech vs Canada Encryption Bill, Cisco&#8217;s Free AI Security Spec, Audi App Flaws"},"content":{"rendered":"<p><a href=\"https:\/\/www.securityweek.com\/in-other-news-big-tech-vs-canada-encryption-bill-ciscos-free-ai-security-spec-audi-app-flaws\/\">In Other News: Big Tech vs Canada Encryption Bill, Cisco&#8217;s Free AI Security Spec, Audi App Flaws<\/a><\/p>\n<p><a href=\"https:\/\/www.securityweek.com\/in-other-news-big-tech-vs-canada-encryption-bill-ciscos-free-ai-security-spec-audi-app-flaws\/\">https:\/\/www.securityweek.com\/in-other-news-big-tech-vs-canada-encryption-bill-ciscos-free-ai-security-spec-audi-app-flaws\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-15 10:52:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.securityweek.com\">www.securityweek.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>SecurityWeek\u2019s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape.<\/p>\n<p>This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment.<\/p>\n<p>Here are this week\u2019s highlights:<\/p>\n<p>Nvidia cloud gaming partner suffers data breach<\/p>\n<p>Nvidia has confirmed that a breach of GeForce NOW user data occurred through GFN.am, its regional Alliance partner operating the service in Armenia, with no impact on Nvidia\u2019s own infrastructure. The incident, which took place between March 20 and 26, exposed personal details including full names, email addresses, phone numbers, dates of birth, and usernames, but no passwords were compromised, and users who registered after March 9 are unaffected. A threat actor operating under the ShinyHunters name (believed to be an impersonator) claimed responsibility on a hacker forum and listed the full database for $100,000 in cryptocurrency before the post was taken down.<\/p>\n<p>Advertisement. Scroll to continue reading.<\/p>\n<p>FCC buys time for foreign routers with extended update window<\/p>\n<p>Foreign-made routers and drones on the FCC\u2019s Covered List \u2014 devices deemed national security risks \u2014 will be allowed to receive security patches and firmware updates until at least January 1, 2029, up from the previous March 2027 cutoff. The agency is also considering making the waiver permanent.<\/p>\n<p>OpenAI moves to give EU regulators a look at its cyber AI<\/p>\n<p>OpenAI is in talks with the European Commission to provide access to a cyber-focused variant of GPT-5.5 that can identify and exploit software vulnerabilities. The offer came after EU cybersecurity and AI officials spent weeks unable to gain access to Anthropic\u2019s comparable model, Mythos, which has been limited to a few dozen organizations. ENISA, the EU\u2019s cybersecurity agency, confirmed OpenAI made contact, and the Commission called the move a step toward monitoring the model\u2019s deployment and addressing potential security risks.<\/p>\n<p>Developers targeted with fake Claude Code installer<\/p>\n<p>Ontinue has uncovered an active infostealer campaign that uses fake Claude Code installation pages, promoted via sponsored search results, to trick developers into running malicious PowerShell commands. The payload uses a small native helper to abuse Chrome\u2019s App-Bound Encryption via the IElevator2 COM interface, extracting decrypted cookies, saved passwords, and payment data from Chrome, Edge, Brave, and other Chromium-based browsers, before exfiltrating the data to attacker-controlled infrastructure. The malware doesn\u2019t match any known family and is notably well-maintained.<\/p>\n<p>Seedworm targets South Korean electronics manufacturer<\/p>\n<p>Iran-linked group Seedworm (also known as MuddyWater) breached a major South Korean electronics manufacturer in February 2026 as part of a broader campaign hitting at least nine organizations across four continents, including government agencies, industrial manufacturers, financial services firms, and educational institutions. The attackers used DLL sideloading via legitimately signed Fortemedia and SentinelOne binaries to deploy malicious payloads.\u00a0<\/p>\n<p>Android 17 brings AI-driven defenses\u00a0<\/p>\n<p>Google\u2019s Android 17 introduces a broad set of security upgrades, including verified financial calls (automatically drops spoofed calls impersonating participating banks) and expanded Live Threat Detection, which now flags suspicious behaviors like SMS forwarding and accessibility overlay abuse in real time. On the anti-theft front, biometric authentication can now be required to unlock a device marked as lost, and default-on theft protections are rolling out globally. The update also introduces post-quantum cryptography, automatic OTP hiding from most apps, and Android OS verification to help users confirm they\u2019re running a legitimate build.<\/p>\n<p>Big Tech pushes back on Canada\u2019s encryption bill<\/p>\n<p>Apple and Meta are opposing Bill C-22, a Canadian lawful-access bill they warn could force tech companies to build encryption backdoors or install government spyware on their systems. Meta pointed to the Salt Typhoon espionage campaign as proof that authorized backdoors can be exploited, while Public Safety Canada insists the bill would not require systemic vulnerabilities, though both tech companies say the real risk lies in how the bill\u2019s broad powers could be interpreted once enacted.<\/p>\n<p>Grego AI and Secludy announce launch and funding<\/p>\n<p>Secludy announced raising $4 million for its newly launched platform, designed to help organizations in regulated industries safely use valuable data for AI. The platform generates synthetic data that mirrors original datasets, enabling customers to train and evaluate AI models without exposing sensitive customer information.<\/p>\n<p>Grego AI emerged from stealth mode with a platform that pushes existing AI models beyond their expected capabilities to find critical software vulnerabilities. The company said it earned a $250,000 bug bounty for a vulnerability it uncovered, and claims to have helped prevent a $27 million attack. Grego AI told SecurityWeek that it raised $2 million in funding.<\/p>\n<p>Audi\u2019s connected car platform exposed owner data\u00a0<\/p>\n<p>A security researcher discovered several vulnerabilities in the myAudi connected car platform, finding that anyone who knows a vehicle\u2019s VIN can add it to their account as a guest and access sensitive data. Exposed information included the embedded SIM\u2019s IMEI and ICCID identifiers, the GPS location of the primary owner when they triggered a \u2018honk &#038; flash\u2019 command, as well as vehicle lock status. CARIAD, the VW Group\u2019s software arm, has patched one issue, but the researcher says the remaining findings are still under evaluation. Audi has not responded to SecurityWeek\u2019s request for comment.<\/p>\n<p>Cisco open-sources blueprint for AI-driven vulnerability evaluation<\/p>\n<p>Cisco has released Foundry Security Spec, an open source specification for building agentic security evaluation systems that use frontier AI models to find and validate vulnerabilities in a structured, auditable way. Rather than sharing internal code tied to Cisco\u2019s own infrastructure, the company is releasing the design (eight core agent roles, a finding lifecycle, and 130 functional requirements) so security teams can adapt it to their own environments.\u00a0<\/p>\n<p>FBI issues warning after ShinyHunters hacks Canvas<\/p>\n<p>ShinyHunters has claimed responsibility for an attack on Instructure\u2019s Canvas system, which disrupted service to educational institutions across the US, and the FBI is now warning that affected students and faculty could be targets for extortion and sophisticated spearphishing using stolen data. The group is known for large-scale data theft and aggressive pressure tactics to coerce victims into paying, including threatening calls, texts to family members, and swatting. The US government has asked Instructure to provide clarification after the company admitted it reached an agreement with the hackers.\u00a0<\/p>\n<p>Related: In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner<\/p>\n<p>Related: In Other News: Scattered Spider Hacker Arrested, SOC Effectiveness Metrics, NSA Tool Vulnerability<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In Other News: Big Tech vs Canada Encryption Bill, Cisco&#8217;s Free AI Security Spec, Audi&#8230;<\/p>\n","protected":false},"author":1,"featured_media":214521,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.securityweek.com\/wp-content\/uploads\/2023\/10\/cybersecurity-news.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,30,24,31,35,36,32,34,27],"class_list":["post-214520","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-breach","tag-cybersecurity","tag-exploit","tag-hacker","tag-infostealer","tag-malware","tag-threat-actor","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/214520"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=214520"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/214520\/revisions"}],"predecessor-version":[{"id":214522,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/214520\/revisions\/214522"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/214521"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=214520"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=214520"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=214520"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}