This Week in Cybersecurity: 5,800 Arrests, 9,000 Ransomware Hits

This week’s cybersecurity roundup reads like a blockbuster: law enforcement made over 5,800 arrests and seized $293 million in a global fraud crackdown, while researchers uncovered fresh zero-days in ubiquitous software and new malware families continued to emerge.
The Week’s Biggest Headlines
CISA added multiple flaws to its Known Exploited Vulnerabilities catalog, including a critical U-Boot bug that undermines Secure Boot on millions of devices. The agency also flagged issues in iCagenda, Balbooa Forms, and Adobe ColdFusion. Meanwhile, a Linux KVM flaw dubbed Januscape, dormant for 16 years, allows cloud VM escape attacks, and a Gitea Docker bug is under active exploitation, exposing repositories and secrets. In the ransomware sphere, the GodDamn family resurfaces with a malicious driver to disable defenses, while the Zimbra Classic Web Client flaw could expose mailboxes if unpatched.
Law Enforcement Strikes Back
Interpol’s Operation First Light netted 5,811 arrests and $293 million in seized assets, targeting fraud and cybercrime rings across 61 countries. Spanish police arrested a man linked to the pro-Russian hacktivist groups CARR and Z-Pentest, highlighting the persistent threat of state-aligned cyber operations. On the corporate side, Accenture confirmed a breach after a hacker offered stolen data for sale, underscoring that even major firms remain vulnerable.
Malware and Exploits: A Mixed Bag
Malware continues to evolve in sophistication. The GodDamn ransomware now merges three families into one destructive backdoor, while the novel QuimaRAT malware targets Windows, macOS, and Linux systems. Researchers also uncovered 222 malicious GitHub repositories luring developers with fake Go packages, and a new JavaScript-based extortion campaign, Vibe Coded, tricks AI agents into sending money via hidden web prompts. Even VPN and 7-Zip apps are being weaponized to turn victims into residential proxy nodes.
Why it matters
The sheer volume of high-severity flaws and active ransomware campaigns signals a threat landscape that is not only persistent but accelerating. For enterprises, the message is clear: patch aggressively and monitor supply chains, as attackers increasingly exploit overlooked dependencies. For consumers, the rise of AI-targeted scams and residential proxy schemes highlights the need for vigilance beyond traditional endpoints. The global crackdown is a step forward, but the diversity and scale of current threats demand a coordinated, proactive response.
Source: Security Affairs. AI-assisted editorial synthesis — TechnoExpress.

