Cybersecurity Roundup: Satellite Defenses, Phishing Crackdowns, and Critical Vulnerabilities
This week’s cybersecurity landscape saw significant developments across policy, law enforcement actions, and emerging threats, underscoring the evolving risks to infrastructure, software, and user data.
Policy & Defense Initiatives
The U.S. Senate advanced the Satellite Cybersecurity Act of 2025, a bipartisan bill led by Senators Gary Peters and John Cornyn. The legislation mandates the Department of Commerce to create a centralized resource for satellite security best practices and requires a Government Accountability Office (GAO) study on existing defenses. The move follows research revealing that nearly half of commercial satellite signals remain unencrypted, despite transmitting sensitive data.
The Environmental Protection Agency (EPA) proposed doubling its cybersecurity budget to $19.1 million for FY 2027, with a focus on water system defenses. The plan includes new authority to fund cybersecurity grants under the Drinking Water Infrastructure Resilience Grant Program, aiming to harden critical infrastructure against rising threats.
Law Enforcement & Cybercrime Disruptions
A joint operation by the FBI’s Atlanta Field Office and the Indonesian National Police dismantled the W3LL phishing-as-a-service infrastructure, which facilitated over $20 million in attempted fraud. The platform’s primary developer, identified as G.L., allegedly sold access to the phishing kit and managed a marketplace linked to the compromise of 25,000+ accounts.
In Northern Ireland, police arrested a 16-year-old in connection with a cyberattack on the C2k educational network, which serves nearly all regional schools. The breach exposed personal data at a limited number of institutions, though the full scope remains under investigation.
Critical Vulnerabilities & Exploits
- AWS RES Flaws: Multiple vulnerabilities in AWS Research and Engineering Studio (RES) tracked as CVE-2026-5707, CVE-2026-5708, and CVE-2026-5709 enabled command execution and privilege escalation due to unsanitized input. AWS patched the issues in version 2026.03.
- ShowDoc RCE Exploited: Threat actors are actively exploiting CVE-2025-0520, a critical remote code execution flaw in ShowDoc, a popular IT documentation platform in China. The vulnerability stems from an unrestricted file upload mechanism, with thousands of instances still exposed online. A patch was released in version 2.8.7.
- Chrome Zero-Day: Google addressed 31 vulnerabilities in Chrome 147, including a critical heap buffer overflow (CVE-2026-6296) in the ANGLE graphics component. The bug earned researcher ‘Cinzinga’ a $90,000 bounty.
Emerging Threats & Data Breaches
- GlassWorm Dropper: A new variant of the GlassWorm malware spreads via a malicious OpenVSX extension disguised as WakaTime, targeting VS Code-based IDEs (including Visual Studio Code, Cursor, and VSCodium). The Zig-compiled dropper bypasses sandboxing to execute with full system access.
- ShinyHunters Strikes Again: The extortion group ShinyHunters claimed responsibility for two high-profile breaches:
- Rockstar Games: Allegedly exploited Anodot cloud tokens to access Snowflake data warehouse instances, though Rockstar confirmed only non-material information was exposed.
- McGraw Hill: Leaked 13.5 million user records (100GB of data, including emails, names, and addresses) after exploiting a misconfigured Salesforce environment. McGraw Hill stated core systems remained secure.
Industry & Research Developments
Meta partnered with PortSwigger to provide Burp Suite Pro licenses to top researchers in its bug bounty program, aiming to enhance vulnerability discovery through advanced tooling. Eligible participants must reach the HackerPlus Silver league on Meta’s platform.
ROCKSTAR satellite cybersecurity rating report: https://www.rankiteo.com/company/rockstar-satellite
Google Public Policy cybersecurity rating report: https://www.rankiteo.com/company/google-public-policy
AWS Public Sector cybersecurity rating report: https://www.rankiteo.com/company/aws-public-sector
"id": "ROCGOOAWS1776436721",
"linkid": "rockstar-satellite, google-public-policy, aws-public-sector",
"type": "Breach",
"date": "4/2026",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Satellite Communications',
'location': 'Global',
'name': 'Commercial Satellite Operators',
'type': 'Private Sector'},
{'industry': 'Water Infrastructure',
'location': 'United States',
'name': 'EPA Water Systems',
'type': 'Government'},
{'customers_affected': '25,000+ accounts',
'industry': 'Various',
'location': 'Global',
'name': 'W3LL Phishing Victims',
'type': 'Multiple'},
{'industry': 'Education',
'location': 'Northern Ireland',
'name': 'C2k Educational Network',
'type': 'Education'},
{'industry': 'Cloud Services',
'location': 'Global',
'name': 'AWS RES Users',
'type': 'Private Sector'},
{'industry': 'IT Documentation',
'location': 'China',
'name': 'ShowDoc Users',
'type': 'Private Sector'},
{'industry': 'Technology',
'location': 'Global',
'name': 'Chrome Users',
'type': 'Private Sector'},
{'industry': 'Software Development',
'location': 'Global',
'name': 'VS Code-based IDE Users',
'type': 'Private Sector'},
{'industry': 'Gaming',
'location': 'Global',
'name': 'Rockstar Games',
'type': 'Private Sector'},
{'customers_affected': '13.5 million user records',
'industry': 'Education Publishing',
'location': 'Global',
'name': 'McGraw Hill',
'type': 'Private Sector'}],
'attack_vector': ['Phishing-as-a-Service',
'Unrestricted File Upload',
'Heap Buffer Overflow',
'Malicious Extension',
'Misconfigured Cloud Tokens',
'Misconfigured Salesforce Environment'],
'data_breach': {'data_exfiltration': ['McGraw Hill: 100GB of data',
'Rockstar Games: Non-material '
'information'],
'number_of_records_exposed': ['25,000+ accounts',
'13.5 million user records'],
'personally_identifiable_information': ['Emails',
'Names',
'Addresses'],
'sensitivity_of_data': ['Personally Identifiable Information',
'Non-material information'],
'type_of_data_compromised': ['Emails',
'Names',
'Addresses',
'Personal Data',
'Non-material information']},
'description': 'This week’s cybersecurity landscape saw significant '
'developments across policy, law enforcement actions, and '
'emerging threats, underscoring the evolving risks to '
'infrastructure, software, and user data.',
'impact': {'data_compromised': ['25,000+ accounts',
'13.5 million user records (100GB of data)'],
'financial_loss': '$20 million in attempted fraud',
'systems_affected': ['C2k educational network',
'AWS RES',
'ShowDoc',
'Chrome',
'VS Code-based IDEs',
'Rockstar Games Snowflake instances',
'McGraw Hill Salesforce environment']},
'motivation': ['Financial Gain', 'Data Theft', 'Extortion', 'Cyber Espionage'],
'references': [{'source': 'U.S. Senate'},
{'source': 'Environmental Protection Agency (EPA)'},
{'source': 'FBI’s Atlanta Field Office'},
{'source': 'Indonesian National Police'},
{'source': 'Northern Ireland Police'},
{'source': 'AWS'},
{'source': 'ShowDoc'},
{'source': 'Google'},
{'source': 'Meta'},
{'source': 'PortSwigger'}],
'response': {'law_enforcement_notified': ['FBI’s Atlanta Field Office',
'Indonesian National Police',
'Northern Ireland Police'],
'remediation_measures': ['AWS RES patch (version 2026.03)',
'ShowDoc patch (version 2.8.7)',
'Chrome update (version 147)']},
'threat_actor': ['W3LL Phishing Platform',
'ShinyHunters',
'GlassWorm Malware',
'Unidentified 16-year-old'],
'title': 'Cybersecurity Roundup: Satellite Defenses, Phishing Crackdowns, and '
'Critical Vulnerabilities',
'type': ['Policy & Defense Initiatives',
'Law Enforcement & Cybercrime Disruptions',
'Critical Vulnerabilities & Exploits',
'Emerging Threats & Data Breaches',
'Industry & Research Developments'],
'vulnerability_exploited': ['CVE-2026-5707',
'CVE-2026-5708',
'CVE-2026-5709',
'CVE-2025-0520',
'CVE-2026-6296']}