In Case You Missed It: Quantum to Get a Boost from WH, ShinyHunters Affiliates Arrested, CISA Report on Ransomware Exploiting Ivanti EMM, WhatsApp Whistleblower Exposes Security Gaps

Emerging technologies like quantum computing and AI continued to dominate the news last week as the government said stronger quantum requirements and more aggressive timelines are on the horizon. A study of cybersecurity and security IT managers show they regret rushing into AI implementation and are scaling back efforts.

Regrets, I’ve Had A Few, Security Managers Lament Speedy Embrace of AI

It should come as no surprise to anyone that AI-tinged cyberattacks are on the rise and that organizations may have some regrets about rushing to deploy AI, but now a survey of 3,001 cybersecurity and IT security managers in the US and UK confirms it. Just over a quarter (26 percent) of those surveyed by Censuswide for ISMS.online said their organizations have found data poisoning of their AI models. And just under experienced deepfake or cloning in the 12 months prior. The study reflected a bit of remorse that AI was adopted so quickly at their organizations—54 precent lamented moving so fast and say they are now trying to scale it back or be more measured in their implementation going forward.

WH Looking to Strengthen, Accelerate Quantum Computing Throughout Federal Gov’t

While no one has settled on a timeline for quantum computing to roll out throughout the federal government systems, leaders for the last few years have underscored its importance to national security and have taken steps to ensure US dominance. Now new reporting indicates that Trump administration is on the cusp of issuing executive orders and a national plans for quantum computing as well as mulling a mandate for agencies to accelerate their timelines for providing post-quantum safeguards.

A Reckoning for ShinyHunters Affiliates: Two Arrested in UK, Charged in Attack

In case you think that bad actors are getting away with everything, here’s a spot of good news. Two people associated with hacking group Scattered Spider have been arrested in the UK, with one also charged in the US. Thalha Jubair, 19, from East London, and Owen Flowers, 18, from Walsall, West Midlands, were nabbed for an attack on Transport for London after they hacked into organizations’ networks, via social engineering efforts, where they nicked data and encrypted it before demanding ransom from those organizations. ShinyHunters has been quite active in the last year or so—wreaking havoc in companies like Google, Qantas, Adidas and Cisco by through social engineering and leveraging enterprise cloud apps. 

Elevation of Privilege Flaw in Azure AD Graph API With 10.0 Rating Has Been Patched

Microsoft has patched a critical authentication vulnerability associated with Azure AD Graph API, which if exploited, could have let attackers access Entra ID, among other Azure Cloud resources. While it seems the vulnerability, CVE-2025-55241, an elevation of privilege flaw, was not exploited, its CVSS score of 10.0, points to the havoc it could have wreaked. And it does underscore that the security around Azure’s authentication stack is lagging.

CISA Details Malware That Exploited Ivanti EMM

The Cybersecurity and Infrastructure Security Agency (CISA) has done a deeper dive into malware than exploited a pair of CVEs—CVE-2025-4427 and CVE-2025-4428—on Ivanti Endpoint Manager Mobile (EMM). The malware, which was used on an unnamed organization, let the bad actors compromise a server to inject and run arbitrary code. Organizations must learn to guard against this type of malware that targets flaws in centralized endpoint management tools.

WhatsApp Whistleblower Shows Cost of Ignoring Cybersecurity

Meta let as many as 1,500 engineers have unrestricted access to  WhatsApp user data without oversight or audit trails, according to a lawsuit filed by a whistleblower, raising a bigger question about the security culture of a platform that carries the daily lives of three billion people. Those people trust WhatsApp with their most private conversations. But trust is now under fresh scrutiny after Attaullah Baig, the app’s former head of security, filed his suit claiming Meta ignored glaring vulnerabilities and punished him for speaking out.