Cybersecurity Institute News Roundup 21 July 2025

Welcome to this week’s Cybersecurity Institute News Roundup: a weekly overview of the most interesting news and articles that have caught our attention recently from across the cybersecurity industry. In this week’s roundup, we cover a flaw in Google Gemini enabling email summaries for phishing, the UK National Crime Agency arrests four Scattered Spider suspects, the growing risk of employees using unapproved AI tools, financial institutions remain vulnerable to third-party cyber attacks, warnings of US AI data center growth increasing the electrical grid’s vulnerability.  

Google Gemini email summaries prone to prompt injection attacks 

https://www.bleepingcomputer.com/news/security/google-gemini-flaw-hijacks-email-summaries-for-phishing/ 

A flaw in Google Gemini for Workspace lets bad actors generate legitimate looking email summaries that also direct users to phishing sites without using attachments or links. Google is actively working to remedy this vulnerability. 

UK nabs four suspected Scattered Spider hackers 

https://cyberscoop.com/scattered-spider-arrests-uk-nca-marks-and-spencer/  

Four individuals have been arrested by the UK National Crime Agency (NCA) for their alleged role in the Marks & Spencer, Co-op, and Harrods cyberattacks that are believed to have been perpetrated by the Scattered Spider hacking group. 

Employee usage of unapproved AI tools a growing risk 

https://www.helpnetsecurity.com/2025/07/11/organizations-shadow-ai-risk/ 

According to a recent study by ManageEngine, 93% of employees admit to using AI tools without corporate approval. Employee use of personal devices for work tasks is a particular blind spot for enterprise security teams. 

Financial institutions remain vulnerable to third-party cyber risk 

https://www.helpnetsecurity.com/2025/07/11/financial-firms-third-party-cyber-risk/ 

Despite efforts by financial institutions to improve their overall cyber risk posture, a new report from Black Kite highlights that third-party vendor risk management and compliance remains a relatively open door for would-be cybercrooks. 

Proposed US AI data center growth will also increase grid’s cyber vulnerability   

https://www.bankinfosecurity.com/experts-call-for-cybersecurity-measures-in-trumps-ai-orders-a-28938 

Experts caution that White House plans to boost domestic energy production and further grow AI data center capacity will also increase the attack surface and vulnerability of the electrical grid, requiring increased regulatory oversight.