Cybersecurity Institute News Roundup 28 July 2025
Welcome to this week’s Cybersecurity Institute News Roundup: a weekly overview of the most interesting news and articles that have caught our attention recently from across the cybersecurity industry. In this week’s roundup, we cover the zero-day flaw breach in 400 organizations including US National Nuclear Security Agency, shadowAI risks increase as employees use Chinese genAI tools, FIDO keys are vulnerable to social engineering exploits, Amazon issues a cyber warning to customers of impersonation scams, and the US House and Senate reveal defense bill drafts focused on cyber and AI.
Chinese threat actors infiltrate US nuclear weapons agency
Over 400 organizations including the US National Nuclear Security Agency have been breached by Chinese-linked nation state attackers using zero-day flaws in Microsoft SharePoint.
Usage of Chinese GenAI tools adds whole extra level of shadowAI risk
https://www.infosecurity-magazine.com/news/one-12-usuk-employees-chinese-genai/
A new study from Harmonic Security cites that 8% of American and British employees use Chinese genAI tools, further fueling the shadowAI risk for IT teams.
FIDO keys vulnerable to social engineering attacks
Threat actor PoisonSeed has found a way to exploit FIDO MFA with a novel adversary-in-the-middle (AitM) attack that uses the cross-device login feature and QR code to dupe users.
Amazon issues broad based cyber warning to Prime customers
Faced with an ever-increasing number of attacks on consumer accounts, Amazon has emailed a cyber warning to all 220 million Prime customers urging them to stay vigilant of Amazon impersonation scams.
Competing $900B US defense bill drafts both focused on cyber and AI
The US House and Senate have revealed competing 2026 National Defense Authorization Act (NDAA) budget drafts that, while both focused on cybersecurity and AI, plot very different courses for US policy and oversight.