A PowerShell script included in patch files appears to be triggering false positives by multiple security engines.
The company warned about zero-day attacks exploiting the Exchange Server vulnerability CVE-2026-42897 on May 14.
Claroty researchers have analyzed the security of Vertiv UPS network cards and the Trane Tracer SC+ HVAC controller.
Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production.
AI-driven development is not something organizations can or should block. But it must be governed.
AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code.
CISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale.
As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode.
Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.
RegisterAI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.
Register
SecurityWeek’s CISO Forum 2026 Mid-Year Review is a virtual roundtable to evaluate the year’s most pressing challenges and share critical updates shaping the 2026 security landscape.
[June 10, 2026 | Virtual]
SecurityWeek’s 2026 Cloud Security Summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments.
[July 15, 2026 | Virtual]
SecurityWeek’s AI Risk Summit is the leading conference where technology, security, and risk leaders converge with AI researchers, developers, and policy makers shaping the future of enterprise AI.
[August 11-12, 2026 | In-Person]
SecurityWeek’s CodeSecCon 2026 will bring together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained.
[August 19, 2026 | Virtual]
-
Oracle has released mitigations for CVE-2026-35273, but it has not said whether it’s a zero-day exploited in ShinyHunters attacks. (June 11, 2026)
-
The new BOD 26-04 requires agencies to review and update vulnerability management policies with a focus on KEV catalog entries. (June 11, 2026)
-
Disclosed in March, the security defect enables unauthenticated attackers to write files to arbitrary locations on the system. (June 11, 2026)
-
The security defects could allow attackers to create or modify arbitrary files and access and modify protected resources. (June 11, 2026)
-
Researchers say the OnyxC2 malware targets more than 200 applications and extensions while evading detection through encrypted payloads, DLL sideloading, and in-memory execution techniques. (June 11, 2026)
-
Relying on social engineering, the hacking group engages in credential phishing, malware distribution, and fraud activities. (June 4, 2026)
-
Law enforcement and tech companies disrupted infrastructure linked to scammers operating across Southeast Asia. (June 4, 2026)
-
AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code. (June 2, 2026)
