Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently hop around the corporate networks of U.S. and Japanese companies.

CISA unveils a new Hardware Bill of Materials (HBOM) framework for buyers and sellers to communicate about components in physical products.

Israeli security startup Gem Security has raised a total of $34 million to tackle cloud threat detection and incident response.

Attackers can find tons of information on Tesla cars and their drivers by searching for misconfigured TeslaMate instances online.

Firefox 118 patches six high-severity vulnerabilities, including a memory leak potentially leading to sandbox escape.

Threat actors have been using stolen GitHub personal access tokens to push malicious code posing as Dependabot contributions.

Google has released the source code of BinDiff, a binary file comparison tool popular within the security research community, on GitHub.

macOS 14 Sonoma has been officially released by Apple and the latest version of the operating system patches over 60 vulnerabilities.

GPUs from AMD, Apple, Arm, Intel, Nvidia and Qualcomm are vulnerable to a new type of side-channel attack named GPU.zip.

Microsoft announced that the latest Windows 11 update (23H2) will bring more support for passkeys and several new security features.  

UAE-linked APT group Stealth Falcon has used the new Deadglyph backdoor in an attack targeting a governmental entity in the Middle East.

Sony has launched an investigation after a ransomware group claimed to have compromised all systems and offered to sell stolen data.

CISO churn is a hidden cybersecurity threat. Major security initiatives or implementations can take longer than the residency of a single CISO, and constant churn can leave cracks or gaps in security.

GPU.zip side-channel attack GPU.zip side-channel attack

GPUs from AMD, Apple, Arm, Intel, Nvidia and Qualcomm are vulnerable to a new type of side-channel attack named GPU.zip.

CISO Board Cybersecurity CISO Board Cybersecurity

CISO churn is a hidden cybersecurity threat. Major security initiatives or implementations can take longer than the residency of a single CISO, and constant churn can leave cracks or gaps in security.

Pegasus spyware delivered to iOS and Android devices Pegasus spyware delivered to iOS and Android devices

Predator spyware delivered to iPhones and Android devices using iOS and Chrome zero-day vulnerabilities and MitM attacks. 

Top Cybersecurity Headlines

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently…

CISA unveils a new Hardware Bill of Materials (HBOM) framework for buyers and sellers to communicate about components in physical products.

Israeli security startup Gem Security has raised a total of $34 million to tackle cloud threat detection and incident response.

Attackers can find tons of information on Tesla cars and their drivers by searching for misconfigured TeslaMate instances online.

SecurityWeek Industry Experts

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.

Register

Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.

Register

Upcoming Virtual Events

Zero Trust Strategies Summit

Zero Trust is more than a marketing buzzword. In this event, security experts will decipher the confusing world of Zero Trust, and share war stories on securing organizations by eliminating implicit trust and continuously validating every stage of digital interaction.

Learn More
Threat Detection and Incident Response Summit

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence. (May 24, 2023)

Learn More

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place in 2023 as a virtual event. (June 13-14, 2023)

Learn More

As CISOs and corporate defenders grapple with the intricacies of securing sensitive data passing through multi-cloud deployments and APIs, the importance of frameworks, tools, controls and design models have surfaced to the front burner. (July 19, 2023)

Learn More

Vulnerabilities

Cybercrime

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

Threat actors have been using stolen GitHub personal access tokens to push malicious code posing as Dependabot contributions.

Cloud Security