Application Security
Cybersecurity firm Emsisoft has released free decryptor tools for AstraLocker, a "smash-and-grab" ransomware family that was recently retired.
Hi, what are you looking for?
SecurityWeek
Malware & Threats
The large-scale credential theft campaign hit roughly half of the internet-accessible Fortinet firewalls and VPNs.
Network Security
Insufficient validation of user input allows an attacker to gain access to the underlying OS and elevate their privileges to root.
Network Security
Cisco recently became aware of the exploitation of CVE-2026-20262, a Catalyst SD-WAN Manager zero-day that allows arbitrary file write.
Network Security
Fortinet rolled out hotfixes for the security defect in April, warning that it had been exploited in the wild as a zero-day and urging...
Cloud Security
The term ‘zero trust’ is now used so much and so widely that it has almost lost its meaning.
Cybercrime
The US Department of Justice announced on Friday that a man has been arrested and charged for allegedly selling fraudulent and counterfeit Cisco products.
ICS/OT
Cisco’s Talos threat intelligence and research unit has identified several critical vulnerabilities in a widely used industrial cellular IoT gateway made by Chinese company...
Application Security
OpenSSL has issued an urgent advisory to warn of a memory corruption vulnerability that exposes servers to remote code execution attacks.The vulnerability, tracked as...
Cybercrime
Keep your response up to speed as attackers get faster
Network Security
The Brute Ratel C4 (BRc4) red-teaming and adversarial attack simulation tool has been used by nation-state attackers to evade detection, according to security researchers...
Application Security
Security researchers at ReversingLabs are warning of a “significant escalation in software supply chain attacks” after discovering more than two dozen malicious NPM packages...
Application Security
The United States Department of Defense (DoD) has launched a one-week bug bounty program to reward researchers who find high- and critical-severity vulnerabilities in...
Application Security
Security automation startup Swimlane on Wednesday announced it has raised $70 million in a Series C funding round that brings the total investment in...
Application Security
A new variant of the Hive ransomware written using the Rust programming language is more evasive and provides attackers with flexibility, courtesy of support...
Application Security
Chicago-based Infrastructure-as-Code (IaC) startup oak9 has attracted new interest from venture capitalists with Cisco Investments and Morgan Stanley’s Next Level Fund joining a new...
Application Security
The infamous North Korean Lazarus hacking group is the prime suspect in the $100 million hack of Harmony’s Horizon Bridge, according to new data...
Application Security
Bay Area startup Normalyze on Monday announced a $22 million in Series A funding as venture capital investors rush to place bets on the...
Application Security
Cyolo, an Israeli startup building technology for zero trust networking, on Monday announced a new $60 million investment led by the venture investing arm...
Application Security
Security researchers at CrowdStrike have stumbled upon ransomware actors deploying zero-day exploits against Mitel VOIP appliances sitting on the network perimeter.
Application Security
The US Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the National Cyber Security Centres in New Zealand (NZ NCSC)...
Network Security
Among the many improvements in cybersecurity technology and tools we’ve seen over the last few years, one of the most significant has been the...
Application Security
Cryptographers at Swiss university ETH Zurich have found at least five exploitable security flaws in the privacy-themed MEGA cloud storage service and warned that...
Application Security
Cloud security startup Aqua Security has partnered with the Center for Internet Security (CIS) to create guidelines for software supply chain security and followed...
Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.
RegisterAI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.
RegisterExpert Insights
Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.
(Tod Beardsley)
Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production.
(Joshua Goldfarb)
AI-driven development is not something organizations can or should block. But it must be governed.
(Danelle Au)
AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code.
(Etay Maor)
CISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale.
(Nadir Izrael)