Cybercrime
Cybercriminals breached Cisco Systems and stole non-sensitive dataProfit-driven cybercriminals breached Cisco systems in May and stole gigabytes of information, but the networking giant says...
Hi, what are you looking for?
SecurityWeek
Malware & Threats
Arch Linux suspended account registrations in response to the wave of malicious packages being uploaded to AUR.
Supply Chain Security
By default, npm install will no longer execute scripts from dependencies, unless explicitly allowed.
Malware & Threats
The most recent variants of the self-propagating attacks are named Miasma and Hades.
Supply Chain Security
CVE Lite CLI is a free, open-source command line tool that scans your projects in seconds and tells you exactly which included packages contain...
Black Hat
LAS VEGAS – The security industry makes its annual pilgrimage to the hot Sonoran desert this week for skills training, hacking demos, research presentations...
Application Security
Enterprise software vendor Twilio (NYSE: TWLO) has been hacked by a relentless threat actor who successfully tricked employees into giving up login credentials that...
Malware & Threats
Google-owned malware analysis service VirusTotal has published a report showing how threat actors abuse trust to bypass defenses and deliver their malware.According to data...
Cyberwarfare
Over the past year, North Korean advanced persistent threat (APT) actor Kimsuky has been observed using a browser extension to steal content from victims’...
Cybercrime
Mailing and printing services vendor OneTouchPoint has disclosed a data breach impacting more than 30 healthcare providers and health insurance carriers.Headquartered in Hartland, Wisconsin,...
Cybersecurity Funding
Global markets have suffered following the first Covid-19 pandemic and the Russian invasion of Ukraine – but sales of cybersecurity software have remained strong....
Supply Chain Security
Security researchers with NCC Group have documented 11 vulnerabilities impacting Nuki smart lock products, including issues that could allow attackers to open doors.Nuki offers...
Supply Chain Security
Vulnerabilities affecting a mobile device management (MDM) product from FileWave exposed many organizations to remote attacks, according to industrial cybersecurity firm Claroty.
Supply Chain Security
Oracle on Tuesday announced that a total of 349 new security patches have been released as part of its July 2022 Critical Patch Update...
Application Security
Managed detection and response (MDR) platform provider Huntress has shelled out $22 million to acquire Curricula, a startup in the growing security awareness business.Huntress,...
Application Security
A prominent cybersecurity executive is calling on the U.S. government to resist the urge to match China's reported mandates around early vulnerability disclosure, warning...
Application Security
Security researchers at Checkmarx are warning of a new supply chain attack technique that relies on spoofed commit metadata to add legitimacy to malicious...
Application Security
Software giant Microsoft has open-sourced its internal tool for generating SBOMs (software bill of materials) as part of a move to help organizations be...
Supply Chain Security
German software maker SAP on Tuesday announced the release of 20 new security notes and three updates to previous security notes as part of...
Cybercrime
Information technology solutions provider SHI International is struggling to fully restore systems and operations after being hit with a crippling cyberattack over the 4th...
Cyberwarfare
The head of the FBI and the leader of Britain’s domestic intelligence agency raised alarms Wednesday about the Chinese government, warning business leaders that...
Application Security
Security researchers at ReversingLabs are warning of a “significant escalation in software supply chain attacks” after discovering more than two dozen malicious NPM packages...
Cyberwarfare
Mandiant’s security researchers have been tracking influence campaigns that a Chinese threat actor named Dragonbridge has been conducting against rare earth mining companies in...
Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.
RegisterAI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.
RegisterExpert Insights
Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production.
(Joshua Goldfarb)
AI-driven development is not something organizations can or should block. But it must be governed.
(Danelle Au)
AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code.
(Etay Maor)
CISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale.
(Nadir Izrael)
As enterprises rush AI projects into production, security teams are increasingly being forced into reactive mode.
(Joshua Goldfarb)