Cybercrime
For 21 years, the software company Kaseya labored in relative obscurity — at least until cybercriminals exploited it in early July for a massive...
Hi, what are you looking for?
SecurityWeek
Artificial Intelligence
AWS has patched the vulnerability and published its own advisory to inform customers about the potential impact.
ICS/OT
The exploited flaw, CVE-2025-67038, is one of the vulnerabilities disclosed in April as part of the BRIDGE:BREAK research project.
Vulnerabilities
The latest GitLab CE/EE updates address 13 vulnerabilities, including three high-severity defects.
Vulnerabilities
The latest version of the open source data transfer tool resolves 18 medium and low-severity vulnerabilities.
Vulnerabilities
China rules that all zero-day vulnerabilities must be disclosed only to the Chinese Government
Cybercrime
Microsoft said on Tuesday that a recently patched SolarWinds Serv-U zero-day vulnerability has been exploited by a Chinese threat group.
Cybercrime
CISA says multiple threat actors are exploiting the Windows 'PrintNightmare' vulnerability
Application Security
German software maker SAP has released 12 new security notes as part of its July 2021 security patch day, as well as updates for...
Application Security
Microsoft’s Patch Tuesday bundle for July 2021 landed with a loud thud as the world’s largest software maker warns of a new wave of...
Application Security
Mozilla this week pushed Firefox 90 to the stable channel with several security improvements, including better protections against cross-origin threats and an advanced tracker...
Application Security
Adobe has issued multiple security advisories with patches for critical vulnerabilities in a wide range of software products, including the ever-present Adobe Acrobat and...
ICS/OT
A vulnerability affecting some of Schneider Electric’s Modicon programmable logic controllers (PLCs) can be exploited to bypass authentication mechanisms, allowing attackers to take complete...
Malware & Threats
Government agencies in the United States and Australia warn organizations that a vulnerability affecting ForgeRock Access Management has been exploited in the wild.
Application Security
Microsoft has flexed its muscles in the cybersecurity space, and will drop a reported $500 million in cash to acquire RiskIQ, a late stage...
Application Security
Security responders at SolarWinds are scrambling to contain a new zero-day vulnerability being actively exploited in what is being described as “limited, targeted attacks.”
ICS/OT
Mitsubishi Electric recently patched critical and high-severity vulnerabilities affecting many of its air conditioning products, mainly centralized controllers.
Cybercrime
IT management solutions provider Kaseya has released patches for the vulnerabilities exploited in the recent ransomware attack, and the company has also started restoring...
Audits
Commercial insurer CNA has started notifying customers that threat actors did have access to some personal data during a ransomware attack in March.
Audits
Just days after shipping an emergency Windows update to cover a dangerous code execution flaw (CVE-2021-1675) in the Print Spooler service, Microsoft is investigating...
Vulnerabilities
Microsoft this week revealed that it paid out more than $13.6 million in bug bounties between July 1, 2020, and June 30, 2021.As part...
Vulnerabilities
Researchers at cybersecurity firm Rapid7 have uncovered several vulnerabilities in the Sage X3 enterprise resource planning (ERP) product, including flaws that can be exploited...
Application Security
Cisco this week released patches for high-severity vulnerabilities in Business Process Automation (BPA) and Web Security Appliance (WSA) that expose users to privilege escalation...
Mobile & Wireless
Google on Wednesday announced the availability of the July 2021 security updates for the Android operating system, which include patches for over 40 vulnerabilities.
Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.
RegisterThis year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.
RegisterExpert Insights
From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI.
(Etay Maor)
Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage.
(Torsten George)
Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.
(Tod Beardsley)
Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production.
(Joshua Goldfarb)
AI-driven development is not something organizations can or should block. But it must be governed.
(Danelle Au)