ICS/OT
Industrial automation giants Siemens and Schneider Electric on Tuesday released several security advisories to inform customers about tens of vulnerabilities affecting their products. The...
Hi, what are you looking for?
SecurityWeek
Artificial Intelligence
AWS has patched the vulnerability and published its own advisory to inform customers about the potential impact.
ICS/OT
The exploited flaw, CVE-2025-67038, is one of the vulnerabilities disclosed in April as part of the BRIDGE:BREAK research project.
Vulnerabilities
The latest GitLab CE/EE updates address 13 vulnerabilities, including three high-severity defects.
Vulnerabilities
The latest version of the open source data transfer tool resolves 18 medium and low-severity vulnerabilities.
Application Security
German software maker SAP this week released 17 new security notes documenting security vulnerabilities being fixed as part of the company's June 2021 SAP...
Application Security
Microsoft’s Patch Tuesday will take on extra urgency this month with the news that at least six previously undocumented vulnerabilities are being actively exploited...
Application Security
Adobe’s product security response machine revved into high gear this week with the release of multiple patches for gaping security holes in widely deployed...
Vulnerabilities
Organizations have been warned about denial of service (DoS) vulnerabilities found in RabbitMQ, EMQ X and VerneMQ, three widely used open source message brokers.
Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) today announced that it has partnered with the crowdsourced cybersecurity community for the launch of its...
Mobile & Wireless
Google this week announced the availability of the latest monthly security patches for the Android operating system, which address more than 50 vulnerabilities, including...
ICS/OT
A couple of vulnerabilities discovered in industrial controllers made by WAGO, a German company specializing in electrical connection and automation solutions, can be exploited...
Application Security
United States trucks and military vehicles maker Navistar International Corporation has confirmed a cyberattack that resulted in some data being stolen.
Cloud Security
A newly identified piece of malware that targets Windows Server containers can execute code on the underlying node and then spread in the Kubernetes...
Vulnerabilities
Code hosting platform GitHub says it has updated its policies regarding vulnerability research, malware, and exploits, to permit dual-use security research.
Cybercrime
A critical vulnerability affecting VMware vCenter Server, the management interface for vSphere environments, is being exploited in the wild. Attacks started roughly a week...
ICS/OT
Researchers have discovered 10 vulnerabilities — a majority rated critical or high severity — in CODESYS industrial automation software that is used in many...
Cybercrime
Two members of the notorious Carbanak cybergang were sentenced to 8 years in prison, Kazakhstani authorities announced this week.
Application Security
Enterprise security vendor Cisco has shipped fixes for a wide range of severity vulnerabilities, including patches for high-risk flaws in the widely deployed Webex...
Vulnerabilities
Trend Micro on Thursday disclosed the details of a recently patched privilege escalation vulnerability that has been found to impact macOS, iOS and iPadOS.
Application Security
FireEye (NASDAQ: FEYE) on Wednesday announced plans to sell its products business, including the FireEye name, as part of a $1.2 billion transaction that...
Cloud Security
Microsoft’s aggressive push to ferret out security problems in the firmware powering IoT devices took on new urgency this week with the acquisition of...
Vulnerabilities
Cisco’s Talos threat intelligence and research unit on Wednesday disclosed the details of several SMB-related vulnerabilities patched recently by Apple in its macOS operating...
Vulnerabilities
More than 17,000 websites are exposed to attacks targeting a critical zero-day vulnerability in the Fancy Product Designer WordPress plugin, the Wordfence team at...
Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.
RegisterThis year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.
RegisterExpert Insights
From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI.
(Etay Maor)
Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage.
(Torsten George)
Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.
(Tod Beardsley)
Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production.
(Joshua Goldfarb)
AI-driven development is not something organizations can or should block. But it must be governed.
(Danelle Au)