Cybercrime
A series of high-profile cyberattacks on targets in the West have highlighted the vulnerability of companies and institutions, making the issue a higher public...
Hi, what are you looking for?
SecurityWeek
Endpoint Security
A variant of DirtyFrag, the flaw allows unprivileged local users to manipulate the Linux page cache and gain root privileges.
Artificial Intelligence
AWS has patched the vulnerability and published its own advisory to inform customers about the potential impact.
ICS/OT
The exploited flaw, CVE-2025-67038, is one of the vulnerabilities disclosed in April as part of the BRIDGE:BREAK research project.
Vulnerabilities
The latest GitLab CE/EE updates address 13 vulnerabilities, including three high-severity defects.
ICS/OT
Researchers working for a French government agency have identified seven new Bluetooth vulnerabilities that could expose many devices to impersonation and other types of...
Cybercrime
Apple on Monday announced that software updates for its desktop and mobile operating systems address tens of vulnerabilities, including a zero-day flaw in macOS...
Network Security
Vulnerabilities identified by security researchers with Cisco’s Talos unit in Trend Micro Home Network Security devices could be exploited to elevate privileges or achieve...
Malware & Threats
Taiwanese network-attached storage (NAS) appliance manufacturer QNAP Systems has revealed that a vulnerability in its Hybrid Backup Sync software has been exploited in Qlocker...
ICS/OT
Multiple companies that develop industrial systems are assessing the impact of two new OPC UA vulnerabilities on their products, and German automation technology firm...
Cloud Security
Microsoft this week announced the availability of SimuLand, an open source tool that enables security researchers to reproduce attack techniques in lab environments.
Malware & Threats
Google has updated its May 2021 Android security bulletin to alert users that four vulnerabilities appear to have been exploited in attacks.
Cybercrime
Adversaries are typically quick to take advantage of newly disclosed vulnerabilities, and they started scanning for vulnerable Microsoft Exchange Servers within five minutes after...
Application Security
Colonial Pipeline chief executive Joseph Blount has confirmed the company shelled out $4.4 million to purchase a decryption key to recover from the disruptive...
ICS/OT
American industrial giant Emerson this week informed customers that it has released firmware updates for its Rosemount X-STREAM gas analyzers to address half a...
Application Security
Following an eight-month audit of the code in the latest infotainment system in Mercedes-Benz cars, security researchers with Tencent Security Keen Lab identified five vulnerabilities,...
Vulnerabilities
A researcher has released a proof-of-concept (PoC) exploit for a recently patched Windows vulnerability that could allow remote code execution and which has been...
Vulnerabilities
Cisco this week announced the availability of patches for a high-severity vulnerability in AnyConnect Secure Mobility Client that could be exploited for code execution.
Management & Strategy
Networking giant Cisco said Friday that it has agreed to acquire Kenna Security, a privately held cybersecurity company focused on vulnerability management technology.
Application Security
Security researchers have discovered a way to leverage Apple’s Find My's Offline Finding network to upload data from devices, even those that do not...
Incident Response
Rapid7 says unauthorized third-party accessed source code, customer data during Codecov supply chain breach
Vulnerabilities
Citrix this week announced that it has patched a local privilege escalation vulnerability in the Citrix Workspace app for Windows.
Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.
RegisterThis year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.
RegisterExpert Insights
From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI.
(Etay Maor)
Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage.
(Torsten George)
Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.
(Tod Beardsley)
Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production.
(Joshua Goldfarb)
AI-driven development is not something organizations can or should block. But it must be governed.
(Danelle Au)