Application Security
Palo Alto Networks on Tuesday snapped up early-stage startup Bridgecrew, adding a cloud security platform for developers to its $3.4 billion-a-year enterprise product portfolio.The...
Hi, what are you looking for?
SecurityWeek
Artificial Intelligence
AWS has patched the vulnerability and published its own advisory to inform customers about the potential impact.
ICS/OT
The exploited flaw, CVE-2025-67038, is one of the vulnerabilities disclosed in April as part of the BRIDGE:BREAK research project.
Vulnerabilities
The latest GitLab CE/EE updates address 13 vulnerabilities, including three high-severity defects.
Vulnerabilities
The latest version of the open source data transfer tool resolves 18 medium and low-severity vulnerabilities.
Management & Strategy
Facebook on Tuesday announced several new features for its bug bounty program, including an educational resource and payout guidelines.
Mobile & Wireless
Researchers have discovered several vulnerabilities in the SHAREit Android application, including flaws that could expose sensitive user data and allow remote code execution.
Application Security
Russia-Linked Threat Group Caught Deploying Backdoors on Linux Servers in an Attack That Triggers New Conversations on Software Supply Chain Security
Malware & Threats
Many companies still expose SolarWinds Orion to the internet and have failed to take action following the disclosure of the massive SolarWinds breach, according...
Cybercrime
Slovenia-based cybersecurity research company ACROS Security last week announced the release of an unofficial micro-patch for a zero-day vulnerability in Microsoft Internet Explorer (IE)...
Data Protection
VMware last week informed customers about the availability of patches for a potentially serious vulnerability affecting its vSphere Replication product.vSphere Replication, a VMware vSphere...
Cybercrime
Accellion has formally announced plans to retire FTA, the large file transfer service that was at the heart of several recently disclosed data breaches.The...
Data Protection
This week the United States sentenced a Ukrainian man to prison for his involvement in a scheme to steal money from the bank accounts...
Application Security
Improperly generated ISNs (Initial Sequence Numbers) in nine TCP/IP stacks could be abused to hijack connections to vulnerable devices, according to new research from...
Vulnerabilities
Election systems in the U.S. are vulnerable to cyber intrusions similar to the one that hit federal agencies and numerous businesses last year and...
ICS/OT
Siemens this week released nine new security advisories describing vulnerabilities affecting the company’s products.
Vulnerabilities
Apple on Tuesday released macOS security updates to patch a recently disclosed vulnerability in the Sudo utility.Present in most Unix- and Linux-based operating systems...
Vulnerabilities
SAP has released seven new security notes on February 2021 Security Patch Day, including a Hot News note that addresses a critical flaw in...
Vulnerabilities
Security researcher Alex Birsan discovered a way to breach tens of organizations through software dependencies, and he earned tens of thousands of dollars in...
Vulnerabilities
Intel on Tuesday announced the release of updates that patch tens of vulnerabilities across many of the company’s software and hardware products.
Vulnerabilities
Two severe vulnerabilities in the NextGEN Gallery WordPress plugin could have exposed more than 800,000 websites to complete takeover, WordPress security company Defiant reported...
Application Security
Microsoft's scheduled monthly batch of security patches landed with a loud thud Tuesday with fixes for at least 56 security vulnerabilities in a range...
Cybercrime
Adobe on Tuesday announced the availability of patches for 50 vulnerabilities across six of its products, including a zero-day vulnerability in Reader that has...
Application Security
High-flying endpoint security vendor SentinelOne plans to spend $155 million to acquire log management startup Scalyr, beefing up a crucial technology piece to drive...
Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.
RegisterThis year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.
RegisterExpert Insights
From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI.
(Etay Maor)
Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage.
(Torsten George)
Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.
(Tod Beardsley)
Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production.
(Joshua Goldfarb)
AI-driven development is not something organizations can or should block. But it must be governed.
(Danelle Au)