Hi, what are you looking for?
SecurityWeek
Artificial Intelligence
The new framework seeks to help security teams identify which software supply chain vulnerabilities pose the greatest operational, safety, and business risks in AI-driven...
Vulnerabilities
The flaws allow remote, unauthenticated attackers to make system changes, access underlying accounts, and inject commands.
Application Security
The security defects allow unauthenticated users to take control of the open source software supply chain.
Vulnerabilities
The exploit timeline collapsed. Make sure your validation didn't.
ICS/OT
Researchers discovered several potentially serious vulnerabilities in Pepperl+Fuchs Comtrol’s RocketLinx industrial switches, including ones that can be exploited to take complete control of devices.
Cyberwarfare
The Iran-linked threat actor known as MuddyWater is actively targeting the Zerologon vulnerability in Windows Server, Microsoft warns.
Cybercrime
A new Mirai-based botnet is targeting zero-day vulnerabilities in Tenda routers, according to researchers at 360 Netlab, a unit of Chinese cybersecurity company Qihoo...
Mobile & Wireless
Google on Friday announced the Android Partner Vulnerability Initiative (APVI), an effort aimed at improving patching of security issues specific to Android OEMs.
IoT Security
HP announced on Thursday that it has expanded its bug bounty program, inviting several white hat hackers to find vulnerabilities in its office-class ink...
Management & Strategy
Microsoft has published a support article to provide guidance on what organizations need to do to ensure that they are not exposed to attacks...
Application Security
GitHub on Wednesday announced that its code scanning feature, which is designed to enable developers to easily identify vulnerabilities in their products before they...
Cybercrime
Cisco this week released patches for two high-severity vulnerabilities in IOS XR software that have been actively exploited in attacks for over a month.
Malware & Threats
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert to warn of attackers actively targeting a recently addressed vulnerability in the...
Data Protection
Twitter last week started sending emails to developers to inform them of a vulnerability that might have resulted in the disclosure of developer information,...
Endpoint Security
A Chrome 85 update released by Google this week patches several high-severity vulnerabilities, including ones that can be exploited to hack users by convincing...
Vulnerabilities
Apple on Thursday informed customers that it patched a total of four vulnerabilities across macOS Catalina, High Sierra and Mojave.
Data Protection
Someone has leaked what appear to be source code files for the Windows XP and Windows Server 2003 operating systems
Vulnerabilities
Cisco on Thursday informed customers that it has patched 34 high-severity vulnerabilities affecting its IOS and IOS XE software, including many that can be...
Malware & Threats
Microsoft says it has observed threat actors actively targeting the Zerologon vulnerability affecting Windows Server.
Cloud Security
Google recently patched a privilege escalation vulnerability in OS Config, a Google Cloud Platform service for Compute Engine that is designed for managing operating...
Vulnerabilities
The Samba team has released patches for a critical-severity elevation of privilege vulnerability impacting the Microsoft Windows Netlogon Remote Protocol (MS-NRPC).
Data Protection
A cybersecurity enthusiast learned recently that Airbnb accounts can be easily hijacked by creating a new account on the home-rental service with a phone...
Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.
RegisterAI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.
RegisterExpert Insights
From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI.
(Etay Maor)
Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage.
(Torsten George)
Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.
(Tod Beardsley)
Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production.
(Joshua Goldfarb)
AI-driven development is not something organizations can or should block. But it must be governed.
(Danelle Au)