Cybercrime
Infamous Iranian hacking groups APT33 and APT34 appear to have been working together for the past three years to compromise dozens of organizations worldwide,...
Hi, what are you looking for?
SecurityWeek
Artificial Intelligence
Attackers could abuse Dify's multi-tenant cloud service to read private chats, preview other tenants' documents, and reach internal APIs.
Mobile & Wireless
The high-severity use-after-free vulnerability in Samsung's KNOX security framework affected Android-powered Galaxy devices from the S9 through S25.
Vulnerabilities
Attackers can send crafted media files to execute code in any application that uses FFmpeg’s libavcodec library.
Data Protection
Squidbleed, discovered with the aid of Claude Mythos Preview, has been described as a Heartbleed-style vulnerability.
Fraud & Identity Theft
West Virginia's disabled residents and overseas military personnel will be able to vote by smartphone in the US presidential election this year, the latest...
Management & Strategy
Microsoft has decided to remove a couple of Windows security updates that address a UEFI issue after some users complained that the updates caused...
IoT Security
Security researchers have discovered numerous vulnerabilities in the Bluetooth Low Energy (BLE) implementations of major system-on-a-chip (SoC) vendors.
Application Security
Vulnerabilities in the Voatz Internet voting app could allow adversaries to alter, stop, or expose a user’s vote, security researchers from the Massachusetts Institute...
ICS/OT
A serious vulnerability found in the Profinet industrial communication protocol exposes devices from Siemens, Moxa and possibly other vendors to denial-of-service (DoS) attacks.
Mobile & Wireless
A Google Project Zero researcher claims that some of the security features added by Samsung to the Android kernel don’t provide meaningful protection and...
Vulnerabilities
SAP’s February 2020 Security Patch Day brought 13 new Security Notes and updates to 2 previously released Patch Day Security Notes.
ICS/OT
Siemens’ Patch Tuesday updates for February 2020 address serious denial-of-service (DoS) vulnerabilities in several of the company’s products.
Vulnerabilities
Microsoft’s Patch Tuesday updates for February 2020 address 99 vulnerabilities, including an Internet Explorer zero-day reportedly exploited by a threat group known as DarkHotel.
Vulnerabilities
Adobe’s February 2020 Patch Tuesday updates fix a total of 42 vulnerabilities across the company’s Framemaker, Acrobat and Reader, Flash Player, Digital Editions and...
Vulnerabilities
Critical vulnerabilities addressed in the Accusoft ImageGear library could be exploited by remote attackers to execute code on a victim machine, Cisco Talos’ security...
Vulnerabilities
A researcher has discovered another DLL hijacking vulnerability in Dell SupportAssist that can be used to execute code with elevated privileges, and exploitation only...
Management & Strategy
Over the course of 2019, Facebook paid security researchers a total of $2.2 million in rewards for vulnerability reports submitted to the social media...
Data Protection
An election application used by Israel’s Likud party has exposed the personal information of over 6 million voters.Likud, the party of Israeli Prime Minister...
Cyber Insurance
Three of the world’s largest manufacturers had some IoT devices running Windows 7 infected with a piece of malware in what experts believe to...
Vulnerabilities
More than 80 percent of organizations impacted by CVE-2019-19781, a critical vulnerability in the Citrix Application Delivery Controller (ADC) and Gateway, have already taken...
Mobile & Wireless
One of the security flaws that Google addressed with the February 2020 set of Android patches is a critical vulnerability in Bluetooth that could...
Vulnerabilities
A vulnerability in the Realtek HD Audio Driver package could be abused to execute arbitrary payloads with elevated privileges on a vulnerable machine, SafeBreach...
Cybersecurity Funding
US-based cyber hygiene and patch management company Automox this week announced that it has raised $30 million in a Series B funding round, which...
Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.
RegisterAI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.
RegisterExpert Insights
Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage.
(Torsten George)
Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.
(Tod Beardsley)
Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production.
(Joshua Goldfarb)
AI-driven development is not something organizations can or should block. But it must be governed.
(Danelle Au)
AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code.
(Etay Maor)