Cyberwarfare
Google on Thursday patched a Chrome zero-day vulnerability that has been exploited to deliver malware in a campaign that shares similarities with previous Korea-linked...
Hi, what are you looking for?
SecurityWeek
ICS/OT
The exploited flaw, CVE-2025-67038, is one of the vulnerabilities disclosed in April as part of the BRIDGE:BREAK research project.
Vulnerabilities
The latest GitLab CE/EE updates address 13 vulnerabilities, including three high-severity defects.
Vulnerabilities
The latest version of the open source data transfer tool resolves 18 medium and low-severity vulnerabilities.
Vulnerabilities
More than half of the bugs are use-after-free defects, which can potentially lead to remote code execution.
Audits
Proton Technologies, the Swiss-based company behind the privacy-focused email service ProtonMail, this week announced that it has made available the source code of its...
Cybercrime
More details have emerged on the March denial-of-service (DoS) attack that disrupted firewalls and caused interruptions to electrical system operations at a power utility...
Mobile & Wireless
Security updates released by Apple this week for iOS 13 and macOS Catalina 10.15 address roughly 40 vulnerabilities, including issues that affect both operating...
ICS/OT
Two critical authentication-related vulnerabilities have been found in a chiller made by Germany-based Rittal for cooling IT applications.Rittal, a subsidiary of German manufacturing and...
Management & Strategy
Slack informed bug bounty hunters on Monday that it has increased the minimum rewards for serious vulnerabilities found in its products and websites.
Cloud Security
A group of security researchers from German universities has devised a new class of web cache poisoning attacks that could render victim services unreachable.
Vulnerabilities
Google has patched three more serious Chrome vulnerabilities that can be exploited to escape the web browser’s sandbox, and awarded the researcher who reported...
Vulnerabilities
Trend Micro recently patched a high-severity remote code execution vulnerability in its Anti-Threat Toolkit (ATTK).The Trend Micro ATTK tool allows users to perform forensic...
Vulnerabilities
Google this week released Chrome 78 to the stable channel with numerous improvements, including a total of 37 security fixes for vulnerabilities discovered by...
Vulnerabilities
Researchers have discovered a vulnerability in the Maxthon 5 Browser for Windows. Maxthon is a freeware browser developed by Maxthon Ltd, a firm headquartered...
Vulnerabilities
Vulnerabilities in Avast Antivirus, AVG Antivirus, and Avira Antivirus could allow an attacker to load a malicious DLL file in an effort to bypass...
Management & Strategy
Microsoft last week announced the launch of a new bug bounty program covering the ElectionGuard open source software development kit (SDK).
Data Protection
ATLANTA — SECURITYWEEK 2019 ICS CYBER SECURITY CONFERENCE — Outdated and unsupported operating systems are still present and they still pose a serious risk...
Cybercrime
Hackers have leaked private RSA keys and information on configuration files that were stolen from a NordVPN server last year.
Mobile & Wireless
Google has improved the Site Isolation feature in Chrome to help defend against more types of attacks.
Data Protection
The official campaign website of U.S. President Donald Trump exposed information that may have allowed hackers to intercept emails and send out emails on...
Mobile & Wireless
A security researcher has published a proof-of-concept (PoC) exploit for the recently addressed Android zero-day vulnerability that impacts Pixel 2 devices.
Network Security
Cisco on Wednesday informed customers that some of its Aironet access points (APs) are affected by a critical vulnerability that can be exploited by...
Vulnerabilities
Oracle this week announced the release of its last Critical Patch Update of 2019, which includes a total of 219 new security fixes across...
Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.
RegisterThis year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.
RegisterExpert Insights
From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI.
(Etay Maor)
Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage.
(Torsten George)
Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.
(Tod Beardsley)
Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production.
(Joshua Goldfarb)
AI-driven development is not something organizations can or should block. But it must be governed.
(Danelle Au)