SecurityWeek

Threat actors are exploiting a critical-severity vulnerability in Motors theme for WordPress to change arbitrary user passwords.

WhatsApp told SecurityWeek that it linked the exploited FreeType vulnerability CVE-2025-27363 to a Paragon exploit.

A threat actor is abusing Cloudflare Tunnels for the delivery of a Python loader as part of a complex infection chain.

Krispy Kreme is sharing more information on the data breach resulting from the ransomware attack targeting the company in 2024. 

Personal data of former and current council workers, including election staff, may have been accessed by hackers.

Israel-linked Predatory Sparrow hackers torched more than $90 million at Iran’s largest cryptobank as Israel-Iran cyberwar escalates.

Trend Micro and ReversingLabs uncovered over 100 GitHub accounts distributing malware embedded in open source hacking tools.

A ransomware group has claimed the theft of millions of files from procurement service provider Chain IQ and 19 other companies.

After decades of failed attempts to access encrypted communications, governments are shifting from persuasion to coercion—security experts say the risks are too high.

Krispy Kreme is sending notifications to thousands of people impacted by the data breach that came to light at the end of 2024.

In a rapidly changing AI environment, CISOs are worried about investing in the wrong solution or simply not investing because they can’t decide what the best option is.

Cisco has resolved a high-severity vulnerability in Meraki MX and Meraki Z devices. Atlassian pushed patches for multiple third-party dependencies.

A hacker is selling allegedly valuable data stolen from Scania, but the truck maker believes impact is very limited.

Russian hackers posed as US State Department staff and convinced targets to generate and give up Google app-specific passwords.

Misconfigured permissions in Google’s Gerrit code collaboration platform could have led to the compromise of ChromiumOS and other Google projects.

Citrix has released patches for critical- and high-severity vulnerabilities in NetScaler and Secure Access Client and Workspace for Windows.

Qualys has disclosed two Linux vulnerabilities that can be chained for full root access, and CISA added a flaw to its KEV catalog.

Adopting a layered defense strategy that includes human-centric tools and updating security components.

OpenAI has been awarded a $200 million contract for AI capabilities to help the Defense Department address national security challenges.

Google has released a Chrome 137 update to resolve two memory bugs in the browser’s V8 and Profiler components.