SecurityWeek

The new attack technique uses smartwatches to capture ultrasonic covert communication in air-gapped environments and exfiltrate data.

Learn how attackers hide in plain sight—and what you can do to stop them without slowing down your business.

Microsoft recently patched CVE-2025-32711, a vulnerability that could have been used for zero-click attacks to steal data from Copilot.

It’s time for enterprises to stop treating unmanaged devices as an edge case and start securing them as part of a unified Zero Trust strategy.

Between May 2024 and April 2025, Cloudflare blocked 109 billion malicious requests targeting organizations protected under Project Galileo.

Palo Alto Networks has released patches for seven vulnerabilities and incorporated the latest Chrome fixes in its products.

Interpol has announced a crackdown on infostealer malware in Asia as part of an effort called Operation Secure.

Beyond potentially halting sales of physical goods, breaches can expose customers’ personal data to future phishing or fraud attempts.

Cybersecurity heavyweight Securonix acquires ThreatQuotient to boost plans to build an all-in-one security operations stack.

Maze and its investors are betting on finding profits in software that uses AI-powered agents to automate critical parts of the process.

Vulnerable DTResearch UEFI firmware applications can be used in BYOVD attacks to bypass Secure Boot.

Patches released by Fortinet and Ivanti resolve over a dozen vulnerabilities, including high-severity flaws leading to code execution, credential leaks.

Bitsight has identified over 40,000 security cameras that can be easily hacked for spying or other types of malicious activity.

Investigators leveraged a vulnerability dubbed DanaBleed to obtain insights into the internal operations of the DanaBot botnet.

Series E funding round brings Cyera’s total funding to over $1.3 billion and values the data security firm at $6 billion.

Horizon3.ai has raised $100 million to expand product capabilities, and to scale its partner ecosystem and federal market presence.

Many security professionals feel pressured to pursue leadership roles, but success can also mean going deeper, not just higher.

Google and Mozilla have released patches for a combined total of four high-severity memory bugs in Chrome and Firefox.

Industrial solutions providers Siemens, Schneider Electric and Aveva have released June 2025 Patch Tuesday ICS security advisories.

Fake college enrollments have been surging as crime rings deploy “ghost students” — chatbots that join online classrooms and stay just long enough to collect a financial aid check.